Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Technology

IT at the CIA 314

Posted by michael
from the homesec dept.
neocon writes "The current issue of the CIA's Studies in Intelligence (unclassified edition, natch) has an article on the state of IT within the CIA, titled 'Failing to Keep Up With the Information Revolution', which looks at how the agency has fared in staying up to date both with information security needs and with promising new technologies."
This discussion has been archived. No new comments can be posted.

IT at the CIA

Comments Filter:
  • by Anonymous Coward on Tuesday May 27, 2003 @12:27PM (#6049399)
    less technical assets, more people in the field.
    • by Skyshadow (508) on Tuesday May 27, 2003 @12:35PM (#6049490) Homepage
      I agree that there has been way too much dependance on electronic survailance in the past couple of decades. This has left us in a uniquely bad position to deal with threats from decentralized terrorist-type outfits. That's hard to argue.

      On the other hand, there's a lot more to technical assets than just spy satellites and evesdropping on phone calls. Specifically, the intelligence community needs to concentrate on technologies that will let them "know what they know", especially in the face of an exponential amount of available data.

      Example: Knowing that a terrorist is about to strike and knowing who and where they are is useless if one person knows about the threat, one person knows who the terrorist is and the location is in some obscure database (which is pretty much what happened on 9-11). It's only when that information is brought together that it becomes useful.

      Again, however, the CIA has dropped the ball on human assets in recent years, mostly because they (and the people who fund them) lacked the imagination to envision the new threats in the post-Soviet era. Hopefully, this is something that's being corrected as we speak.

      • Not Exactly... (Score:5, Insightful)

        by DesScorp (410532) <DesScorp&Gmail,com> on Tuesday May 27, 2003 @12:47PM (#6049622) Homepage Journal
        "Again, however, the CIA has dropped the ball on human assets in recent years, mostly because they (and the people who fund them) lacked the imagination to envision the new threats in the post-Soviet era".

        While the intelligence community did indeed have a lack of vision with post-Soviet threats, the biggest reason for the dropoff in human assets was a combonation of over-reliance on gee-whiz technologies, like satellite surveilance, and just plain El-Cheapo budgeting on the part of Congress. Basically, after 1991, the attitude was "what do we need spies for? We've got satellites now". After September 11th, when the media was ravaging the CIA for not preventing the attacks, Tom Clancy was interviewed, and his comments were right on the ball. He basically said "Look, we castrated the CIA, and now you're surprised that the agency is ineffective?". That barb was aimed especially at media members and Congressmen that were in such a hurry to save money by cutting personnel.
        • by Wyatt Earp (1029) on Tuesday May 27, 2003 @12:56PM (#6049720)
          The CIA's problem isn't a lack of funding, a lack of agents in the field or a lack of IT.

          The problem is that since 1980 it hasn't figured out anything in advance.

          1983 Hezbollah attacks on France/US missed
          1983 Marxist revolt in Granada missed
          1989 Czech border reforms missed
          1989 E. Germany fall missed
          1990 Iraqi invasion of Kuwait missed
          1991 Coup attempt in USSR missed
          1992-94 Islamists in Somalia missed
          1993 Bombing of WTC missed
          1998 African Embassy bombings missed
          1999 Attempt on DDG Sullivans missed
          2000 Bombing of Cole missed
          2001 WTC/Pentagon missed

          Clancy has been a CIA supporter for a long-time even though they don't accomplish anything anymore.

          I read the Hunt for Bin Laden which is about the Green Berets in Afghanistan which doesn't have anything nice to say about CIA either.

          I just don't see how they are relavent anymore.

          • by fussman (607784) on Tuesday May 27, 2003 @01:01PM (#6049769) Journal
            1983 Hezbollah attacks on France/US missed
            1983 Marxist revolt in Granada missed
            1989 Czech border reforms missed
            1989 E. Germany fall missed
            1990 Iraqi invasion of Kuwait missed
            1991 Coup attempt in USSR missed
            1992-94 Islamists in Somalia missed
            1993 Bombing of WTC missed
            1998 African Embassy bombings missed
            1999 Attempt on DDG Sullivans missed
            2000 Bombing of Cole missed
            2001 WTC/Pentagon missed

            Of course, it it always easier to look at the flaws of something rather that the strengths in the same area. How many things did they not 'miss' and actually have an unskilled civilian populace know about it?

          • by DesScorp (410532) <DesScorp&Gmail,com> on Tuesday May 27, 2003 @01:13PM (#6049878) Homepage Journal
            Like any govermnet agency, CIA is going to screw up from time to time. But even if they had everything they wanted, they STILL couldn't be omniscient.

            Part of the problem is that CIA can't publicly talk about their successes much, for fear of jeapordizing personnel or methods. And even when they DO publicly make accurate predictions, often they're ignored.

            The perfect example of this happened in 1983. The CIA released a report called "Terminal Giants". It was either ignored or written off as "Reagan-esque right wing propoganda" by the media and leftist politicians. The prediction of the report? That the USSR's economy was dying because of excessive military spending, and that the Soviet Union could collapse within ten years.

            Nobody believed them. And to this day, CIA still doesn't get credit for that prediction.
          • by stratjakt (596332) on Tuesday May 27, 2003 @01:13PM (#6049883) Journal
            And what happened this memorial day weekend?

            What happened at the millenium celebrations?

            You can only compile a list of the misses, not hits. You have absolutely no idea what they've prevented.

          • by banzai51 (140396) on Tuesday May 27, 2003 @01:24PM (#6049981) Journal

            1989 Czech border reforms missed

            1989 E. Germany fall missed

            1991 Coup attempt in USSR missed

            I don't know about the rest of the list, but those listed above were not 'missed'. The CIA was dead on in thier prediction of these events. Wether or not the leaders in charge heeded these assessments is another story.

            Plus, you'll never hear of the successes. CIA foils a bomb plot, bombing never happens, thus news never covers the event. So how sure are you that the CIA is ineffective?

            • Do you see any bears around me? No? Then my Bear Repellant Stick(tm) must be working -- As Seen on TV. Come on! The CIA hasn't been effective for ages. If anyone has prevented any attacks, it has been the work of the NSA and the FBI. The CIA has been moderately effective in processing Alerts from foreign intelligence bodies such as the Mossad, which they have grown rapidly dependant on.
          • We just don't know about the ones they got right and prevented because those are classified.
          • by f97tosc (578893) on Tuesday May 27, 2003 @01:39PM (#6050128)
            I read the Hunt for Bin Laden which is about the Green Berets in Afghanistan which doesn't have anything nice to say about CIA either.

            The conflict in Afghanistan was revolutionary because of CIA. They were there before any of the armed forces and they basically won the war by bribing/ persuading different fraction to join up against the Taliban.

            Also, has it occured to you that in the set of failed and successful CIA activities there is an extreme bias in which ones you ever hear about?

            Tor
      • by RobertNotBob (597987) on Tuesday May 27, 2003 @12:56PM (#6049718)
        One of the things I remember most clearly from the morning of 9-11 is the face of a former head of the CIA. He was going from one media outlet to another preaching from the mountaintop that this attack came because of a policy change preventing the CIA from paying known criminals. I don't remember his name off the top of my head, however I do remember he was on every channel saying the exact same thing over and over.

        So there were at least SOME people who recognized the need for Human Intelligence, but it unfortunately seems that they were run out of the organization rather than listened to.

        • you are referring to the toricelli ammendment which stipulated we couldn't work with criminals, etc. had horible consequences. and of sen. torch, as he was known, was run out of town on corruption charges.
        • James Woolsey [google.com] is who you are thinking of. Clinton ran him off for being too pushy.

          While he was right on the Torricelli ammendment, be careful listening to him too closely. He was being paid by rich Iraqi exiles to whoop up war fervor and has made quite a few blunders on his own.
          • Where `too pushy' means `he objected to the fact that over two years passed after his appointment before Clinton would meet with him', eh? But given the rest of the parent post, I'm sure you're about to tell us that Clinton actually did care about intelligence issues...

