http://www.canada.com/technology/story.html?id=C803EBCB-F6A4-435B-B1A1-6D5B4F84172E [ http://www.cia.gov/csi/studies/vol47no1/article07.html - WK] Joseph Brean National Post June 10, 2003 The Central Intelligence Agency is so afraid of losing sensitive information to hackers that its analysts work on outdated and poorly integrated computers, according to a newly declassified report. Today's average CIA spy uses very little fancy gadgetry, the report suggests, and relies instead on a simple workstation built around two computers and two telephones -- one each for secure and unsecure correspondence. But in the agency's deep-rooted culture of suspicion, even the secure computers are bogged down in security protocol. Some files cannot be shared, some cannot be updated, and still others cannot be searched, the report says, and until recently, even Palm Pilots were banned from CIA facilities. All of this has left security analysts struggling to cobble together their reports with incomplete information. When it comes to computer security, the report reads, "hardly anyone asks whether a proposed rule will affect the ability of analysts to do their work." Bruce Berkowitz, the retired officer turned academic who researched the CIA's computer systems for an internal journal, said this institutional paranoia has left CIA analysts five years behind their peers at other government agencies in terms of tech savvy. His report chronicles the inability of security analysts to efficiently share files on ongoing matters or to quickly compile dossiers on breaking issues, such as missile proliferation in an unexpected country. This "technology gap" was brought into stark relief after Sept. 11, 2001, he said, when scores of analysts were re-assigned and "the process was anything but smooth." His conclusion, which comes as the CIA is planning sweeping computer upgrades, is at odds with the widespread, Hollywood-inspired perception of the Agency as a veritable fortress of the highest technology. In reality, the CIA is wary of computers, Mr. Berkowitz writes, and the strength of its fortress is built on an irrational fear of "bogey-men" that compromises efficiency. "Despite what one sees on TV, there is not much 'gee wiz' software at the typical DI analyst's desk. A few analysts use some specialized tools for sorting and displaying data [e.g., terrorist networks], and analysts who cover the more technical accounts use computerized models [e.g., analyzing the performance of foreign weapons]. But these are the exceptions," he wrote. Even the proposed upgrades do not offer much hope, as bureaucratic hurdles will stretch this process out over at least three years. Reg Whitaker, a professor at the University of Victoria specializing in security matters, called the tension between technology and security a "basic contradiction" of security analysis. He said the standard response has been a "culture of need to know," a compartmentalization of information that can be secure but also highly restrictive for anyone who uses the information. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 11 2003 - 01:41:54 PDT