Major challenges await John Brennan, President Obama's nominee for CIA director, if he gets the nod from Congress. The agency is reeling from the Petraeus scandal and intelligence failures in Benghazi, and critics question its expanding use of armed drones.
At the same time, the CIA is deeply involved in one of the most complex and sensitive technology projects in federal government, one that could help it operate more smoothly if all goes well -- or become yet another federal IT boondoggle if it doesn't. The initiative aims to evolve the 17-member U.S. Intelligence Community from agency-specific IT silos to an enterprise environment of shared services and systems. The first deliverables of that project, a standard PC desktop and cloud computing infrastructure, are due this quarter.
The initiative is called the Intelligence Community IT Enterprise, or ICITE, and it's been under way for 12 months. It's rooted in federal cost-cutting efforts -- a big chunk of the $75 billion spent annually on national and military intelligence goes into IT systems and support -- yet ICITE also promises to improve information sharing and data security across intelligence agencies.
Al Tarasiuk, the CIO of the IC, is spearheading the project, working with the CIOs of the CIA, the Defense Intelligence Agency, the National Geospatial-Intelligence Agency, the National Reconnaissance Office and the National Security Agency. Those agencies, the "Big 5," account for the bulk of U.S. intel spending.
Tarasiuk discussed the strategy in an interview with InformationWeek Government a few months ago at the Office of the Director of National Intelligence in McLean, Va., where he reports to director of national intelligence James Clapper. Before joining ODNI in 2011, Tarasiuk was CIO of the CIA. Our meeting took place at ODNI headquarters, located next to the National Counterterrorism Center. Brennan, the nominee to become CIA director, was director of the NCTC earlier in his career.
I mention those overlapping affiliations as a way of illustrating why ICITE makes sense. Intelligence agencies already share information and resources, and the goal is to get them to collaborate more. A cross-agency enterprise IT strategy should facilitate that.
Here's how it will work: The CIA and NSA will open their cloud environments to other intelligence agencies. The DIA and NGA will develop and support a common desktop across the IC. Applications will be developed using a common set of tools -- the Ozone Widget Framework -- and made available through an NSA-managed "apps mall." Encryption and data tagging will allow for secure information sharing.
In this model, the Big 5 agencies become service providers to the IC, with the benefits of increased efficiency, standardization and governance. Tarasiuk is borrowing from the agile development approach to define requirements in three-month increments. The second half of 2012 was devoted to design and testing; ICITE's initial capabilities are scheduled to be operating by April.
The goal is to reduce intelligence agencies' aggregate IT spending by 25% within five years, by the beginning of fiscal 2018. Savings are expected to come from lower labor costs (both staff and contactor) and volume deals on software and hardware.
The project requires more integration than new software development. But beyond technology implementation, success will require a degree of cooperation that doesn't come easy to spy agencies. "I don't want people to underestimate the cultural changes that will have to exist," says Tarasiuk. "It's going to get nasty. It's going to be dirty. There are going to be fights."
The IC has no choice but to make it work. Not only are agencies under pressure to do more with less, but a recently released White House directive -- the National Strategy for Information Sharing and Safeguarding -- will work only if the underlying infrastructure exists to support it. The strategy is tied to the Intelligence Reform and Terrorism Prevention Act and the National Security Strategy, and its goals include increased use of common processes and shared services for handling sensitive and classified information.
Brennan, who advises Obama as deputy national security adviser for homeland security and counterterrorism, knows these issues as well as anyone. He played a key role in two of the most defining events in post-9/11 national security, one negative and the other positive: the failure to connect the dots on Christmas Day 2009 when Umar Farouk Abdulmutallab, a.k.a. the underwear bomber, slipped through security and attempted to detonate a bomb on a Northwest Airlines flight; and the intelligence bet that led to the killing of al-Qaida leader Osama bin Laden.
Tarasiuk points to the bin Laden example as evidence of increased collaboration among intelligence agencies, and he argues that an enterprise IT strategy will further those efforts. "It took a lot of intelligence from various sources to pull that together," he says. "We're working in a more integrated way than ever before, thus the need for more integrated systems and applications." (Tarasiuk first spoke publicly about ICITE last May at InformationWeek Government's Government IT Leadership Forum. See the video below.)
Tarasiuk will need the support of the new CIA director to keep his project on track. "I have statutory authority for enterprise architecture and other things, but at the end of the day, those authorities mean nothing if you can't engage people and work with them in designing these plans," he says. Once ICITE was approved, one of his first steps was to form an executive committee of agency deputy directors to provide oversight.
Of course, the dependencies go both ways. If Brennan is approved, he may find that his organization's effectiveness hinges on an enterprise IT plan that's just hitting its stride.
Informationweek.com run-of-site player, used to publish article embedded videos via DCT. The same ads will be served on this player regardless of embed location.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.