Under Surveillance: How Does the CIA Keep Its IT Staff Honest?

Regular polygraphs, constant network monitoring and annual investigations are just some of the checks and balances that CIA workers have to face.

CONNECTIONS
Central Intelligence Agency
Thu, August 07, 2008CIO Be prepared to go through a lot of scrutiny if you want to work in the Central Intelligence Agency's IT department, says CIO Al Tarasiuk. And it doesn't stop after you get your top secret clearance. "Once you're in, there are frequent reinvestigations, but it's just part of process here," says Tarasiuk, who also gets polygraphed regularly, though he won't be more specific.

OHB CIA
CIA headquarters in Langley, Virginia

For those senior IT managers who are the "privileged users," meaning system administrators, "there is certainly more scrutiny on you," Tarasiuk says. "It's interesting: there's so much scrutiny that a normal person might not want to put up with that. But it's part of the mission."

There's so much top secret information contained within the CIA's systems that IT plays a key infosecurity role in making sure that CIA employees are not doing anything nefarious. There's also the persistent threat of foreign government intelligence agencies trying to break into the CIA's networks and databases. "We have a counterintelligence center that helps us with that," Tarasiuk says. "They are very concerned about foreign intelligence services that are interested in penetrating the CIA. Because of that we pay particular attention to the kinds of things we put on our network."

The CIA's networks aren't directly connected to the Internet. "We have a very closed network that's connected to an intelligence community enterprise," Tarasiuk says, "so I don't necessarily have the worries about the hackers from the Internet trying to break through."

What he does have to be concerned with is those who are allowed on the CIA's networks: whether it's a simple computing oversight by a CIA analyst or a disgruntled spy intent on selling top secret intel to Chinese government officials. "Anyone who logs into any one of our systems knows they are being audited, and we look for anomalies," he says. "We always have some worries about a rogue person on a network doing this. But we can catch them."

So you have caught people? "We catch people getting into places they shouldn't go, from time to time," Tarasiuk responds.

When asked about the fact that human beings are typically the weakest link in any IT system, Tarasiuk concurs. "Nothing's perfect. The system's not perfect," he says. "Some of [the infosec alerts] might be legitimate results of why they are doing it; some might be false positives. But for the most part we feel very strongly that we can detect when someone is doing something of a malicious nature."

See Part 1 (8/4/08): A business-IT alignment project like few others

See Part 2 (8/5/08): How IT moved to center stage at the CIA in the wake of 9/11

See Part 3 (8/6/08): The CIA's CIO navigates a tense line between making data visible and keeping secrets

See Part 4 (8/7/08): The CIA's efforts to use new applications and Web 2.0 technologies

Also see: "What It's Like to Work Overseas for the CIA's IT Group"
Loading...
Security MarketSpace
White Papers
Cost Effective Data Loss Prevention
Learn how Data Loss Prevention technologies can in fact be deployed in a cost effective manner. Learn more »
Data Loss Prevention and Enterprise Rights Management
Enterprise Management Associates highlights the complementary values of Data Loss Prevention and Enterprise Rights Management as a strategic approach to information risk control. Learn more »
Eliminate the Impact of Distance
Learn how to be prepared to adapt your environment in a way that supports distributed employees, anytime anywhere collaboration and the need for business continuity during a disaster. Learn more »
Webcasts
Why Data Loss is Increasing--and What You Can Do About It
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
Accelerate Your Virtual Environment
 Rapid Replication for Virtual Servers Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

Accenture IT Consulting: Enabling high performance. More...

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords