[CTRL] INTELINK a book review by J. Orlin Grabbe

[Kris Millegan]

 -Caveat Lector-

from:
http://www.zolatimes.com/V3.9/pageone.html
<A HREF="http://www.zolatimes.com/V3.9/pageone.html">Laissez Faire City Times
- Volume 3 Issue 9</A>
-----
The Laissez Faire City Times
March 1, 1999 - Volume 3, Issue 9
Editor & Chief: Emile Zola
------------------------------------------------------------------------
INTELINK

a book review by J. Orlin Grabbe


Intelink is the classified, worldwide intranet for the U.S. Intelligence
Community  linking together the Central Intelligence Agency (CIA), the
National Security Agency (NSA), the National Reconnaissance Office (NRO
), the National Imagery and Mapping Agency (NIMA), the Defense
Intelligence Agency (DIA), and 8 other intelligence organizations,
including the FBI.

Intelink is the subject of Frederick Thomas Martin’s flashily titled Top
Secret Intranet: How U.S. Intelligence Built Intelink  The World’s
Largest, Most Secure Network. Perhaps the most surprising revelation the
book makes is that this very closed network was built entirely on open
system standards like TCP/IP (the communication protocols of the
Internet) and SGML (Standard Generalized Markup Language, of which HTML
 the hypertext presentation language of the World Wide Web  is an
application). Indeed, Martin gets around to boldly stating that "
Intelink is patterned after the global Internet."

"It was a dark and stormy night," Martin’s introduction begins, and that
is the best written sentence in the somewhat ponderously crafted and
repetitious Intro the literary techniques of English novelist Edward
Bulwer-Lytton otherwise conspicuous by their absence. Reading Martin’s
mushy acknowledgements, one quickly forms the impression of a book both
written and vetted by a committee; indeed, one begins to question
whether Martin’s name should appear on the book at all. Martin recently
retired from the NSA as Deputy Director of its Information Services
Group.

But it gets better once we reach the book proper. Chapter 1 tells the
origin of Intelink, how in 1994 DCI James Woolsey created the
Intelligence Systems Board (ISB) to improve the interoperability of
information systems supporting intelligence operations. Along with ISB
came a permanent staff, known as the Intelligence Systems Secretariat
(ISS). Steven Schanzer, the first Director of the ISS, became the
"father" of Intelink. A "proof of concept" prototype was put together in
April 1994, and by the end of the year Intelink was operational. The
rest of Chapter 1 gives a thumbnail history of the Internet and the
World Wide Web, introduces SGML and its offspring HTML (an SGML
application) and the more recent XML (eXtensible Markup Language, a
subset of SGML which will be supported in future Netscape and Internet
Explorer browsers), and concludes with a discussion of the need for In
telink to meet the changing needs of intelligence.

Martin notes that SMGL was adopted for document tagging by the
Department of Defense in 1987 in its CALS ("Continuous Acquisition and
Life-Cycle Support") Program, then as an information processing standard
by the CIA in 1993, and finally by Intelink in 1994.

Chapter 2 is essentially a bureaucratic history of the development of
Intelink, and describes the eventual formation of the Intelink
Management Office (IMO), whose Director alternates between the CIA and
DIA, and whose Deputy Director is always NSA. There are dry recitations
of duties and goals, some of which read like they were written by an
IT-trained Russian speaker struggling with the English language. For
example:

"· Enhancing support infrastructures to ensure that future Intelink
services enjoy the stability of a robust and well-administered
information environment; [Translation: Get our shit together.]

"· Establishing a viable training program to ensure that all producers
and users can effectively use existing and new services; [Translation:
Teach people to use the system.]

"· Developing a technology integration program to ensure that Intelink
enjoys the benefits of early introduction of new information
technology;" [Translation: Grab the new stuff pronto.]

The chapter notes that the Global Command and Control System (GCCS)  the
Department of Defense’s new system for delivering command and control
capabilities to the warfighter  relies in part on Intelink. (See
"Intelink-S," below.)

