The CIA is undergoing a major transformation, and IT is playing a leading role. In Part 4 of our inside look at the agency, we look at how the CIA is working to “play nicely” with the 15 other intelligence agencies. We also describe the IT department that CIO Al Tarasiuk leads and why he’s protective of them and their efforts.
“How to entice people to play”
Until 2004, the CIA was the de facto lead intelligence agency-the CIA director briefed the president every day. The CIA “fiercely opposed” the creation of the Directorate of National Intelligence (DNI) in 2004 before the CIA became just another one of the 16 agencies reporting into DNI, just as the U.S. Coast Guard’s intel division does, according to a New Yorker profile of DNI chief Mike McConnell.
Other organizations that are a part of the DNI and are now required to share intelligence among the community include: the FBI, the Pentagon’s Defense Intelligence Agency (DIA), the National Security Agency (NSA), the National Reconnaissance Office (NRO) and the National Geospatial-Intelligence Agency (NGA). CIA CIO Al Tarasiuk says that he meets with the CIOs of those five agencies regularly to talk about building out the “connectivity tissue” to each other as well as share ideas on how to “entice people to play” and share more information.
One of the more notable successes that the CIA has delivered to the intel community is the Intellipedia product, which was introduced in 2006. Based on wiki software, Intellipedia allows analysts in all 16 organizations in the intelligence community to share Web-based information on critical topics and search for intel expertise on a wide range of subjects, such as who’s got expertise on Burundi. Unlike Wikipedia, there is no anonymity: Everyone is authenticated onto the system and quality control is high, reports Ken Westbrook, chief of business information strategy in the CIA’s intelligence directorate.
So far, there are more than 40,000 registered users who have made 1.8 million page edits on more than 300,000 pages in the system. (Before Intellipedia, Westbrook says, “you’d have to send e-mails through lots of people and hope that they read them.”) Still, not everyone has rushed out to embrace Intellipedia, and the difficulties of the change, note CIA officials, have been more cultural than technological due to the long-standing rivalries.
Half of the CIA’s workforce is relatively new to the agency (applications poured in after 9/11) and many old-schoolers are getting ready to retire. The CIA is trying to get those ready to depart to dump their intellectual capital into systems like Intellipedia. In fact, Westbrook claims that one of the most prolific users of the system has been a 69-year-old employee preparing to retire. (CIA IT also uses wikis to keep track of project management.)
Other efforts rolled out or revamped within the past year show that the CIA is, at the very least, opening up the network connections to other agencies and offering more CIA “product,” as Tarasiuk terms it.
One of these efforts is called CIA Wire. CIA Wire is a communications conduit the agency uses to disseminate its intelligence (through private networks) to the JWICS, or Joint Worldwide Intelligence Communications System, and the Department of Defense’s secret-level network called SIPRNet (or Secret Internet Protocol Router Network).
“We now have a single agency-branded presence on those two sites, and that’s how we disseminate-very much like a news outlet-fresh information, managed content and also some of our traditionally disseminated products,” Tarasiuk says. “It’s a huge deal for us.” He says users can click on categories that contain intelligence and analysis on specific regions, such as Southeast Asia.
“We put the analysts in a room with the developers to work this out”
The CIA also boasts of grassroots Web-driven efforts that are sprouting up inside the intel community. One such effort is called Samizdat (which is a Russian word for self-publishing) and is a collaboration among the intelligence community analysts who follow Russian affairs that the CIA funded and provides the networking capabilities. The website incorporates Web 2.0 technologies, like blogs and wikis, breaking news intel and video.
Westbrook notes that the idea bubbled up from the analysts themselves and was funded from a special CIA budget for just such a thing, and the project moved quickly by using agile development methods. “We put the analysts in a room with the developers to work this out,” he says.
Westbrook said he expects more user-driven efforts just like it in the future, which is similar to what many other private-sector businesses are seeing today-the growing adoption of consumer-driven IT applications and tools that come from outside of IT’s purview. However it’s likely to be a bumpy process: in CIO’s annual consumer technology survey, 54 percent of IT leaders surveyed deemed consumer applications “inappropriate for corporate use” despite their widespread acceptance by younger workers. Analysts such as AMR Research’s Jonathan Yarmis, however, contend that banning social networking technology inside organizations is a losing battle.
At the CIA, the technology expectations from the influx of under-30 staffers have not always synced to the stringent security requirements. In some cases, they expect IT to be “very much what they see on the outside before they drive through gate,” Tarasiuk says, “and some have been disappointed.”
According to government watchers, the CIA and other intelligence agencies with strict security policies are going to only hear more about the necessity of Web 2.0 and Google-like features in their applications as government collaboration is linked even more to information-sharing successes.
Lena Trudeau, a program director at the National Academy of Public Administration (NAPA), an independent Washington, D.C., government advisory group who works to foster government collaboration, says, “When I look across the 16 intelligence agencies, and the DNI is included in that bucket, and I see the way they’re beginning to embrace new tools to communicate across these organizations, my belief is that that does not weaken any one organization. I think it strengthens all of them.”