            Inside the CIA, a common joke around the time a lone crackpot landed a small plane on the whitehouse lawn was to claim that it had been Woolsey, desperately trying to get in to see his boss.

            No, really -- if you're going to make such s

        • The Torricelli amendment. It was passed as part of the outrage following an incident in Guatemala where the husband of a United States citizen was murdered by a CIA paid informant.

          More about that here. [umich.edu]

          It wasn't so much that the he was murdered, but that the US Govt knew what had happened to him and tried to cover it up. She tried for years to get information, information that the authorities had but kept denying.

          Finally in 1995 Representative Torricelli of New Jersey revealed the information publicly
    • They need to do more research. Look at this photo [blinkindustries.com] from the archives. It shows that Segways were used long before now. Conspiracy is key.
    • by tha_mink (518151) on Tuesday May 27, 2003 @12:45PM (#6049598)
      less technical assets, more people in the field.

      And you're qualified to make that assessment how exactly?

      • Qualifications: How about the raid on Son_Tay in Vietnam? Perfectly executed in everyway except there were no prisoners there. Or to use a more modern example - Iraq. How many WMD have been found there? None. So either someone's lying to the American people or the CIA's intello is faulty.

        Here's an anecdote I read a long while back, near the end of the Cold-War:

        NATO wanted to know the bore of the gun of a Soviet tank. There was one in East Germany. The US used satellites at a cost of millions of dollars.
        • NATO wanted to know the bore of the gun of a Soviet tank. There was one in East Germany. The US used satellites at a cost of millions of dollars. The British used someone to break into the facility to measure the bore. The cost was to replace the lock but the person who did it risked his life. The French took a Russian officer out to dinner, after having plied him with good food and lots of alcohol and just asked the him what the bore was.

          Not an anecdote, but an old joke, I think. And there's some truth

        • by garyrich (30652)
          "Or to use a more modern example - Iraq. How many WMD have been found there? None. So either someone's lying to the American people or the CIA's intello is faulty."

          Actually the CIA had been telling the executive branch for a long time that Iraq didn't have any WMD, or at least not any significant weapons stockpile. They got so sick of hearing such "unpatriotic" talk in the white house that they stopped listening to the CIA a couple of years ago. Rumsfeld and Cheney run their own little "mini CIA" out of
        • The French took a Russian officer out to dinner, after having plied him with good food and lots of alcohol and just asked the him what the bore was.

          In Soviet Russia, the bore is YOU.

          (Last time I make that joke, I promise.)
      • This series of programmes [bbc.co.uk] draws much the same conclusion. The link leads totranscripts of three BBC radio programmes about the CIA's history, from its birth to the present day. There is an interesting analysis of CIA intelligence failures due to lack of people 'on the ground', that is to say integrated into the society of countries they wish to watch and understand. Contributors include past senior CIA officers and one or two people who are still well connected in us.gov .
    • by kin_korn_karn (466864) on Tuesday May 27, 2003 @01:30PM (#6050043) Homepage
      Mr. Clancy, there's no need to post as an Anonymous Coward here.
    • One of the more interesting comments after the WTC attack was admissions that several US government agencies actually had some information about it, but the info hadn't been processed due to a lack of people who are fluent in Arabic.

      And one of the more interesting comments on this is the people who tie it to the strong "English only" pressure in the US, especially in our school systems. The clear intent in this ongoing debate is that people don't want immigrant children to grow up fluent in their parents'
      • I've actually heard the State of Utah referred to as a great recruiting ground for the NSA just for this reason - the Mormon missionary requirement means many of these folks are required to be fluent in a non-English language. Of course, having a verifiable "clean" background helps with security clearances too.
      • There was another great story sometime last year about how the army had recently expelled no fewer than eight advanced Arabic speakers because they were homosexual, despite a severe shortage of qualified translators. Way to fight terrorism, guys! It's nice to know that with our nation under attack by religious extremists, the Pentagon hasn't forgotten what really matters: keeping the queers in order.
  • by esconsult1 (203878) * on Tuesday May 27, 2003 @12:28PM (#6049409) Homepage Journal
    In my experience, it seems that politics and top down systems design without allowing for filtering up of ideas -- as it typical in most large orgs -- is responsible for this state of affairs.

