Begin forwarded message:
From: "Mario Profaca" <[EMAIL PROTECTED]>
Date: August 8, 2008 12:32:57 AM PDT
To: [EMAIL PROTECTED]
Subject: [SPY NEWS] Inside the CIA's extreme technology makeover, part 3
Reply-To: [EMAIL PROTECTED]
http://www.networkworld.com/news/2008/080608-inside-the-cias-extreme-technology.html
Inside the CIA's extreme technology makeover, part 3
By Thomas Wailgum , CIO , 08/06/2008
Sponsored by:
The CIA is undergoing a major transformation, and IT is playing a
leading role. In Part 3 of our inside look at the agency, we examine
how CIO Al Tarasiuk got both high-level and low-level CIA employees to
think about critical intelligence-sharing processes and showed that IT
can be a valued partner.
"You will sit at the table"
Al Tarasiuk's appointment as the CIA's CIO took place on Oct. 1, 2005
(former Director Porter Goss appointed Tarasiuk). In his first year,
however, Tarasiuk was seemingly handcuffed. "I had ideas [about
transforming IT] when I first became CIO," he says, "but the
environment wasn't aligned in a way where I could launch on these
ideas."
Since CIA Director Gen. Michael Hayden took over in May 2006, the
"transformation" theme of the Tarasiuk era has not been subtle or kept
quiet inside IT on a mission statement: Cut the bureaucracy and be
more businesslike via stronger IT governance, more disciplined project
management, greater data sharing and more openness to try new
technologies. Hayden has demanded as much.
Related Content
"What we had prior to that was some configurations of corporate [IT
structure], but we didn't have the business side-what we call the
mission side-really fully engaged in big decisions about how we spent
our money on IT, how we deal with information policies and things like
that," says Tarasiuk, whom Hayden realigned to a direct report when he
took over. "My role was to do that."
Tarasiuk created and chairs an Information Governance Board, which
meets quarterly or as needed to make the strategic IT decisions for
the agency. Hayden "demanded that because of the problems we've had in
the past, because of who actually participated [in making IT
decisions], he said to the business leaders, the mission managers,
'You will sit at the table,'" Tarasiuk says. "So the support of the
top leadership has been very important in making sure that board is
effective."
The four divisions inside the CIA are: Directorate of Intelligence
(the analysis arm); the National Clandestine Service (the spies);
Directorate of Science & Technology (which develops technologies to
support the mission-think "Q" from James Bond movies); and the
Directorate of Support (HR, finance, logistics, legal and other
functions). For the most part, these CIA leaders appreciate being
involved in the IT decision-making processes, Tarasiuk claims, even
though "not all of the decisions go their way."
For example, Tarasiuk forged what he calls an enterprise data layer
strategy that enables those who have need and permission to access CIA
data can do so. One part of the strategy is IT-related: Tarasiuk notes
that service-oriented architecture (SOA) technology has been one key
piece.
The other, and much more difficult, part has been process change.
"We're making corporate policies on how data is going to be managed,
and we're not going to allow little fiefdoms anymore," he says, "where
data is managed and protected and policy and regulations are set by
some local manager at the lowest levels of the organization."
It's not surprising that there's been resistance. "A lot of things are
related to turf and how much you own and control," Tarasiuk says.
"What we're doing, in effect, is we're taking some of that control
away. And that always hurts, and that's why it makes it difficult
because you are pushing out a culture that existed for many years."
One result of the enterprise data layer strategy is Trident, a new
research and analysis application for CIA analysts that links a set of
a dozen or so (Tarasiuk won't be specific) logical data repositories
and has tiered access (depending on a user's need to access the data)
and single access control to all the databases.
Related Content
Trident debuted in 2007, and it manages the voluminous amount of
information flowing into the CIA and allows analysts to organize and
comb through the intelligence most critical to their specialty.
Trident provides a multitude of capabilities for them: tools for
search, foldering, knowledge management, sharing, information
extraction, link analysis, mapping and data visualization.
"Trident allows analysts to spend less time trying to find relevant
information and more time analyzing," Tarasiuk notes. He says that
Trident has given many of the analysts an extra hour a day to perform
more analysis.