As currently constituted, Intelink is segmented into security levels. At
the core is "Intelink-SCI." SCI, according to Martin, stands for
"Special" Compartmented Information, although most other people seem to
think it stands for "Sensitive" Compartmented Information (see, for
example, Jeffrey T. Richelson, The U.S. Intelligence Community, 3rd
edition). Information available on Intelink-SCI is classified up to "Top
Secret/SCI." About 50,000 people have access to this level, including
Monica Lewinsky, while she was at the Pentagon. (You will recall that
Monica had a Top Secret/SCI clearance for reasons never explained, but
presumably because of her need for detailed handling of Presidential
Decision Directives. Image what could have happened, for example, if a
foreign intelligence service had gotten a sample of Presidential DNA and
created a Clinton clone.)

The next level is "Intelink-SecretNet" or "Intelink-S," which carries
information classified up to the Secret level. Intelink-S primarily
serves the military, and has around 265,000 users  most of whom access
Intelink-S through the Defense Information Systems Agency’s SIPRNET
 (short for Secret Internet Protocol Router Network).

The most interesting (and most highly classified) level is
"Intelink-PolicyNet" or "Intelink-P," which is operated by the CIA and
is only available to very high-level policy makers  such as the National
Security Council, the DCI, or the President. That way the latter can get
all the information they need, say, before deciding to decimate
pharmaceutical factories in the Sudan or nomad tents in Afghanistan with
Tomahawk cruise missiles.

The final level is "Intelink-UnclassifiedNet" or "Intelink-U," which
includes all open-source (unclassified) intelligence, and which is
available to members of OSIS (the Open Source Information Service) or
others approved by them. OSIS is managed by the CIA, and relies on
public data bases and other unclassified information  the "open-source
intelligence" promoted by Robert Steele. This level is accessed through
Virtual Private Networks (but hopefully not ones that use Microsoft’s
Point-to-Point Tunneling Protocol).

Martin notes the close relationship of the intelligence community
 especially the NSA  to the Software Engineering Institute (SEI) at
Carnegie Mellon University in Pittsburgh.

Chapter 3 argues the need for standards (and there is little to argue
with here), and discusses three from the Department of Defense: TAFIM
 (Technical Architecture Framework for Information Management), COE
 (Common Operating Environment), and JTA (Joint Technical Architecture).
In charge of all this is the Assistant Secretary of Defense for C3I
 (otherwise known as Command, Control, Communications, and
Intelligence). (Elsewhere I have attempted to create an easy-to-read
intuitive guide to what command and control  C2  is all about, in the
context of SIOP, the Single Integrated Operational Plan for Nuclear War
.)

The 8 volumes of TAFIM basically focus on open systems and the need to
follow international and national standards. JTA  which like TAFIM was
inspired partly by co-ordination failures in the 1991 Gulf War  is the
practical implementation of TAFIM, mandating the use of
commercial-off-the-shelf (COTS) software and hardware products, as well
as standards such as SGML for documents.

COE can be briefly explained as follows. The 1970s mainframe-based
war-fighting system, the World-Wide Military Command and Control System
(WWMCCS, "whim-mix"), was upgraded in the 1980s, and eventually replaced
in the 1990s. The new system was called the Global Command and Control
System (GCCS), and was built by direction according to international and
national information processing standards, using commercial and
government "off-the-shelf" products wherever possible. (GCCS runs on Sun
Microsystems computers running the Solaris Unix operating system.) COE
consists of the software pieces of this common computing and
communications environment, as well as the specifications for putting
the pieces together to support specific military missions.

These three Defense Department standards automatically impact 8 of the
13 intelligence organizations within Intelink—NSA, DIA, NIMA, NRO, and
the military intelligence units of Army, Navy, Air Force, and the
Marines. To such Defense standards are added other initiatives relevant
to Intelink and specific to the intelligence community, such as the
Unified Cryptologic Architecture 2010 (by analogy to Joint Vision 2010),
initiated by NSA Director Kenneth Minihan in September 1997, which
mandates common cryptology standards and procedures across the
intelligence community.

Chapter 3 concludes with a discussion of the Defense Message System (DMS
), Defense’s new e-mail system using COTS software. It looks pretty much
like the e-mail system you use, except encryption is provided by
FORTEZZA instead of PGP. (In the DMS, "e-mail" refers strictly to
personal, as opposed to organizational traffic. Here I ignore this
distinction.) The DMS is being implemented throughout the intelligence
community.