“They were resilient to the change”
Inside the CIA’s IT department, the one constant has been the frequency of change. Enemy. No enemy. New enemy. Funding. No funding. New funding. Staff. No staff. New staff. (Much like the CIA overall, almost half of the IT workforce is new since 9/11, and many are under 30.) “We don’t reorganize every other month,” Tarasiuk says, “but we have had some significant ones.”
He describes a period of time after 2001 when IT was centralized, decentralized, split into various groups with different CIOs, and then all consolidated under his direction in October 2005. “The workforce, they had been through this so many times that they were resilient to the change,” he says.
Tarasiuk says that IT staffers go through “a lot of scrutiny” to join CIA. “And by the way, once you’re in here, we continue to scrutinize them, particularly those that have additional privileges,” he says. “It’s not unusual for some of those people to go through an annual investigation and polygraph, when you’re talking about sensitive data.” (Tarasiuk also gets polygraphed.) Tarasiuk describes his IT staffers as “agile, adaptive and able to move with the organization no matter where the mission goes.”
Mission is above all else, he says, and political beliefs contrary to mission are to be checked at the gate. “Our people are very good about focusing on the mission and not worrying about all that stuff,” he says. “When they’re here, they’re focused on getting the job done because the mission is priority to them.” (To see how the CIA IT watches its own, see “Under Surveillance: How Does the CIA Keep Its IT Staff Honest?”)
Tarasiuk also has to deal with the intense public and media scrutiny that comes along with working at an agency that is covered in media reports related to the alleged torturing of detainees in the war on terror. He defends his agency and watches over his staff closely, instructing them to focus on their mission. “We’re a secretive intelligence service, so we know things here that we can’t talk about, and a lot of it is very, very positive,” he adds.
Over several interviews, Tarasiuk appears very protective of his staffers. When asked how he keeps IT workers’ focus on the mission at hand and not on CIA controversies (such as allegations that CIA officers tortured detainees at various “black sites” around the world), Tarasiuk is resolute. “Because of the history and things that have happened in the past, it’s always going to be a lightning rod when there’s a discussion about this agency,” he says. “One of my roles that I take very seriously is to isolate our folks from the stuff that gets put out that’s not true. I basically tell them not to worry about it and focus on mission.”
The mission since 9/11 created a new intensity and pace that were foreign to many inside IT. The “ops tempo” quickly became 24/7/365. “We’ve got to keep systems up no matter what,” Tarasiuk says. This had always been the case for those IT assignments outside headquarters, and now it has permeated the entire organization. (To read an interview with one CIA IT worker who has spent years overseas and in war zones, see “What It’s Like to Work Overseas for the CIA’s IT Group.”)
Extracting specifics about the IT workforce he manages is difficult. He can’t talk about the number of staffers, size of his budget, or specifics of networks and most applications. (He uses the word “stuff” a lot to describe things.) “I can’t get into specific details about what we use,” Tarasiuk says, though he does offer that his is a Microsoft shop, and they use Sun systems and other Linux-based platforms.
In Legacy of Ashes: The History of the CIA , author Tim Weiner offers a scathing account of the CIA’s history that mostly recounts its epic failures of incompetence and the occasional success. ( The CIA took issue with the “selective citations, sweeping assertions and a fascination with the negative,” which it has said of Weiner’s 2007 book.) One of the long-held views about the CIA (which Weiner terms a “myth”) is that all the CIA’s successes were kept secret, and that only its failures were trumpeted. When asked, in his office, if that statement was just as applicable to inequities of leading an IT organization today, Tarasiuk gives a knowing, polite smile but doesn’t directly respond to the question.
In a later conversation, however, Tarasiuk offers that “the problem with our organization is that we can’t talk about all these things.” He says, “I think if the American public knew how effective this organization is, there would be a different tone.”
“It doesn’t get any easier when there’s a change of administration”
From now until Jan. 20, 2009, when a new president takes office, Tarasiuk will continue to build on his successes (“It’s only the beginning for us,” he says) and IT’s standing inside CIA, knowing full well that more change is inevitable. “It doesn’t get any easier when there’s a change of administration,” says Ken Orr, principal researcher at The Ken Orr Institute and a former member of the National Research Council (NRC) committee. “It’s not a bad time to finish things, but it’s a really hard to time to start things.”
A looming budget downturn for the CIA is expected, Tarasiuk says, and he’s concerned about maintaining the same level of service and delivery that everyone has become accustomed to. Lastly, there is still a war going on and a terrorist threat that has been weakened but is still, as described by the 9/11 Commission, “sophisticated, patient, disciplined and lethal.”
Back inside in his office, splayed out in front of Tarasiuk on a conference table, is a mix of glossy, government-issued strategic road maps. He touches all of the booklets: “National Strategy for Information Sharing,” courtesy of the president in October 2007; “United States Intelligence Community Information Sharing Strategy,” from the director of national intelligence’s office in February 2008; and “Strategic Intent: 2007-2011,” the CIA’s road map for the next five years. Last is Tarasiuk’s own contribution to the group: “CIA Enterprise IT Strategic Plan: 2007-2011.”
“All this means change. This is huge change for us. OK?” Tarasiuk says. “But we’re doing a lot of things as a government to make sure that we don’t have another incident, at least one that’s not attributable to a lack of sharing data.”