"The number of people looking over your shoulder is staggering"
Next on Tarasiuk's agenda has been to fix project management. Ken
Westbrook, chief of business information strategy in the CIA's
intelligence directorate (the agency's intelligence analysts), recalls
that the past project management process had stifling "control gates"
and placed too many cooks in the kitchen. "The problem with that is
that it became so bureaucratic," Westbrook says. "We were having
projects, taking dozens of control gates, each of which could have
hundreds of people in a room. It was not an efficient way of getting
the job done."
Ken Orr, principal researcher at The Ken Orr Institute and a former
member of the National Research Council (NRC) committee who's studied
government IT project failures for years (though none at the CIA),
says, "When it comes to managing big projects, the feds have this
terrible oversight problem, and when anything goes wrong, they add
another oversight layer." "If you've got [US]$100 million to $200
million project, the [number of] meetings and oversight and people
looking over your shoulder is staggering."
Since taking over, Tarasiuk has moved the CIA's enterprise IT
operations completely to an agile project methodology, and, according
to internal customer data, now maintains an 80 percent success rate in
delivering applications, he says. IT has streamlined the "control
gate" process to more easily meet deadlines, Westbrook says, and now
tracks deliverables, deadlines and whether they were met. "That's
revolutionized things," Westbrook adds.
Of course, verifying the CIA's claims about virtually anything outside
the purview of the CIA is tough to do. For example, the Government
Accountability Office (GAO), the auditing watchdog of Congress, which
investigates the performance of the federal government, including IT
operations, has been severely limited in its oversight of the CIA and
other intelligence agencies.
In testimony before Congress in February 2008, the GAO's comptroller
general of the United States, David Walker, testified that with
Congress's approval, the GAO "could evaluate some of the basic
management functions that we now evaluate throughout other parts of
the federal government, such as human capital, acquisition,
information technology, strategic planning, organizational alignment,
and financial and knowledge management" at intelligence agencies, like
the CIA. However, Walker added that, at the time, "we foresee no major
change in limits on our access" to those agencies.
As Orr sees it, outside inspection of the CIA isn't likely to happen
soon. "Secrecy makes it hard to really know what's going on," Orr
says, "but you cannot remove the secrecy from the organization."
"If the data and names get out, people die"
Back in his office, in June, Tarasiuk looks across the edge of a
conference table and says, matter-of-factly, "You know, one of the
things we do here is we commit espionage. That's the business we're
in." The blandness of his delivery belies the statement's heft: At the
end of the day, his business is so atypical, his customer set unique,
his data so sensitive, and his security requirements so exceptional
that his job stands apart-way apart-from that of most all CIOs.
His day-to-day existence is one big balancing act: weighing the need
to protect the CIA's information-"absolutely protect that data," he
implores-and the need to share that information. "Because information
that sits here and no one uses is worthless," Tarasiuk says.
So as he goes about serving his customers (Tarasiuk prefers
"partners"), he deals with spies', analysts' and other departments'
sometimes conflicting infrastructural and application demands. He
relies heavily on the Information Governance Board and the enterprise
data layer process, but "it's a hard place to be," he says, "because
you never make anybody happy."
For example, there has long been tension between the collectors of
information (the "ops" or clandestine personnel) and the analysts who
try to make sense of it. "Despite decades of trying to reduce the
barriers between the Directorate of Intelligence (DI) and the
Directorate of Operations (DO), sharp divides still exist," noted
Bruce Berkowitz, a former CIA officer who, from 2001 to 2002, studied
how CIA analysts used information technology. "The DI and the DO, for
example, have separate databases and separate IT architectures.
Several DI analysts even told me that they had a better working
relationship with their counterparts at NSA than with their own CIA
colleagues in the DO."
"The CIA has never been able to get their ops guys to talk to the
analytic guys, because the ops guys basically know that if the data
and names get out, people die," Orr says. "They guard their
information very closely, and the analytic guys want to make
everything public in the community. That tension is there across the
board."
All Tarasiuk will say about the tension is that "technology is not the
barrier for making them work more effectively."
"Technology can only get you so far"
A CIA clandestine officer who works closely with Tarasiuk describes
the CIO role as one that has to satisfy typical CIO obligations
(delivering appropriate applications to users to make them more
efficient) with one big catch. "Here's the rub: He can bring all the
efficiencies here, but [it's difficult] because of our unique security
requirements," says the senior national clandestine service officer,
who declined to be identified, citing his active duty status at the
agency. "I care about: 1. Security. 2. Functionality. 3. Efficiency."
The senior officer describes the "very personal, very human" nature of
the clandestine organization, which illustrates some of the IT
disconnects that were inherent in the CIA's history. People, personal
relationships took precedence over business processes and technology.
"Twenty years ago, if you didn't want to use technology, you didn't
[have to]," he says. Now, "it's nearly everything we do."
He says the CIA officers like him realize that technology applications
have the ability to free up ops people to do more of the personal
work-but only to a certain level. "Technology can only get you so
far," he says. "Information sharing is critical, but at the same time,
we need to have some 'cylinders of excellence.'"
And that's where the CIO is, always in the middle of the risk-reward
quandary. "So there you have Al Tarasiuk, the CIO, trying to figure
out, 'All right, what do I balance here?'" Tarasiuk says. "It's not a
one-size-fits all, and it's not one solution."
Lena Trudeau, a program director at the National Academy of Public
Administration (NAPA), an independent Washington, D.C., government
advisory group, notes that the government organizations typically
"create a culture that would rather avoid the risk and not fail, than
try and fail and learn from the failure and succeed the next time
around," she says. Trudeau leads a group that is studying how
collaborative technologies can help solve the U.S. government's
complex problems. She says: "The CIA is a really good example of an
organization where there's not a lot of tolerance for failure, but we
have to be in the position where we're willing to try new things and
risk failure that we can learn from and help us get it right later."
While Tarasiuk has been working to get the CIA to experiment with new
IT-related data-sharing processes and applications, he worries about
missing something when the consequences of failure are great. There
are critical decisions that need to be made with all the data
accumulated during the last 60 years, Tarasiuk says, like what to
keep, what to make public and what to discard. There are also
thousands of databases across the intelligence community whose
contents may or may not need to be connected.
Which all weighs heavily on Tarasiuk. "The thing that worries me the
most," he says, "is that we have buried somewhere, in some database,
some piece of information that a person that might need access to
doesn't have the access or the data is not available to them somehow."
All contents copyright 1995-2008 Network World, Inc.
http://www.networkworld.com
------------------------------------
-__ ___ _ ___ __ ___ _ _ _ __
/-_|-0-\-V-/-\|-|-__|-|-|-/-_|
\_-\--_/\-/|-\\-|-_||-V-V-\_-\
|__/_|--//-|_|\_|___|\_A_/|__/
SPY NEWS is OSI newsletter and discussion list associated to
Mario's Cyberspace Station - The Global Intelligence News Portal
http://mprofaca.cro.net
http://spynews.byethost13.com
Since you are receiving and reading documents, news stories,
comments and opinions not only from so called (or self-proclaimed)
"reliable sources", but also a lot of possible misinformation
collected and posted to Spy News for OSI purposes - it should be
a serious reason (particularly to journalists and web publishers)
to think twice before using it for their story writing, further
publishing or forwarding throughout Cyberspace.
To unsubscribe:
mailto:[EMAIL PROTECTED]
*** FAIR USE NOTICE: This message contains copyrighted material whose
use has not been specifically authorized by the copyright owner. Spy
News is making it available without profit to SPY NEWS members who
have expressed a prior interest in receiving the included information
in their efforts to advance the understanding of intelligence and law
enforcement organizations, their activities, methods, techniques,
human rights, civil liberties and other intelligence related issues,
for non-profit research and educational purposes only. We always
mention the author and link the original site and page of every
article. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S.
Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain
permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
SPY NEWS home page:
http://groups.yahoo.com/group/spynews
Mario Profaca
http://mprofaca.cro.net/profaca.html
e-mail: mario.profaca[at]zg.t-com.hr
SPY NEWS owner & editor
Yahoo! Groups Links