Chapter 4 talks about security. It discusses privacy, encryption,
digital signatures, DES, public key cryptography, and the like. Nothing
new here. The chapter also looks at the psychology of network attackers:
what motivates their nefarious deeds? Martin mentions money, revenge,
and terrorism, but not the much more common Faustian impulse (the simple
desire to know and understand that motivates many hackers). However,
Martin classifies the latter as terrorists, so in his terms the
categories are complete.

Martin presents a curious group of spies, along with what he believes
motivated them: the Walker family; NSA mathematicians William Martin and
Bernon Mitchell, along with NSA’s Robert Lipka; the CIA’s Aldrich Ames,
Edwin Moore II, Donald Groat, Harold Nicholson; the FBI’s Earl Edwin
Pitts; the Korean Robert Kim. For example, Martin says Aldrich Ames was
motivated by greed, but anyone who has studied the case knows the truth
is much more complicated than that. But the strange thing about Martin’s
list is the omission of Jonathan Pollard, who did more damage
especially to the NSA  than all of the above put together.

Martin is somewhat dismissive of the Deschall crack of DES in June 1997,
which took several months and used the idle computer time among
thousands of Internet computers. He probably knows better. But now that
the Electronic Frontier Foundation has built Deep Crack, there is no
further room for argument: 56-bit DES only gives fleeting security.

Chapter 5 gets off generalities and discusses actual Intelink security.
At the time this book was written, Intelink was only protected by
passwords: different passwords for different security levels of
Intelink. In fact, each security level operated as a separate network,
so that one might have an Intelink web page inviting comments on an
article, say, and find it necessary to give three separate contact
addresses for users, respectively, of Intel-SCI, Intel-S, and Intel-U.

Within each level, no distinctions were made among the users in the
pool. All in all, the simple password mechanism suggests that security
was fairly mickey-mouse in this "world’s most secure network."

The intent, however, was to introduce strong two-way authentication
using a certification authority (CA) issuing X.509 certificates. The
idea was to replace the current layered password approach with a single
sign-on password, along with a security token (such as a smart card
containing the required certificate information, which could also double
as an identification card). Then when the user wanted to access a
particular database, he would present his certificate (via the security
token), which the server would check for the proper authorization.

Channel security (between the user and the Intelink server) is provided
by the Secure Sockets Layer (SSL). Martin does not discuss any of the
short-comings of SSL 3.0, such as the fact that within the key-exchange
message protocol, the change cipher spec is not protected by message
authentication in the finished message. He talks about RSA’s MD5 hash
function without noting that even RSA no longer recommends its use (see
"Recent Results for MD2, MD4, and MD5"). He refers to Triple-DES as
using 112-bit keys, when in fact it uses either two or three 56-bit keys
(64-bit keys if you include the disgarded parity bits), but has the
equivalent security of a 112-bit key.

Intelink has its own bulletin boards, or Usenet-type groups, called
Communities of Interest (COI). Restricting access to these was
considered especially important, as they are liable to involve serious
and detailed discussion of the lastest information (including classified
data) on relevant topics. Beta-tests of the certificate-based approach
using COTS software have been done in connection with the
Non-Proliferation Center (NPC) and the Anti-Drug Network (ADNET).

Chapter 5 also discusses the NSA’s Multilevel Information Systems
Security Initiative (MISSI), including Fortezza and Rosetta. Fortezza,
of course, arises from the "Clipper chip" framework (with a government
back-door) that the Clinton administration tried, but failed to cram
down the throats of the American public. Fortezza is a PC card that
includes the Secure Hash Algorithm (SHA), the Digital Signature Standard
(DSS), the Skipjack encryption algorithm (with weak 80-bit keys), and a
key exchange algorithm. To use his Fortezza card, the owner must enter a
12-digit PIN (similar to the 4-digit PINs used in ATM cards). But since
most networks don’t use PC cards, and since Fortezza cards are
relatively expensive, a second project called Rosetta intends to
substitute a low-cost "Rosetta" smartcard as an alternative to Fortezza.