    What makes an org nimble is when they listen to the people who actually dig the trenches. There is no difference in this case, between the CIA, and say, GM.

    • by ianscot (591483) on Tuesday May 27, 2003 @01:00PM (#6049766)
      What makes an org nimble is when they listen to the people who actually dig the trenches. There is no difference in this case, between the CIA, and say, GM.

      Working in a big corporate organization, I couldn't agree more wholeheartedly. You can see a million little bureaucratic failings in something like the CIA or the FBI, and they'll remind you of stuff the senior director at your company once did. Colleen Rowley's memo read like my dang diary -- the way they wouldn't even try for a warrant except under the circumstances they were accustomed to was sooo very typical, and the subsequent promotion of the higher-up who wouldn't pursue Moussaui was dead-on corporate America.

      (Makes me wonder why we talk so much about electing people who have business experience leading these enormous companies to public office... The CEO of United Airlines is as out-of-touch with the world of cause and effect as anyone out there.)

    • "Falling Behindism" is a term that I and my old boss created for the creeping paranoia that says, no matter how hard you're working at it, you're falling behind technologically and are not keeping up. The corallary is that you can't ever catch up and are doomed to obsolensence.

      I think everyone largely suffered from this during the late 90s, when, if you weren't paying attention for a week, you got two full revs behind on your applications and missed an OS rev entirely.

      The reality is usually more nuanced
  • by Anonymous Coward on Tuesday May 27, 2003 @12:30PM (#6049441)
    TUTMA - They Use Too Many Acronyms
  • A friend of mine was talking to an IT type at CSIS (Canadian Security and Intelligence Service -- equivalent to CIA). He asked them what kind of firewall they used for their secure systems.

    "We don't use a firewall. We use an air gap."

    • by SirWhoopass (108232) on Tuesday May 27, 2003 @12:44PM (#6049594)
      The US uses the same thing with SIPRNET [fas.org]. It is physically separate from the internet. Script kiddies like to gloat about how insecure military networks are and how they hacked into classified information. Not true. They may certainly have seen some "private" web sites with telephone or social security numbers, but not actual classified information. They'd need to dig a hole and splice fiber first.
      • by Anonymous Coward on Tuesday May 27, 2003 @12:52PM (#6049673)
        THe two networks are completely separate. Most people had a classified, and unclassified machine at their desk, completely separate. Once a disk had gone into a classified machine, it could never be used in an unclassified machineagain(In theory) same for hard drives and memory, including printer memory.

        TEh only time i have ever heard of the two networks being connected was a seinor chief plugged two lan cards into one computer, just messing around. Caught unholy hell for it, luckily he was the sharpest guy with the most experience in the office(Never fuck with a chief, they run EVERYTHING) and just got a verbal ass kicking, off the record. At least thats how i heard the story.
        • TEh only time i have ever heard of the two networks being connected was a seinor chief plugged two lan cards into one computer, just messing around. Caught unholy hell for it, luckily he was the sharpest guy with the most experience in the office

          Sounds like another case of "military intelligence".

        • I didn't work at the Pentagon but I was the lead IT on a ship and also an engineer (post-eaos) for the the NIPR/SIPR shipboard ISNS provider.

          The CIA isn't the only government agency that is behind the times. Lets talk about intelligence handling with the Navy. It wasn't until 4 years ago that an official standard, project if you will, was implemented on a broad scale to handle the class/unclass infosys traffic. Now I'm not saying that it didn't exist, because it did exist, but what I am hitting on here
      • Funny thing is that ILUVYOU was released on SIPERNET. Becouse the militray has the secure mentality most (of those that do have) anti virus software were out of date.

        Did I mention that the systems run Windows?
        • Did I mention that the systems run Windows?

          Sounds like another case of "military intelligence".

