DIA
CTOs, Global Cyberwar and Our Collective Future
If you are a technologist, please take a moment to download the PDF of the report by the U.S. Commission on Cybersecurity. This report, titled Securing Cyberspace for the 44th Presidency, is the best proclamation of the challenges of cyber I have read. It is also a roadmap that will help any trying to navigate these very tough issues.
I've been involved in things cyber for a long time. My deepest
involvement began in December 1998, almost 10 years ago to the day.
In all that time I've seen lots of studies and lots of papers and many
treatments of the issues. But I've never seen one that captures the
complexities and the need for specific actions as well as this one.
I'd really recommend you read every word, if you want to be considered literate in this field. But if it will be a little while till you get to it, here are some key points:
The three major findings are: 1) Cybersecurity is now a major national security problem for the U.S., 2) Decisions and actins must respect privacy and civil liberties, and 3) only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will make us more secure.
The report makes a few points about the Bush Administration's Comprehensive National Cybersecurity Initiative (CNCI). In general the give credit to that initiative, and call it good. I agree, it is a great activity I've previously written about that is led by one of the most effective people in government today and has done great work. But as the comission points out, the work of the CNCI is good but not sufficient.
The biggest shock for me in this study: The amount of funding on R&D for cyber security. I have been looking into the many activities underway, and maybe that look made me deceive myself into thinking it was a well funded effort. According to the comission, however, they estimate that the total R&D funding in the federal government for cybersecurity is about $300million. Less than two-tenths of one percent of the total federal R&D.
The report has a great section on identity manangement.
I am convinced the organizational approaches outlined in the study are the right ones as well. There is only one place in our government where we can lead solutions to this challenge. Where is that? Hey read the report!
What else do I recommend CTOs do besides read the report? I think one way we can all help the cybersecurity effort is to think through which standards bodies are the most important to engage with regarding security. A few are here:
http://www.ctovision.com/2008/05/standards-organizations-ctos-should-track.html
Three Events of Federal CTO Interest: Will You Be At These?
FYI, in case your schedule will allow us to connect in person I wanted
to update you on a few events I plan on being at over the next few
weeks.
The Advanced Technical Intelligence Association TECHINT conference will
be held 9-11 Dec 2008. This conference focuses on the technical
dimensions of intelligence, and has a theme of "integrated
performance." The theme refers to the need to integrate capabilities
from all the agencies engaged in national security to better perform in
meeting our national security challenges. On 9 Dec I'll be speaking
at a panel on the real and growing threat in cyber space. There will
be no blogging or tweeting from the conference. But if you are going
to be there please drop me a note and lets connect in person there.
For info see http://masint.org
The AFCEA Solutions conference on Cyberspace will be held 10-11 Dec
2008 at the Ronald Reagan Center in DC. This conference will be
focusing on the challenges and solutions of cyberspace related to
national security. Speakers include Secretary of Homeland Security the
Honorable Michael Chertoff, The Deputy Secretary of Defense the
Honorable Gordon England, Assistant Secretary of Defense for Networks
and Information Integration the Honorable John Grimes, Ms. Melissa
Hathaway, senior adviser and cyber coordination executive for the
Director of National Intelligence, LTG Keith Alexander, Director of the
National Security Agency, Deputy Assistant Secretary of Defense for
Information and Identity Assurance Mr. Bob Lentz and Deputy Assistant
Secretary of Defense for Information Management Mr. David Wennergren.
I'll be speaking on a panel on Wednesday at 1530 on formulating a
common response.
-
This unclas conference follows a model that AFCEA has been using for
several similar events. They are actively seeking ways to enhance the
value of these conferences by leveraging more Web2.0 capabilities
before, during and after the formal presentations. Blogging and
tweeting from the conference is encouraged. You can visit the site at: www.afceasolutions.org/group
For the event schedule and program details can be found online here: www.afceasolutions.org
The US Army Intelligence Warfighting Summit will be held 15-17 Dec
2008. This one will also be a conference where blogging and use of
twitter is not appropriate due to the sensitivity of info discussed.
However, I would appreciate knowing if you will be going so we can
connect there in person. Speakers will include the most senior Army
intelligence leadership, plus Vice Admiral Bob Murrett from NGA, LTG
Alexander from NSA, and Scott McNealy from Sun Microsystems. For more
on the event see: http://www.ncsi.com/iws08/index.shtml
So, if you are going to any of these please let me know.
And please follow me on Twitter so I can send you a few bursts from the AFCEA conference. I'm at http://www.twitter.com/bobgourley
Cheers.
Collaborate and Deliver With More Cowbell
Participants in this week's Enterprise 2.0 conference, hosted by the ODNI's ICES group and the CIA's WIRe team, were treated to a shared experience that is hard to capture in a blog post. So I won't try. But I will say this, we all had some great collaboration and coordination lessons and context, and we were able to participate in creating that ourselves because the conference organizers established a great ambiance and gave us access to wiki's, blogs, twitters and WiFI that knitted that all together. I really appreciated being there.
One lesson I'd like to note now was underscored by Fred Hassani. Fred found a great way to make us all think about the variety of collaboration tools at our disposal. In a musical analogy he underscored how hard it can be to make music with instruments that don't traditionally play well together. But in a sign that the spirit of the community is strong, we all saw how a cowbell can make really really great music if you put your heart into it. And we the community of professionals can make use of any tools we are provided to collaborate, even if they are not our favorites. We will always make due and will always overcome. One way we will overcome is through mashups. Just like in music you can mashup piano's and cowbells, in IT you can mashup imagery data and SIGINT data and analytical data etc.
Which brings us to a great video that underscores this point– not from thte WIReICES conference, but from a group of spirited collaborators from SNL who many of us in the community look up to.
So please check this out and as you do please think of the IT tools in your enterprise. I guess the point made for CTOs is that we need an enterprise that allows mashups of all tools and all data. You never know when the maestro will call for more cowbell.
Day Three of the Synergy Conference
This is the third and final post on some observations from the 2008 Synergy conference (co-hosted by Stratcom).
The day opened up with a great update on operational intelligence in the modern age, with Mr. John J Powers of the Defense Intelligence Operations Coordination Center (DIOCC) providing a first hand look at the DIOCC, its mission, and recent successes. The question and answer period generated some great dialog and feedback and suggestions from some of the greats in the community, including Mr. Terry Casto and Ms. Lynn Schnur.
JJ's discussions were followed by a panel of CTO-types introduced by Ms. Nancy Wheeler of the GETA. Panelists included Mr. Malcolm Hyson (CTO Microlink LLC), Dr. Alex Karp (CEO Palintir Technologies), Dr. John Triechler, CTO Applied Signal technology), Mr. Guljit Khurana (President and CEO, Centrifuge Systems) and me.
Our panel was followed by the highlight of the day, a presentation by Dr. Prescott Winter, CTO of NSA. I capture some more detailed notes on his presentation below.
Dr. Winter was followed by CAPT Eva Scofield, the Director of Intelligence (J2) for JTF-GNO. This is the position I held from Dec 1998 till 2002. She did a great job of characterizing the threat. I hope all were listening and I hope the world remains alert and focused on this growing menance.
Closing comments were provided by the Stratcom's Director of Intelligence (J2), Captain Jeffrey L. Canfield, USN. Unfortunately, I had to miss that presentation to catch a flight. I imagine Jeffrey did his usual great job of both extracting the key points of an entire confernece and drawing conclusions we should all take away. I'll have to get with him later to see if he can get me up to speed.
Notes from Dr. Winter's presentation:
Dr. Prescott Winter, CTO/CIO of NSA, provided an overview of the NSA IT story and the many changes to the way we do business. He provided a very good, succinct vision and a compelling argument for continued change towards integration. He is fully aware of the great progress that has been made to date and does not discount that. But he knows more needs to be done and is helping us all move forward. We need to move more users into an integrated ops intel space where new information models can be used. The SIE, Single Integrated Environment, for example, is a new model and new operating environment.
A key vision has been to integrate what users see with what intelligence knows. This is an integrated ops/intel space that is serving the mission with an integrated picture that wraps the user. He is moving towards this vision by engaging today's architecture and looking for gaps and addressing those, engaging with industry to know more about the future of technology and how they can address gaps, integrating the NSA investment programs (as you identify stacks of services you must have investment plans that appropriately resource and optimize them). he is also engaging technologists from throughout the organization by working with PEOs and the AE of NSA.
Pres is working hard to move NSA from a net centric model to an info centric model. He is also changing the access model from compartment based to attribute based. On the issue of data ownership, he is doing everthing he can to change the old model of data ownership to data stewardship. This is a behavioral issue. On the issue of SOA and Services, he is moving the entire stack of IT to a services model.
Pres is a champion of the ODNI's info sharing strategy and vision and is working hard to help execute and implement. He is working hard to change attitudes and behaviors from need to know to need to provide. He is working to engineer solutions that will help make data discoverable and available to every member of the selected community that needs that information.
Day Two of the Synergy Conference
Today's sessions were an interesting mix of professionals from throughout the community. Some of the most interesting dialog was on organizational models of senior staffs.
For many years military strategists have pondered the best model for ops intel integration on senior staffs. The introduction to the argument generally mentions that the dominate structure today is like Napoleon's staff. Those who advocate keeping this model and those who advocate merging ops and intelligence into the same organization generally share the same goal of support to the mission and support to operational decisions.
Among COCOMs it was SOCOM that first began advocating for and then
changing their staff to ensure tight organizational coupling and then
integration of ops and intel, and they were successful, perhaps because
of their mission orientation and leadership of seniors on their staff.
But I also have to point out that over time their organizational model
actually returned to something that Napoleon would recognize today, and
there is a strong intelligence function on the SOCOM staff. STRATCOM
has also been a command famous for forward thinking and adjusting to
accomplish new missions assigned to them. Tremendous progress in
modernizing old command constructs was made over the last several
years. A key lesson learned from that, however, is that many of the
steps taken had the unintended consequence of lessoning the ability of
intelligence to support the mission, and no one wants operational
commanders to be served with sub optimized intelligence.
The
good news is STRATCOM has seen that and is taking steps "to return the
J2 position to the importance it once had" (see yesterday's post). I
should also point out that on the CENTCOM staff, which is coordinating
and executing some of the most critically important operations the
nation is conducing today, there is a very strong J2 function. Ops and
intel are functionally integrated at CENTCOM but it is a strong J2 that
ensures the integration, not experimental approaches to organization.
At CENTCOM, like at other operational staffs, the commander would never
give up his J2. That position is critical to victory in the most
important theater of operations.
Many organizations integrate ops and intelligence and do it well. For example, JSOC or CIA. Both are very operational organizations with very key intelligence missions, and both have long had and integrated ops/intel way of working.
We heard today of the SOUTHCOM model. There may be some great reasons for change there. They operate and plan for operations in a theater that is unique for many reasons. I don't have enough info to judge what they are doing, but I hope they are learning lessons from folks like General Ennis and SOCOM and CENTCOM and STRATCOM.
The highlight of the day, and maybe of the entire conference, was a panel and discussion the presentation on Web2.0 and enterprise services. The panel was moderated by Mr. Sean Dennehy, Intellipedia and Enterprise 2.0 Evangelist in the Directorate of Intelligence at the Central Intelligence Agency. His panelists included Mr. Drew Herrick, Deputy Technical Executive, Office of the Americas, National Geospatial-Intelligence Agency, Mr. Scott Yaroschuk, lead for Emerging Technologies/Collaboration for the Joint Staff J6, and Mr. John Hale, Chief of Solutions Delivery for the Intelink Management Office (which some now call the Intelligence Community Enterprise Solutions (ICES).
Sean provided a great overview of some of the Web2.0 capabilities the community is working with today, including:
* One of a suite of Web 2.0 tools including:
o Intellipedia for aggregation
o Intelink blogs for communication
o Tag|Connect (similar to the Internet's del.icio.us) for organization
o Inteldocs (a document management system for file sharing community-wide)
o Gallery (similar to the Internet's flickr)
o iVideo (similar to YouTube)
o Intelink Instant Messaging (IIM)
o Really Simple Syndication (RSS)
Although as a technologist I really appreciated his discussion of capabilities. Perhaps more important lesson was his capturing of three core principles for social software in the Enterprise. Three he lists are:
1. Work at broadest audience possible
2. Think topically, not organizationally
3. Replace existing business processes
Although Sean graciously credits ongoing Enterprise 2.0 academic studies with helping to codify these principles, I could tell he was speaking from the heart about them and the anecdotes he mentioned underscoring their importance.