Chapter 6 describes Intelink user tools and services. The material here
will be familiar to any user of the Internet. For example, one of the
search tools used by Intelink is Altavista, one of the best and most
widely-used Internet search engines. The main interest of this chapter
lies in the discussion of the specific COTS software that Intelink uses
for its search engines, for the management of its user groups (COIs,
such as misc.weapons.iraq), and for the provision of reference aids.
This includes such familiar commercial software as WebChat and
RealMedia.

Chapter 7 describes how Intelink manages information. The book claims
that corporations typically deal with structured data (the type that can
be easily handled by relational databases) while the intelligence
community deals with unstructured data. (This statement is easy to
dispute: corporations haven’t learned to structure inherently
unstructured information any better than intelligence organizations.
That’s why, for example, universities have management departments which
often teach by cases studies, which aggregate unstructured information
and try to make sense of it.) But  moving on. How does Intelink deal
with its inherently "touchy-feely" information problems?

First, Intelink set up a Joint Standards Board (JSB) patterned after the
World Wide Web Consortium (W3C). Next, it formalized the use of metadata
  essentially document tags, such as security classification, name of
the intelligence organization producing the document, title, date, topic
country, etc.

Next it set up its own Web publishing standards based on SGML. SGML is a
metalanguage that allows you to create individual markup languages, such
as HTML, the language that Tim Berners-Lee created for the World Wide
Web. But you could just as easily create Your Own Markup Language
(YOML). So a document marked-up in SGML potentially could be displayed
in HTML or in YOML, depending on prior conversion or the future
capabilities of your browser. A problem with SGML is that it is so
general that programmers find it impossible to get a handle on it. That
led to the creation of a simplified version of SGML, called XML, which
still allows to you to create your own markup language, but removes some
of the perhaps excessive generality of SGML. The World Wide Web is
evolving from HTML to SGML/XML, and so is Intelink. (It appears that
intelligence documents are currently marked up in SGML, in many cases,
but automatically converted to HTML before being published on Intelink.)

Finally, Intelink has experimented with "push" and "pull" technology.
"Pull" is when you go out to the Web (or Intelink) and search for what
you are looking for. "Push" is when you set up criteria or filters for
what you are generally looking for. Then newly published information is
broadcast, and if it meets your filters, it arrives at your site as
voluntary spam.

Chapter 8 involves some case studies from the Joint Intelligence Center,
Pacific (JICPAC), the Office of Naval Intelligence (ONI), the NSA, the
Foreign Broadcast Information Service, and NIMA. These studies document
the problems of moving from paper to on-line or CD-ROM publishing, and
highlight the implementation difficulties of new standards such as SGML.
But there are benefits. The ONI, for example, can now publish its ships
and weapons handbooks using 5 percent of previous resources, and in 1
percent of the turnaround time. "The traditional paper version of the
Naval Ship and Submarine Characteristics Handbook series consisted of 11
regional volumes of about 1,000 pages each. These volumes were
distributed to over 900 customers around the world at a total cost of ap
proximately $250,000. The cost to produce the new CD version is about
$10,000, or less than five percent of the paper version" (p. 265).

Chapter 9 looks to the future "information revolution of the Third
Millennium." Intelink wants to be part of it. Here, as in much of the
book, the approach is cut-and-paste: this person in a speech made this
list of points  1, 2, 3; that person made that list of points  A, B, C.
Blah, blah, blah. But of course the real information revolution will
arrive when Martin learns to integrate all this information into an
informative, non-repetitive narrative. But instead he prefers to
randomly quote as many people as possible (a paean to "our crowd"?), and
to endless repeat the same ideas over and over in slightly
differentiated form. And, naturally, every significant idea has to be
credited, if possible, to an appropriately high-level bureaucrat.

The chapter does raise an interesting question: if information is
conceived of as an economic commodity, what should its price be? Here I
will only note that both Aldrich Ames and Jonathan Pollard worked hard
to answer that question, but the value of their research was somewhat
diminished because they each dealt in limited markets.

As an example of how the private sector is coping with the information
revolution, Chapter 9 also looks at Walt Disney Imagineering  a company
which works closely with the intelligence community. Walt Disney
Imagineering, at least Bran Ferren, sees the global Internet as the
enabler of the future  and one sees little reason to dispute this. (I
wrote an article along the same lines, "The Internet and the Death of
the News Monopoly," to explain the future to 60 Minutes, but they had no
idea what I was talking about.)

