Inside the CIA's Extreme Technology Makeover, Part 3

The CIA's big IT revamp required a resetting of relationships among IT and operations leaders, getting the mission side of the agency involved in data-sharing discussions and project management. And the CIA's CIO found himself navigating a tense line between making data visible and keeping secrets.

"You will sit at the table"

Al Tarasiuk's appointment as the CIA's CIO took place on Oct. 1, 2005 (former Director Porter Goss appointed Tarasiuk). In his first year, however, Tarasiuk was seemingly handcuffed. "I had ideas [about transforming IT] when I first became CIO," he says, "but the environment wasn't aligned in a way where I could launch on these ideas."

Since CIA Director Gen. Michael Hayden took over in May 2006, the "transformation" theme of the Tarasiuk era has not been subtle or kept quiet inside IT on a mission statement: Cut the bureaucracy and be more businesslike via stronger IT governance, more disciplined project management, greater data sharing and more openness to try new technologies. Hayden has demanded as much.

"What we had prior to that was some configurations of corporate [IT structure], but we didn't have the business side—what we call the mission side—really fully engaged in big decisions about how we spent our money on IT, how we deal with information policies and things like that," says Tarasiuk, whom Hayden realigned to a direct report when he took over. "My role was to do that."

Tarasiuk created and chairs an Information Governance Board, which meets quarterly or as needed to make the strategic IT decisions for the agency. Hayden "demanded that because of the problems we've had in the past, because of who actually participated [in making IT decisions], he said to the business leaders, the mission managers, 'You will sit at the table,'" Tarasiuk says. "So the support of the top leadership has been very important in making sure that board is effective."

The four divisions inside the CIA are: Directorate of Intelligence (the analysis arm); the National Clandestine Service (the spies); Directorate of Science & Technology (which develops technologies to support the mission—think "Q" from James Bond movies); and the Directorate of Support (HR, finance, logistics, legal and other functions). For the most part, these CIA leaders appreciate being involved in the IT decision-making processes, Tarasiuk claims, even though "not all of the decisions go their way."

For example, Tarasiuk forged what he calls an enterprise data layer strategy that enables those who have need and permission to access CIA data can do so. One part of the strategy is IT-related: Tarasiuk notes that service-oriented architecture (SOA) technology has been one key piece.

The other, and much more difficult, part has been process change. "We're making corporate policies on how data is going to be managed, and we're not going to allow little fiefdoms anymore," he says, "where data is managed and protected and policy and regulations are set by some local manager at the lowest levels of the organization."

1 | 2 | 3 | 4 |next page »

Comments

More from IT Drilldown « Back to Applications

Articles

Two Approaches to NFC Battle for French Hearts and Mobiles

FCC: Internet Program for Deaf Cheated Out of Millions

Five Reasons the Google Chrome OS Will Flop

Techies Gather for a Lunch to Save the World

Why Chrome OS Will Fail -- Big Time

Microsoft Windows Chief Decries Standards Grandstanding

BMC Takes Service Desk to the Cloud Via Salesforce.Com

FAA Glitch Shines Spotlight on Troubled Telco Project

Enterprise Newsletter

Recent Articles

Inside the CIA's Extreme Technology Makeover, Part 1

Inside the CIA's Extreme Technology Makeover, Part 2

Who Is Al Tarasiuk?

What It's Like to Work Overseas for the CIA's IT Group

Inside the CIA's Extreme Technology Makeover, Part 4

Under Surveillance: How Does the CIA Keep Its IT Staff Honest?

Applications MarketSpace

Practical Approaches for Securing Web Applications

Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don't understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Learn more »

Smart techniques for application security: whitebox + blackbox security testing.

An Executive's Guide to Web Application Security

Since so many Web sites contain vulnerabilities, hackers can leverage a relatively simple exploit to gain access to a wealth of sensitive information, such as credit card data, social security numbers and health records. It's more important than ever to examine your Web application security, assess your vulnerability and take action to protect your business. Learn more »

Web Application Vulnerabilities

Security managers may work for midsize or large organizations; they may operate from anywhere on the globe. But inevitably, they share a common goal: to better manage the risks associated with their business infrastructure. Increasingly, Web application security plays a significant role in achieving that goal. Learn more »

Using ERP To Gain Competitive Advantage in a Tough Economy

For midsize enterprises, now is the perfect time to invest in a significant IT expansion - despite the economic climate. Learn more »

Why BI is Ripe For Businesses of Any Size

Oracle's range of offerings to mid-size and emerging companies reflects its vision that BI and EPM solutions can be embraced by companies of all sizes. Learn more »

Oracle Accelerate

Ovum has been following Oracle's Accelerate program over the last couple of years because they thought it is a smart strategy for penetrating the upper mid-market. Learn more »

The New Age of ERP

Not only can small and mid-sized companies reap the renowned ERP benefits of greater agility, increased business visibility and measurable ROI. Learn more »