Inside the CIA’s Extreme Technology Makeover, Part 1
Al Tarasiuk, the CIA's CIO, is on a mission to modernize the agency's IT practices and connections to the intelligence community. It's just like any other IT-business alignment project, except that he has to get disparate departments to share data while supporting the White House's war on terror.
By Thomas Wailgum
It’s not often that a media organization is invited down to the Central Intelligence Agency’s furtive headquarters in Langley, Va. But that’s exactly what the CIA offered CIO: a rare, exclusive look inside the CIA’s IT-driven transformation, led by CIO Al Tarasiuk. In his first-ever media interview, Tarasiuk detailed the CIA’s dire need for organizational change and how IT is aiding in the CIA’s post-9/11 mission.
Over the course of a two-hour interview and several follow-up conversations, Tarasiuk offered an unclassified report on how Web 2.0 technologies, agile project management and strong IT governance are enabling the CIA to share more information inside the enigmatic, controversial agency and collaborate more effectively with its 15 intelligence agency peers.
“The system was blinking red”
You don’t just walk into the Central Intelligence Agency to interview its CIO, as you might with some other CIO, at some other company, in some other nondescript office park.
The drive down Rte. 123 through the woodsy and warm Northern Virginia suburbs on this June morning is surprisingly tranquil. And then, just before you turn in to the George H.W. Bush Center for Intelligence, you remember that at this stoplight, in 1993, a Pakistani man named Mir Aimal Kasi fired his AK-47 into a line of waiting cars, killing two CIA employees and wounding three others. And, once you pass through the security checkpoint, that these CIA employees you drive by have colleagues who are hunkered down somewhere in Afghanistan or Iraq or wherever else CIA spies and IT support staff are gathering intelligence for the White House and Pentagon.
Security for visitors is frequent and tight. Your name? Your contact here? Your Social Security number? Your cell phone, please? But then, there is Al Tarasiuk, in a sizable, comfy seventh-floor corner office with a sprawling view, flanked by two public-affairs people and his chief of staff. By looks—he is 50 years old, tall and dressed in a conservative shirt and tie—he could be the CIO of any large multinational. On his bookshelf sit The Big Switch, The New CIO Leader, Enterprise Architecture As Strategy, among other titles.
Nearly three years into his term as CIO, one of Tarasiuk’s most critical duties has been, in fact, to infuse more corporate-like thinking into the CIA’s IT operations and staff. “My boss,” Tarasiuk says of CIA Director Gen. Michael Hayden, “asked me to establish ‘corporate everything’ for IT—to the extent possible.”
But then, just as easily as Tarasiuk discusses agile development and SOA and IT governance—typical CIO stuff—he solemnly switches to the harsh realities of his particular line of business. When asked about information-sharing failures surrounding 9/11, he chafes a little. “I won’t comment on how we got to 9/11,” he says, “but I can comment on how we’ve improved since that.”
The 9/11 report found that during the spring and summer of 2001, U.S. intelligence agencies received a stream of warnings that al-Qaeda had planned “something very, very, very big.” The CIA director at the time, George Tenet, told the 9/11 Commission, “The system was blinking red.”
Since 9/11, the CIA’s mission has been to support President Bush’s prosecution of the “global war on terror,” and it has escalated the agency’s need for first-rate intelligence, enterprisewide data sharing and agile IT systems on the back end.
In Tarasiuk’s office, two black-and-white framed images of the 9/11 aftermath—the charred remains of the World Trade Center and the disfigured Pentagon—stand out among other photos on a bookshelf. When asked if they help him not forget the CIA’s current mission, he says that he can never forget. “Everyone in this building believes we are at war,” he says, “and that’s the pace we operate at every day.”
“To be seen an as enabler of mission”
Since taking over the CIO reins in fall 2005, Tarasiuk’s own mission has focused on the corporatization of CIA IT—which is no small feat. Severe security requirements, national security concerns and a culture where spying and deception are just part of the business add a whole other layer of complexity to attaining true business-IT alignment.
For many years, IT was not seen as a strategic enabler to CIA’s success, say CIA employees. Spies in the field didn’t think they needed IT, and the analysts trying to make sense of the spies’ intelligence had to get by with antiquated data-management systems. Technology was “a threat, not a benefit,” noted one CIA researcher in 2002. And “cylinders of excellence”—meaning data silos—were ever-present.
Tarasiuk has, so far, opened up the 61-year-old insular spy agency to the concept of more efficient and effective information sharing by using Web 2.0 technologies, such as the CIA’s Wikipedia-like Intellipedia that’s used across the U.S. intelligence community. Another sign of change is a grassroots, Web-based collaboration among Russian intelligence experts at several U.S. agencies, which enables analysts to securely share their insights, analysis and information on breaking news on Russia.
Tarasiuk has instituted a new IT governance team that has—for the first time—the highest level of management support at the agency. His team has also moved completely to agile project management methodologies, virtualized 1,000 servers that are projected to save $18 million in 2008, and empowered frontline CIA employees to ask for, decide on and employ new IT tools.
In 2007, Tarasiuk’s team was finally able to the replace the CIA’s main information-handling system, which was severely outdated and lacked the basic functionalities found in 1990s-era e-mail systems, with a more modern and user-friendly system called Trident.
In the process, Tarasiuk has tried to revitalize IT’s image within CIA to match what’s necessary today, “to be seen an as enabler of mission and not just a technology shop that’s delivering a desktop,” he says.
His message of IT-driven change and business-not-as-usual has permeated CIA. “Al said that the new priority is setting deadlines and meeting goals,” says Ken Westbrook, chief of business information strategy in the intelligence directorate (the CIA employees who analyze intelligence and write reports). Westbrook’s new liaison role, working on managing the IT portfolio for the analysts, is one piece of the CIA’s overhaul of the business-IT relationship. “Now we’ve got to deliver on time and on budget. I give Al a lot of credit for making that happen.”
“To eliminate the technology iron walls”
Tarasiuk has driven change inside the CIA’s IT operations and won notice for his efforts. But that is not to say everything now is perfect—or close to finished. After all, demand for all this change—more information sharing between and inside agencies that frees previously firewalled intelligence from fragmented silos and thousands of databases—was forced on the CIA and other agencies by the creation of the Office of the Director of National Intelligence (DNI) in 2004, to oversee all 16 government intelligence organizations.
The current director, J.M. “Mike” McConnell, is taking great pains to replace the “Need to know” culture with “Responsibility to provide” among the organizations. (The shift is significant because it replaces knowledge hoarding with knowledge sharing.)
“What’s happening at the CIA is really representative of what’s happening governmentwide, where you have a number of agencies with antiquated systems, and the challenges in front of them and the opportunities we have are requiring a lot more flexibility, speed and agility,” says Lena Trudeau, a program director at the National Academy of Public Administration (NAPA), an independent Washington, D.C., government advisory group. Trudeau studies how collaborative technologies can help solve the U.S. government’s complex problems, which “require [the government] to act in a different way than a lot of these legacy systems and processes allow.”
Technology is a vital piece of the CIA’s overall change, and Tarasiuk knows it. “IT is the lifeblood of this organization,” he says. “I’m trying to eliminate the technology iron walls that have existed in the past” inside the agency. (For more on Tarasiuk, see “Who Is Al Tarasiuk?”)
However, long-standing interagency rivalries (the FBI and CIA, for instance, have an intense mutual dislike and distrust) won’t vanish overnight. Then there are the ongoing controversies, such as allegations that CIA officers tortured detainees and were involved in such activities at secret prisons, or “black sites,” in foreign countries.
When asked how he keeps IT workers’ focus on the mission at hand and not on CIA controversies, Tarasiuk says resolutely: “Because of the history and things that have happened in the past, it’s always going to be a lightning rod when there’s a discussion about this agency. One of my roles that I take very seriously is to isolate our folks from the stuff that gets put out that’s not true. I basically tell them not to worry about it and focus on mission.”
And then there are the cultural differences—even inside the CIA—that are difficult to quell. “The big push to share is a much harder problem than anyone wants to admit,” says Ken Orr, founder and principal researcher at The Ken Orr Institute, a business technology researcher. Orr is a former member of the National Research Council (NRC) committee, which has advised the FBI on technology projects in the past. (For more on the FBI, see “Why the G-Men Aren’t IT Men.”) “An enormous amount is semantics and language—in order to connect the dots, you’ve got to be talking about the same dots.”
Tarasiuk says that he’s been able to pull off as much this far because of the credibility he’s earned over his 20-plus years at the CIA, leaning on the contacts he’s made along the way, and, most important, the backing of Director Hayden. Like all CIOs worth their salt, however, he hasn’t been afraid to make the tough decisions, like on new data-sharing policies. “If we can’t come to consensus, I’m going to make the call,” he says, “and in some cases it goes against what some want to do.”
The CIA’s in-progress extreme makeover, however, goes to show that if the IT department at The Company (as the CIA is known) can learn how to be agile and collaborative and open to new ideas—and still maintain national security—so can the IT department at your company.
Tarasiuk knows full well where he’s come from and what challenges still lie ahead. “We’re in a transformation,” he says. “It’s huge, but it’s only the beginning of what’s happening.”