At the CIA, the secret to knowledge management was hiding in plain sight.
By Elana Varon
THE CENTRAL INTELLIGENCE AGENCY doesn’t like to talk about its mistakes. It’s not just embarrassing, but officials believe exposing details about how an operation went wrong reveals too much about how it captures enemy secrets. But published statements and news reports suggest one recent error—the U.S. bombing of the Chinese embassy in Belgrade during the Kosovo war last year, which killed three and injured 20—happened in part because CIA officers targeted what they thought was a Yugoslav Army warehouse based on outdated maps, and others failed to catch the mistake before the proposal was passed to the military.
No knowledge management system can replace human judgment, but CIA officials are convinced that if employees can find the information they need more easily, they’ll produce better analysis and make fewer errors like this one. CIA analysts draw from tens of thousands of satellite feeds, news reports and tips from counterparts in other government agencies to produce daily intelligence reports for the president and military leaders. But if someone who isn’t part of an analyst’s network of colleagues has some critical data or a new insight, it’s hard for him to learn about it. To protect classified information from falling into the wrong hands, the CIA discourages employees from sharing information with anyone who can’t prove they need to know it. As a result, groups of analysts have erected thick firewalls around themselves, built their own systems and organized information in ways that make sense only to them.
It’s this lack of uniformity that bedevils most knowledge-sharing efforts, says Christopher Olsen, chief of records and classification management with the agency. It’s hard to find anything—even green beans in a grocery storeif you don’t know how what you’re looking for is arranged. Knowledge management experts call such organization schemes taxonomies.
“If information isn’t captured [in a filing system], it goes into the corporate mass in a disorganized way,” Olsen says.
“Even if you put some fancy search engine over it, the likelihood of being able to get to the information
you want quickly is not high.” So when the CIA launched a new knowledge management project two years ago, Olsen and his boss, Deputy Director of Information Management Lanie D’Alessandro, argued for a solution based on a tried-and-true taxonomy—the system that its in-house librarians and records managers had been using for more than half a century for cataloging official agency records.
It’s these records, not surprisingly, that are most valuable to analysts. As a government agency, the CIA is required by law to save documents that explain its operations, from national security assessments to covert actions. These records are organized by subject matter and timeliness under numerous categories and subcategories. Anything important enough for others to see is, by definition, important enough to store in this official record-keeping system, which also includes procedures for getting rid of outdated material.
The CIA needs knowledge management for the same reason large companies do. No longer focused on one well-known enemy, as it was on the Soviet Union during the Cold War, and under pressure to deliver better products at lightning speed, it’s much harder for CIA analysts to rely on their own collections of data and personal contacts and keep up with the workload.
“If information isn’t captured, it goes into the corporate mass in a disorganized way.”
“We looked at what we actually kept as business records,” notes Olsen, and analysts agreed that this was the information they wanted to be able to share. From there, the CIA set out to design a knowledge management system that mirrored how files were traditionally organized. The solution: something they call a “metadata repository,” which is essentially a Web-enabled “card catalog” that lets end users search for information using standard fields, such as author, subject, date, secrecy
level and each file’s original recipients. Most of this data is already supposed to be collected for record-keeping purposes, although a recently released audit of CIA record-keeping practices by the National Archives concluded that not every office in the agency has done this consistently in the past.
The agency intends to solve this problem by automatically capturing most of the metadata. New information systems or upgrades to legacy systems will include this capability, although to date only four systems do.
Having the metadata repository will let the CIA balance analysts’ need for information with traditional security concerns. “Before, we could never be sure how to let someone know we had something that would be of use to them without divulging too much,” says Olsen. Using the metadata repository, an analyst can get a list of resources. But because the search engine screens the database according to each user’s security clearance or similar restrictions, the analyst would learn only about resources he is allowed to know about.
Because users get pointers to information from the repository but not necessarily access to the actual files, the people who own the information can still control whether they share it. There’s no guarantee that they will, acknowledges agency CIO John Young. “It would be fatuous if I said we had solved the problem and that every officer in the agency was inspired to put the interests of the agency above the interests of his or her office,” he says. But the demands of the job are opening minds and databases. “Intelligence problems require more cooperative work than before,” he adds.
D’Alessandro says analysts “have been yearning for some standards to allow them to accept and pass along” files because they don’t have the budgets to build interfaces system by system as they did in earlier, better funded times. The CIA doesn’t disclose its budget, but according to one recent estimate, the total money the United States spends on intelligence has just kept pace with inflation.
Many companies also catalog important records—legal documents, product designs, customer files and research notes—and could base their own knowledge management systems on these catalogs. But D’Alessandro says technologists often don’t ask librarians and records managers, who are information management experts, to take the lead in designing new databases and interfaces. Her previous job was as the CIA’s deputy CIO, so she knows firsthand that “information management is always overlooked by the IT side.”
“I think we were invited as a courtesy,” she says. “We have interjected ourselves and have tried to tie ourselves to the [technology] side” of the project. “We got in through the backdoor.”
Agency officials agree that broader access to information by CIA officers might also help to prevent intelligence blunders. Jim Reid, chairman of the CIA’s knowledge management steering committee, notes that getting “the right information to the right person at the right time” is a mantra in the agency. Neither Reid nor other officials interviewed for this article would provide specific examples of how knowledge sharing might have helped in past cases. But Reid did say part of the point of knowledge management is to prevent fiascoes like the Chinese embassy bombing in the future.
For instance, says Reid, the metadata repository will point end users to a set of official maps. “If the map in there is wrong, you’re going to see the wrong data,” he says. “But it will solve the problem of someone having a map you don’t know exists.”