          One of the rules of security is to presume that any one layer is going to fail. Even the physical controls can fail. network attachment points halfway up the wall, and watching the MAC addresses of connected nodes still won't protect you from someone connecting a (supposedly) secure laptop with a spare wireless card in it and configured as a gateway.

          People will circumvent security -- and they'll (almost) alw

          • The systems don't "run Windows" any more than computers on the internet "run Windows". The OS is entirely up to the person using it. A lot of the classified systems run unix.

          • still won't protect you from someone connecting a (supposedly) secure laptop with a spare wireless card in it...

            SIPRNET facilities are closed areas wherein RF-transmit capable devices are not allowed. This means no cell phones, wireless cards, etc. Most procedure documents specifically disallow mobile equipment in the lab; only fixed and inspected equipment is allowed to make SIPRNET connections. Just getting a machine hooked up with an active connection is a huge affair involving letters and inspections a
            • It may be difficult and annoying, but it's still possible. If you don't have internal IDS and protection systems in place on top of the physical containment, then you're hooped when (not if) someone figures out a way around the physical protections.

              I'd rather presume that these groups do have protection beyond what's obvious. But if they don't then they might get hacked up the ying-yang before they realize that someone has made it through.

              • Okay, so right, bring in your laptop and box for NAT with a programmable MAC on a USBethernet adapter (so you don't have to break the seal), have a WAP outside, and you have the potential for a situation. System won't notice the laptop behind the NAT, which in turn is acting as a gateway for the Internet. IPSec (if req.) can be handled by creating a bridge interface on the trusted box. (I assume you somehow have mitigated the fact that SIPRNET and the Internet have conflicting address spaces)

                But to go thro
        • In the article they state that it is possible to move unclassified data onto the classified network, but not the other way round.
    • by JohnnyCannuk (19863) on Tuesday May 27, 2003 @12:53PM (#6049684)
      Otherwise known as "sneaker net"...

      Seems better than a firewall to me. They can't hack you if you're not on the network. Isolated networks are always more secure than public ones, as long as the location they are at is physically secure and trust me, places like CSIS, CSE (our NSA) and the Mounties are VERY secure.

      Besides, your "friend" could lose his job if he told you what firewall they use on their public facing networks....

    • I hope their network isn't wireless, then.
    • In fact, their entire network is airgapped -- it's all Wi-Fi. No cables, no hackers, no problem.
    • If you have a system or network of system that are totally seperate from the Internet in every way, there is no chance they can be hacked from it. The idea is you have a secure network, like the Internet but for you only, that is physically seperate. Any computer connected to it can not be connected to any other network. Then, provided that the computers in question are physically secure, you have eliminated the problem of hacking. Only uathorized personel can get near a computer on the network so only they
  • Editing out the more sensitive bits (I'll put periods in for the text), here's what it says:

    "...all.....your......base......are.....not....b el ong....to....us...."
  • They are lying (Score:3, Insightful)

    by bstadil (7110) on Tuesday May 27, 2003 @12:34PM (#6049480) Homepage
    They are lying.

    This is just a plug for more resources. Do you really believe they would publish this if it was true.

    Today Sig at /.

    What upsets me is not that you lied to me, but that from now on I can no longer believe you. -- Nietzsche

    is uncanny prescient.

  • by BitwizeGHC (145393) on Tuesday May 27, 2003 @12:34PM (#6049483) Homepage
    Everybody knows the "declassified" version is just a diversionary tactic to make us THINK the agency is behind the times, IT-wise. In reality, they've slipped nanites into everyone's drinking water to track the populace's movements and habits, beaming the data through the ether to the giant mainframe computers under Mt. Weather (where the CIA also happens to keep its massive drug stash).

    Remember, just because you're paranoid...
  • by TopShelf (92521) on Tuesday May 27, 2003 @12:35PM (#6049489) Homepage Journal
    Looking at the recommendations, what seems to pop out is that there is more a need for information organization than new-fangled gee-whiz technotoys. Analyst websites available via intranet, and the ability to search and join together information from various analyst accounts seem to be the major needs.
    • The other need mentioned was being able to track the workloads of the various DI analysts. This requires being able to assign workloads to various DI analysts.