According to the book, "the Internet is like fire." So I guess if you
stick your hand in it, you are liable to get your fingers burnt.

Chapter 10 talks about the agile enterprise. "Agile" here is a buzzword,
but basically means the opposite of sclerotic. We want agile enterprises
, not sclerotic ones. The book helpfully quotes a MITRE Corporation
 white paper that explains that in order to create the agile enterprise,
"we must become more agile . . ."

The reason for all this nonsense apparently is that Ruth David, Deputy
Director for Science and Technology at the CIA, likes the word. The
basic image is that of an enterprise that reacts quickly and efficiently
to customer needs. Fair enough. However, once you turn something into a
buzzword, it quickly loses all contact with reality. "What is the
essence of agile?" "The ten (or is it 24?) characteristics of the
self-organizing agile enterprise." "Why connected process A is 35
percent more agile than connected process B." "We need congressional
funding for a global survey of forward-looking agility." Etc.

One measure of agility may be demonstrated when people post articles you
don’t like to Usenet  such as "Hackers Vs. Politicians". See how quickly
you can delete them. The agile enterprise, such as NSA, will hop right
to it and get the job done.

One would not want to leave Chapter 10 without picking up another
acronym: JIVA, the DIA’s Joint Intelligence Virtual Architecture. (Don’t
ask. After a while, all these Five-Year Plans sound alike.)

The Glossary pretty much sucks. It will tell you, for example, that
"CIA" stands for "Central Intelligence Agency" (gee, how helpful), but
will not tell you that "ISS" stands for "Intelligence Systems
Secretariat." (Under "Intelligence Systems Secretariat," however, it
 will let you know that "ISS" is its acronym.) The same is true of a
myriad of other obscure acronyms that appear in the book and which are
apt to slip the mind from time to time. But this is somewhat consistent
with the cut-and-paste philosophy. One envisions that someone found a
glossary of intelligence terms and pasted them into a hole in the
manuscript, without giving further thought to the actual usefulness or
completeness of the addition.

The CD-ROM included with the book doesn’t have a lot on it. The main
thing is a sample copy of the "Intelink Central" homepage, and a few
not-terribly-informative subpages. These, naturally, can’t be explored
and used by the hoi polloi for real, but the latter can look at the
pretty markup and wonder what’s behind all those links.

Will you find the book and CD-ROM worth the $35 cover price? Probably.
Just buy it. You don’t have to like it.



------------------------------------------------------------------------

Top Secret Intranet: How U.S. Intelligence Built Intelink  the World’s
Largest, Most Secure Network, by Frederick Thomas Martin, Prentice Hall
PTR, Upper Saddle River, New Jersey 07458, publisher website:
http://www.phptr.com. ISBN 0-13-080898-9.



------------------------------------------------------------------------

J. Orlin Grabbe is the author of International Financial Markets, and is
an internationally recognized derivatives expert. He has recently
branched out into cryptology, banking security, and digital cash. His
home page is located at http://www.aci.net/kalliste/homepage.html .

-30-

from The Laissez Faire City Times, Vol 3, No 9, March 1, 1999
------------------------------------------------------------------------
Published by
Laissez Faire City Netcasting Group, Inc.
Copyright 1998 - Trademark Registered with LFC Public Registrar
All Rights Reserved

Disclaimer
The Laissez Faire City Times is a private newspaper. Although it is
published by a corporation domiciled within the sovereign domain of
Laissez Faire City, it is not an "official organ" of the city or its
founding trust. Just as the New York Times is unaffiliated with the city
of New York, the City Times is only one of what may be several news
publications located in, or domiciled at, Laissez Faire City proper. For
information about LFC, please contact [EMAIL PROTECTED]
-----
Aloha, He'Ping,
Om, Shalom, Salaam.
Em Hotep, Peace Be,
Omnia Bona Bonis,
All My Relations.
Adieu, Adios, Aloha.
Amen.
Roads End
Kris

DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance—not soapboxing!  These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically  by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.

Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html

http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]

To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]

Om