Information technology
During 2001-2002, a Scholar-in-Residence at the Sherman Kent Center for Intelligence Analysis, the “think tank” attached to the CIA’s training center for analysts, [12] was tasked with something new: using an outside scholar to study the process of analysis itself, especially how Information Technology (IT) was, and could be, used.
His "approach was to watch as many DI analysts as practical and ask them how they performed their work. We discussed what kinds of tasks were hard to do and what technologies or procedures seemed to work smoothly. We also talked about their own ideas about how they might use IT more effectively. For the sake of comparison, I also met with researchers at organizations that perform functions similar to those of the DI (e.g., other intelligence organizations; the Congressional Research Service; The Washington Post; and business risk assessment services). Finally, I drew on my own experience in business and non-government research institutions. I was able to watch the DI respond to the terrorist attacks of 11 September 2001 and ramp-up for the war on terrorism.
"I came away from this experience impressed by the quality of DI analysts, but also concerned about their lack of awareness of and access to new information technology and services that could be of critical value to their work. The DI has used automated databases since the 1970s and has gradually improved its capabilities. With the existing system, analysts can perform most searches for source documents from CIA archives at their desks and retrieve the documents electronically."
It is sadly worth noting, however, that CIA analysts still do much better than their FBI counterparts, who have difficulty accessing any external secure networks, or sharing the most sensitive data within their agency. [13]. NSA, however, seems to be much more comfortable with using IT as a daily tool.
Agency internal data bases continue to improve over earlier generations, but, in many respects, are inferior to commercial search engines. It should be remembered, however, that ease of use is not an absolute requirement. Some search engine human interfaces are "expert friendly" rather than "user friendly", allowing analysts with solid backgrounds in complex search strategies to be at their most efficient. One indicator of some system shortcomings is simply the fact that an important part of a DI analyst’s tradecraft is building an informal source network. A good analyst either knows someone, or “knows someone who knows someone,” at another office or organization who can get the information they need. A good analyst will use these contacts to develop more leads in the process. In the commercial world, these contacts are managed with CRM, ERM, or social networking software.
Agency policies and practices create five kinds of constraints that prevent the DI from acquiring new IT and using it effectively. In 2008, the may have broken through some of these constraints, or will break through in time.
Security and IT
Security is probably the single most important factor that prevents the DI from applying information technology more effectively. Security is absolutely essential for intelligence, of course. The problem is that, when it comes to IT, approach is not “risk management,” but “risk exclusion.”
Until recently, personal digital assistants were forbidden in high-security facilities. There are some very specialized electronic security threats that could apply, so it may be that a secure PDA needs to be developed and provided. Even in government agencies with sensitive but unclassifed information (e.g., personal health information covered by , there has been a serious concern over information bypassing safeguards on tiny solid state disk equivalents, which can fit into pens. Other agencies, however, are addressing this problem by requiring the devices to store information in encrypted form, and using biometric identification.
Such exclusionary rules also send an implicit message to DI analysts that information technology is dangerous and not essential for analysis. Analysts are, by the nature of their work, especially aware of security threats. So when they are told that a technology is potentially dangerous, their instinct is to avoid it unless absolutely necessary.
A laptop can be secured, but the security both has to be built-in, and maintained. Files need strong encryption. Multiple layers of security risk detection tools are needed. Biometric authentication will identify only legitimate users.
Security staffs must develop a better understanding of how analysts work. Rather than simply excluding technologies, their goal should be to develop methods of applying IT that are so user-friendly that DI analysts can operate securely with as few hindrances as possible.
[edit] Challenges of compartmentation
Despite decades of trying to reduce the barriers between the Directorate of Intelligence and the Directorate of Operations (DO), sharp divides still exist. The DI and the DO, for example, have separate databases and separate IT architectures. Several DI analysts even told me that they had a better working relationship with their counterparts at NSA than with their own CIA colleagues in the DO.
The CIA already has experience that proves the gulf between the directorates is not inevitable. DI and DO personnel, for example, work well together in the Counterterrorist Center (CTC), which falls organizationally under the Director of Central Intelligence (DCI). In CTC, DI and DO personnel work side by side. As a result, DO officers treat DI counterparts like full members of “the team.” DI analysts in CTC have access to DO databases and tools that few analysts elsewhere in the DI can tap into.
Procurement protocols
Even if CIA managers agreed today to put a new computer, integrated software suite, and data links on the desk of every DI analyst, one would not see many changes for two to three years. This is partly because CIA acquisition is paced by the annual federal budget cycle, and partly because of the CIA’s own procedures.
No comments:
Post a Comment