      For many organizations, this is a huge can of worms, and for which they don't have a solid IT answer. Sad to say, in my workplace, we (somewhat) use MS Project. Even sadder, if we were a MS Project + MS Exchange shop, we would at least have a chance of solving this problem. That Gantt chart becomes a whole lot more intelligent when it is backed u

  • by Vengeance (46019) on Tuesday May 27, 2003 @12:35PM (#6049491)
    In the news: Hackers at a web site called 'slash-dot' (we believe it to be a hate-site against Indian developers) have instituted a denial-of-service attack against CIA web servers. Teams are currently raiding several OSDN locations in order to preserve freedom.

    -- John Ashcroft, here to help you
  • Made for OSS.. (Score:5, Interesting)

    by i_want_you_to_throw_ (559379) * on Tuesday May 27, 2003 @12:36PM (#6049503) Journal
    One reason is that DI offices cannot easily get funding for new software packages. The funding required for the development and testing of such tools--typically, tens of thousands of dollars per year--is small in comparison to the CIA's total budget. But it is enormous in the context of the discretionary funds that an individual office has--let alone an individual analyst.

    Another reason for open source. I'm the lone OSS outpost in my military operation and when the budget cuts came, the OSS got rolled out!

    Previously it was tough as hell but I am bringing in more and more OSS packages all the time that give some great functionality like Post-Nuke, phpESP, etc.

    Now I can damn near get away with murder because I am still bringing some great functionality in with no additional cost.

    This mantra has sold Linux more than anything else: "Services, not platforms".

    Repeat
    • Re:Made for OSS.. (Score:5, Interesting)

      by StandardDeviant (122674) on Tuesday May 27, 2003 @12:49PM (#6049645) Homepage Journal
      Yeah, as I was reading that article, I was struck by how handy something like a secure version of LiveJournal [livejournal.com] would be to an intelligence organization. Each analyst could post things up, works in progress, tidbits of interest, or formal product, which could then be syndicated by other analysts and consumers of analytic content in a fluid manner (NB: obviously would need some additional access, authentication, and authorization infrastructure to regulate who can syndicate what). Further, the LJ codebase would allow feedback on each entry in the analyst's "text stream", or I should say "media stream". And as a bonus, clients exist to talk to LJ servers from pretty much any platform, and most don't require any knowledge of HTML or similar technologies by the end user. The source code for the LJ server system as well as most of the clients is available here [livejournal.com] but as usual for any outside product, it'd probably be wise to commission a source review of it before putting it into production in a secure environment. (This may be one way to help fund the projects, if possible, by commissioning project developers to contribute to the security process, and allowing the non-agency-specific security changes to be rolled back into the public sphere, analogous to the NSA's SELinux [nsa.gov].)
  • Way off base (Score:5, Insightful)

    by mental_telepathy (564156) on Tuesday May 27, 2003 @12:39PM (#6049545)
    As far as I can tell, the author's main concern is that the CIA is not keeping up with the private sector due to security constraints. All I can say is, thank God. Any recent security poll will tell you that corporations have multiple security incidents per year, even if they take an active interest in security. Do we really want the CIA to publish a statement saying some script kiddie is publishing the names of suspected terrorists?
  • by ih8apple (607271) on Tuesday May 27, 2003 @12:43PM (#6049572)
    Are you guys familiar with In-Q-Tel [in-q-tel.com]? (It's mentioned in the article)

    Here's an article [wired.com].
    and another [atnewyork.com]...
    and another [usatoday.com]...
    and another [washingtonpost.com]...
  • I could tell you what that state of IT really is inside the CIA. Of course, then I'd have to kill you.

  • by gamgee5273 (410326) on Tuesday May 27, 2003 @12:50PM (#6049655) Homepage Journal
    This is a similar tact, though not exact, to the help desk structures that are successful. The DI analyst's job sounds quite a bit like the job my staff has to handle, and many of the suggestions like the ones I am regularly making.