Scott Yaroschuk continued to build on the presentation with real world examples of the use of these tools to improve and replace existing business processes on the joint staff. This change to business process is the greatest benefit of these Web2.0 tools. Drew Herrick provided example after example of communities of people coming together to solve hard challenges using these new tools, and every example underscored the key lessons Sean mentioned at the beginning of the presentation.
John Hale then led a standing-room only crowd through an in-depth examination of each of the Web2.0 tools provided by ICES. These capabilities are really changing the way things are done in the federal space.
Other presentations this day included a briefing/status report on the Secure Enterprise Datavault by Ms. Kristin O'Keefe of Army G2. The SED will be the first accredited mulit-level secure data repository for use throughout the DoD and the IC.
There were many other presentations today and many technology demos. I'll blog more on them later
Day One at Synergy Conference
This post provides a summary of day one of the STRATCOM Synergy conference. The conference is focused on integrating combat ops/intelligence implications for national intelligence processes. Conference leader Brigadier General Billy Bingham (USAF, ret) opened the conference by reviewing what was discussed last year’s Synergy conference. He also laid out the goal for this year’s conference, to keep moving things forward and to ensure we are “Integrating operations and intelligence so we can achieve our nation’s objectives in the most efficient means possible. ”
The morning included a presentation by the STRATCOM J5 (Brigadier General Mark Owen). He was followed by Major General Michael Ennis, Deputy Director of the National Clandestine Services for community HUMINT at CIA. The afternoon was filled with discussions and briefings that brought home the perspectives of operators from the Ops/Intel world, including a panel filled with ops/intel professionals which discussed lessons learned. Perspectives on ops/intel synergy on the front lines were provided by a seasoned Marine Corps professional. Key areas where ISR models clash were highlighted by a seasoned Air force ISR Colonel. An update was provided on army operational intelligence.
The following provides some takeaway’s from the discussions:
Brigadier General Owens mentioned the many missions of STRATCOM, including nuclear deterrence, and also cyberspace. In his view, STRATCOM’s mission in cyber is to ensure freedom of action in cyberspace. He also signaled a strong intention of the Commander, STRATCOM to return the J2 position to the importance it once had. He also signaled a strong intent to do that while integrating ops and intel into the mission. He talked about the terms he likes to use, those of intelligence and warfighters, since the operators are warfighters.
General Ennis gave personal stories underscoring how important it is for ops and intel to work together. He said great staffs have always worked that way and now at CIA it is all ops and intel together, at JSOC it is all ops and intel together. He thinks it is wrong to use the old models of ops and warfighters. That too frequently forces a separate structure. In the old days there was an ops cell and an intel cell and they were separate. Today, in efficient operations, the intel and ops cells are together. General Ennis is a strong believer in new tools and thinks three in particular are dramatically changing the way we are working together. Blogs, Wikis and the class of tools that lets users go after content in search vice just headlines. By Blogs and Wikis he meant the many open source/Internet based wikis that can provide context and situational awareness. For example, the MCIA cultural intelligence initiative makes extensive use of these tools. He also provide some thoughts on the term “information sharing.” There are things he doesn’t like about that term because sharing implies the data is yours to own and to decide when to share. He believes in joint interagency platforms for ensuring responsiveness, relevance and unity of effort. Regarding Open Source, he would like to see an interagency open source center that is focused on hard problems. Regarding IT, he believes a common IT backbone is critically important to mission success.
The afternoon speakers hit on many great topics related to ISR and the different cultures in the Services and how they clash over ISR. There were many great stories and lessons, and several meaty recommendations. But the bad news is all the stories sound the same as they have for years and the lessons learned are the same ones we have been relearning for years. I guess the point of the conference is that we need to embody those lessons somehow.
More later
CIA IT Leaders Are World Class IT Leaders (continued)
CIO magazine continues its reporting on the IT enterprise at CIA and the CIA's CIO (Al Tarasiuk). I have little more to add: My comments from before still stand: Al is a world class leader and this follow on report just underscores that. I imagine Al is similar to other great CIOs from industry (folks like HP CIO Randy Mott, for example) and my old boss Mike Pflueger of DIA. These leaders must wrestle with far more than technology (they can hand of the easy technology stuff to CTOs, right?). In story after story of the great CIOs I note that they spend a great deal of time on culture, policy, process and human factors.
For continuity I wanted to provide the link to the rest of the story. It is here: http://www.cio.com/article/print/441688
Bob
I hope to see you at the Synergy Conference
The second annual Synergy Conference and expo will be held 12-15 August 2008 at Marco Island, FL. Last year’s conference provided a great way for participants to learn from each other and interact with speakers from both operational and intelligence backgrounds. I sure enjoyed it. It was one of my last official events before leaving DIA. I had a couple speaking parts, so I got to solicit feedback on my views of the future of technology, and I really appreciated that. But it was also really enjoyable to be on a panel led by Col Montgomery that let me interact with John Marshall of JFCOM, LTC Mahoney of NRO and Ms. Lynn Schnurr of the USA G2 (she is the CIO for G2).
I also spoke on a dinner panel with General Clapper and Rita Bush. What an honor to be seated next to them.
And then I ended up on a third panel moderated by Lewis Shepherd that included Rita Bush, Gayle von Eckartsberg and David Chaffee. I enjoyed that panel the most. Ten minutes before the panel Lewis reminded me that I should have graphics. No worries, I said, I’m a trained Naval Intelligence officer, I can produce graphics almost instantly. The result was the attached.
A key graphic in the presentation is shown here. This graphic is my list of who is wired and who is tired in enterprise technology. On the tired list, Acquisition Executives. They have a hard hard job that is thankless most of the time, largely because of the constant mission demands, the horrible government system they have to work in, and the fast pace of technology that is making them less relevant.
In my comments I mentioned that because of the rapid pace of technology and the increasing tech savvy of power users and the ability for users to “mashup” their own solutions, “Acquisition executives are becoming increasingly irrelevant to the delivery of capabilities to end users.”
I didn’t mean for that comment to generate drama, but it seemed to do just that! Friends/allies/associates in the audience went wild with the remark. Then my comrade and community leader Kevin Meiners asked me for my handwritten notes and used them in introducing Jennifer Walsmith, the Acquisition Executive for all of NSA! Much to my surprise, Jennifer agreed with me that things are getting harder on the acquisition community and there is a great need for change.
This year I’ll be spending most of my time watching/listening/visting the expo floor, but I do have a few brief moments on a panel and look forward to seeing how I can insert some drama/controversy to the proceedings.
Anyway, if you can make it to Synergy, please come. If you can’t make it, please stay tuned to the blog. I’ll try to capture interesting parts in future entries. I’ll also plan on posting to Twitter while there, so please sign up for your Twitter account and connect to me there at http://twitter.com/bobgourley
More on Synergy:
The 2nd Annual Synergy Conference and Expo
will provide a unique forum to highlight advances the Intelligence and
Operations communities have made in support to military operations in a
tactical wartime environment and how these may reform national-level
processes. It will give front line Operators, Key Decision Makers,
Intelligence professionals, Technologists, and Academia the opportunity
to learn from and work with experienced tactical-level representatives.
In conjunction
with U.S. Strategic Command (USSTRATCOM), the Government Emerging
Technology Alliance (GETA) is planning an event that will focus on:
-
Changes occurring and envisioned in the relationship between Operations
and Intelligence as a result of lessons learned from current wartime
activities. - Each of the Uniformed Services
sharing their front-line experiences and providing thought provoking
ideas about the critical need for change in an agile operational
environment. - Insight into activities at the
Commands and National Intelligence Agencies with the critical
challenges of better integrating Operations and Intelligence activities
during a period of Irregular Warfare.
Microsoft Surface uses Jet to accelerate demand
This is the third of three blog posts on technologies encountered during my visit to Redmond. This one is on Microsoft Surface.
(First a note: although this is about Surface, Microsoft also announced another hot capability called Sphere. For more on that see the blog of the CTO of Microsoft’s Institute for Advanced Technology in Governments- Lewis Shepherd)
Microsoft Surface is something you may have heard about in the press. For
those of us who experimented with technologies like the “Touch Table”
from Applied Minds we already have familiarity with the basic concepts.
You interact with data using your hands. But there is something dramatically different with the Microsoft Surface.
The biggest thing is that it is designed from the ground up to work with the rest of the technology stack.
You need smart programmers and integrators still, but it is easy
for technologists to work with this system so it will very likely
proliferate.
Many software packages already exist for it, and more are being written all the time.
It will be used in the National Security space really soon.
It is just a matter of time before it is. And its cost will ensure that it is widely used.
CTOvision Blog 