Inside the CIA's Extreme Technology Makeover, Part 3
The CIA's big IT revamp required a resetting of relationships among IT and operations leaders, getting the mission side of the agency involved in data-sharing discussions and project management. And the CIA's CIO found himself navigating a tense line between making data visible and keeping secrets.
Of course, verifying the CIA's claims about virtually anything outside the purview of the CIA is tough to do. For example, the Government Accountability Office (GAO), the auditing watchdog of Congress, which investigates the performance of the federal government, including IT operations, has been severely limited in its oversight of the CIA and other intelligence agencies.
In testimony before Congress in February 2008, the GAO's comptroller general of the United States, David Walker, testified that with Congress's approval, the GAO "could evaluate some of the basic management functions that we now evaluate throughout other parts of the federal government, such as human capital, acquisition, information technology, strategic planning, organizational alignment, and financial and knowledge management" at intelligence agencies, like the CIA. However, Walker added that, at the time, "we foresee no major change in limits on our access" to those agencies.
As Orr sees it, outside inspection of the CIA isn't likely to happen soon. "Secrecy makes it hard to really know what's going on," Orr says, "but you cannot remove the secrecy from the organization."
"If the data and names get out, people die"
Back in his office, in June, Tarasiuk looks across the edge of a conference table and says, matter-of-factly, "You know, one of the things we do here is we commit espionage. That's the business we're in." The blandness of his delivery belies the statement's heft: At the end of the day, his business is so atypical, his customer set unique, his data so sensitive, and his security requirements so exceptional that his job stands apart—way apart—from that of most all CIOs.
His day-to-day existence is one big balancing act: weighing the need to protect the CIA's information—"absolutely protect that data," he implores—and the need to share that information. "Because information that sits here and no one uses is worthless," Tarasiuk says.
So as he goes about serving his customers (Tarasiuk prefers "partners"), he deals with spies', analysts' and other departments' sometimes conflicting infrastructural and application demands. He relies heavily on the Information Governance Board and the enterprise data layer process, but "it's a hard place to be," he says, "because you never make anybody happy."
For example, there has long been tension between the collectors of information (the "ops" or clandestine personnel) and the analysts who try to make sense of it. "Despite decades of trying to reduce the barriers between the Directorate of Intelligence (DI) and the Directorate of Operations (DO), sharp divides still exist," noted Bruce Berkowitz, a former CIA officer who, from 2001 to 2002, studied how CIA analysts used information technology. "The DI and the DO, for example, have separate databases and separate IT architectures. Several DI analysts even told me that they had a better working relationship with their counterparts at NSA than with their own CIA colleagues in the DO."