    I would suggest they actually look at those models. ITIL (the IT Infrastructure Library, brought to you by the British government) is an excellent set of guidelines to start off with...

    Then they can hire me. :)

  • Pennywise (Score:3, Funny)

    by AtariAmarok (451306) on Tuesday May 27, 2003 @12:52PM (#6049677)
    I don't recall seeing the CIA anywhere in Stephen King's "IT". However, it would not surprise me if they now employed Pennywise the Clown in their espionage efforts.
  • by kahei (466208) on Tuesday May 27, 2003 @12:52PM (#6049678) Homepage

    It's nice to know the CIA has lots of people who just sit at desks and do boring stuff and spend their time trying to find pesky documents. I was afraid they *all* spent their time ferrying cocaine around southeast asia and creating military dictatorships.

    Sounds like they need to buy some nice commodity content-management and data mining software and a timesheet system. It's so cosy!

  • by djeaux (620938) on Tuesday May 27, 2003 @12:54PM (#6049698) Homepage Journal
    I know it's a cliché, but it's true.

    I agree with the poster down the page who opined that what the CIA needs is more people in the field. Look around the typical IT department & ask yourself, "Are these geeks the kind of folks I want providing vital information to the guys who have their fingers on the nuclear button?"

    It's pretty obvious -- regardless of your position on operation Iraqi "Freedom" -- that electronic surveillance is not very reliable without plenty of dirty on-the-ground spying. Another way to put it is "Where are all those WMDs?" We saw the "pictures"...

    • Are you sure you'd prefer the alternative, and what are the alternatives? Personally, I don't even trust those that have their fingers on the button now.
      Personally, I think that the military must have an intranet page something akin to
      <IMG SRC='mushroomcloud.gif'>
      <form method=POST>
      Who do we want to nuke today: <input name='todaysenemy'>?
      <input type='submit' value='nuke em'>
      </form>
  • by gclef (96311) on Tuesday May 27, 2003 @12:58PM (#6049744)
    The first part of his analysis reads very clearly like someone who didn't bother to understand the business he was advising before spouting off. (This is a common problem with consultants.)

    He dismisses the security concerns that prevent a lot of technology deployment as risk elimination rather than risk management, and says that this attitude hurts IT deployment within the CIA. The thing is, he says this without understanding that the CIA's risk profile is *totally* different from a business risk profile. The CIA can not take risks that a business can, as lives, not dollars, are at stake in the work they do. Any actual security consultant who made that mistake would (should) be fired on the spot.

    Granted, it sounds like his other recommendations (streamlining procurement, merging different IT groups within the CIA) are reasonable, but as a security person, that first paragraph just set me off.
    • If the CIA makes a bad call because their IT systems made it impossible or too hard to retrieve important information people can die just as easily as a security breach.

      Risk management is still the right way to do this - it's just that the risks on both sides of the ledger can sometimes be much higher.

  • by Anonymous Coward on Tuesday May 27, 2003 @01:00PM (#6049765)
    I went to a job fair and talked with the CIA recruiters. They told me that if I was interested in cutting edge I should stay away. They had hardware and software that was older than dirt and had no budget for anything new and no forceable change in budget status.

    I had them send me the employment forms anyway...

    I then went to a dot.bomb - iCAST.com -
    I should have gone with the CIA::

    questions on the form ( in addition to listing all relatives, frinnds, neighbors, aquaintences, relatives neighbors aquaintences etc.)

    Do you have any issue with being relocated during your tenure with the CIA

    Do you understand that once hired you will remain an employee for a minimum of three years

    Do you understand that at any time you may be relocated to wherever we need your services

