To Serve and Die in Secret

Last Updated on Sunday, 3 January 2009 03:12 Written by Jeffreycarr Sunday, 3 January 2009 03:12

“One who has fully developed his mind knows his nature. Knowing his nature, he knows Heaven. By preserving one’s mind and nourishing one’s nature, one has the means to serve Heaven. When neither the brevity nor the length of a lifespan engenders doubts,  and one cultivates one’s person in an attitude of expectancy, one has the means to establish one’s destiny.” – Saigo Takamori

This post commemorates the seven CIA officers killed by a suicide bomber on December 31st, 2009 at Forward Operating Base Chapman in Khost Province, Afghanistan.

The attack occurred at dusk, which many indigenous cultures believe marks an intersection between the land of the living and the land of the dead. At dusk today, I’ll be lighting 7 candles to honor these intelligence officers who have not only died in the service of their country but for those who served under cover, did so knowing that their names would remain a secret even in death.  I invite the readers of this blog to do the same.

Sometimes IT can be a matter of life and death

Last Updated on Wednesday, 6 August 2008 09:59 Written by admin Wednesday, 6 August 2008 09:55

One of the few bright spots that came from Porter Goss’s brief run as Director of Central Intelligence at CIA was his appointment of Al Tarasiuk as Chief Information Officer, although it wasn’t until Goss’s replacement, General Michael Hayden, came onboard that Tarasiuk could begin to implement his vision.

Fortunately, thanks to CIO magazine, you can get an inside look at how IT is changing the way that the CIA manages its information requirements. Several of Al Tarasiuk’s peers, Lewis Shepherd and Bob Gourley have posted their views on Al’s work at their respective (and excellent) blogs. I see no reason to cover the same ground, but I did want to underscore what I thought was a thought-provoking conundrum raised in the CIO article.

Back in his office, in June, Tarasiuk looks across the edge of a conference table and says, matter-of-factly, “You know, one of the things we do here is we commit espionage. That’s the business we’re in.” The blandness of his delivery belies the statement’s heft: At the end of the day, his business is so atypical, his customer set unique, his data so sensitive, and his security requirements so exceptional that his job stands apart—way apart—from that of most all CIOs.

His day-to-day existence is one big balancing act: weighing the need to protect the CIA’s information—”absolutely protect that data,” he implores—and the need to share that information. “Because information that sits here and no one uses is worthless,” Tarasiuk says.

…

A CIA clandestine officer who works closely with Tarasiuk describes the CIO role as one that has to satisfy typical CIO obligations (delivering appropriate applications to users to make them more efficient) with one big catch. “Here’s the rub: He can bring all the efficiencies here, but [it's difficult] because of our unique security requirements,” says the senior national clandestine service officer, who declined to be identified, citing his active duty status at the agency. “I care about: 1. Security. 2. Functionality. 3. Efficiency.”

So the analysts need the ability to access and share highly sensitive, classified data. The collectors need to know that the data is not going to be compromised because the price of such a compromise is not merely the political embarassment of a leak, but a potential loss of life – perhaps even their own.

Does any security hacker speaking at Blackhat or Defcon this week trust their security algorithms with their life? If so, Al Tarasiuk might want to hear from you.

The Weekend Brief

Last Updated on Saturday, 2 August 2008 08:45 Written by admin Saturday, 2 August 2008 08:43

Two interesting articles and a video for your weekend reading/viewing. Enjoy!

Defense in a Wiki World: Military and Intelligence agencies look to harnass the data sharing power of new technologies while keeping the risks at bay.

This article provides pretty good coverage of the security issues surrounding the adoption of certain Web 2.0 applications, and a few solutions that are being considered.

Welcome to Web 3.0: Now your other computer is a data center.

The CEO of salesforce.com,Marc Benioff, provides the best definitions of Web 1.0 (“anyone can transact”), Web 2.0 (“anyone can participate”), and Web 3.0 (“anyone can innovate”) that I’ve seen to date. Benioff presents a compelling case that Web 3.0 is not about the so-called Semantic Web but about moving software from the desktop to the webtop. An interesting debate follows in the comments to his post. Personally I think his approach has merit. Semantic advances in Search including natural language programming, stylometrics, subjectivity analysis,  and entity extraction continue and improve upon the Web 2.0 world of user-generated content, community, and collaboration. The advent of Cloud Computing, however, is innovation in an entirely different way. Here’s Benioff’s description:

“For developers, Web 3.0 means that all they need to create their dream app is an idea, a browser, some Red Bull, and a few Hot Pockets. Because every developer around the world can access the same powerful cloud infrastructures, Web 3.0 is a force for global economic empowerment.”

Hidden in Plain Sight: The Secret History of Silicon Valley, or how Stanford, the CIA, and the NSA built the Silicon Valley that we know today. Check out the lecture by Steve Blank below.