  • by KD7JZ (161218) on Tuesday May 27, 2003 @01:01PM (#6049776)
    I worked for a large 3 Letter Agency during the late 80's through the mid-90s and one large issue we had was the transition from formal message traffic to e-mail. The military/intel community for years had a network for sending formal message traffic. These were written messages with formal accountability. They could be used to order actions, dispatch personnel, transfer money. When e-mail came along it was a big challenge to figure out if that same accountability could be built into e-mail or not.
  • SAIC (Score:3, Informative)

    by lpret (570480) <.lpret42. .at. .hotmail.com.> on Tuesday May 27, 2003 @01:06PM (#6049815) Homepage Journal
    I was just reading an article in Business 2.0 (yes, I try to help out where I can) about a group called SAIC [saic.com] that does a lot of data mining and management for the CIA as well as many other aspects of the government. Apparently they do quite a bit of the security aspect of the CIA as well. Now if only they'd go public, their stock would be incredible...
  • by PolyDwarf (156355) on Tuesday May 27, 2003 @01:15PM (#6049895)
    Clearly, we need more information about the people in the CIA, and what their relative abilities are, not whining about the IT abilities or lack thereof.. I mean, where's the mention of John Clark?
  • by zzyzx (15139) on Tuesday May 27, 2003 @01:23PM (#6049973) Homepage
    Anyone else think at first that this was going to be about the CIA buying some segways?
  • by nemaispuke (624303) on Tuesday May 27, 2003 @01:23PM (#6049980)
    Before I retired from the Navy, I worked in an Intelligence facility at the Top Secret level. The equipment that was available to me was several Macs (to produce PowerPoint slides), a Sun Sparc 10 used as a file and print server, a terminal to connect to PROFS (IBM OfficeVision) to read Top Secret e-mail, another Mac to access the Secret LAN and read Secret e-mail. There were no unclassified PC's, Macs, or Unix workstations to "surf the net" despite reading an article in the same command about "open source intelligence". Part of the problem is compartmenting the information which makes it difficult to search for information since not everyone can access all the information based on the compartments an individual is cleared for. This will not go away soon. And let's not get into the politics of it.
  • by 4of12 (97621)

    Failing to Keep Up With the Information Revolution

    So, tell me, truthfully, just how many organizations as large as the CIA can make the claim that they have, indeed, "kept up with the Information Revolution", eh?

    These are just conventional and expected codewords that are to be interpreted as "we need our IT budget intact, preferably more, and certainly not less".

    Whoever is the CIO of the CIA (what a catchy sounding title that is) should get an F on their report card if they didn't get some similarly-t

  • by supernova87a (532540) <kepler1@h o t m ail.com> on Tuesday May 27, 2003 @02:09PM (#6050362)
    who needs Information Technology at the Culinary Institute of America?
  • by nxs212 (303580)
    and it ain't Jennifer Garner :)
    Jayson Blair is CIA's newest hire. He comes from liberal, yet shrewd and intelligent NY Times where he was a "hands-on" reporter("All the News That's Fit to Print")
    George Tenet personally welcomed Jayson and introduced him as ~The man who will cut CIA's travel budget in half and will bring honesty, diversity and precision to our organization~
    George also mentioned that he came across Jayson's resume on dice.com; (leading online provider of online recruiting services for techn
  • Black Ops:
    1. Downplay your capabilities.
    2. Carry out a sophistacated op, like bombing yourself.
    3. Blame somebody else.
    4. Proclaim, "Oops, we goofed. Give us more money to fix the problem."
    5. Get more money for computers, etc.

    Example: Michael Hayden a year or two before 9/11/2001. [washingtonpost.com]

    True? Who knows, but the moral of the story is don't believe everything you hear. It stands to reason that anything the CIA wants the public to know is made available for a reason. And likewise everything it doeosn't want people to kno

  • For DI, to be breeched is to fail. As a phrase in the article adeptly hints, managing risk indicates, at best, incompetence, and at worst, treason. A policy of excluding risk, however, is acceptable. Where Bruce Berkowitz suggests, " . . . a 35-year-old DI analyst with ten years of experience ought to be able--routinely-- to take calls directly... noting where there is important uncertainty or disagreement", I could not disagree more strongly. Never should the opportunity for treasons of subterfuge of m
  • by extropy (669666)
    Ok, that makes much more sense, I was imagining agents trying to be sneaky while wheeling around on Segways.

6 Curses = 1 Hexahex

Working...