Remarks by Agency Technology Advisor at NCEITA Conference
"A 21st Century CIA - Meeting Challenges, Realizing Opportunities."
April 14, 1999
As one of the keynote speakers at the NCEITA Technology Conference in Raleigh Durham, NC, Basil H. Scott discusses the challenges that the CIA sees, opportunities, and how new communications and information technology will change our business.
Welcome. On behalf of the CIA and Director Tenet, I'm very pleased to be here today. Since its inception, CIA has depended significantly on special technology to enable its mission. This is more true today than ever, as our business is increasingly dominated by technology concerns and opportunities. In the next hour, I will discuss the challenges that we see, opportunities, and how new communications and information technology will change our business. This talk does not reveal classified secrets, but hopefully, it will show you how we are thinking about the future.
Perhaps you noticed that I used the word "business" to describe what we do. The spy business is a lot different from what you might think. Let me spend a few minutes describing what we do and some of the realities that are driving us today.
Intelligence is an information business. It's similar in some ways to what a large news organization does. However, its ultimate mission is different: to inform the President and policy makers about strategic and tactical issues - and to provide warning as necessary. There are three basic steps in the Intelligence business: collecting information, analyzing that information to decide what it means (turning information into Intelligence), and disseminating the Intelligence - telling those who need to know what they need to know.
The first step is collection. The popular media has glamorized this part of our business because we use spies. While what we see on TV and in the movies is quite dramatic, for the most part, what real spies do is completely different. In many ways, their activities are analogous to newspaper reporters. They develop sources who can provide information.
While it's a cliché to say that spying is the second oldest profession, there is an element of truth in this statement for human espionage. It remains a very effective technique that is not directly impacted by technology. It depends on human psychology, and the rules of this game have not changed.
Using spies is not the only way we collect information. For example, we use openly available information as well. This includes material published in newspapers, broadcast on TV, and so on. We call this "open source" and it provides a lot of useful information. In fact, it sometimes provides surprisingly accurate and detailed information- if we know where and how to look and take precautions against propaganda. In the last ten years, there has been an explosion in the quantity of open source information. This is a major trend that the CIA needs and hopes to capitalize on.
We use technical methods to collect information as well. From the earliest days of the CIA - it was founded in 1947 - we've used everything from small concealed cameras to phone taps to sophisticated satellites. We face very significant challenges in this area due to the rapid pace of innovation and deployment of modern communications and information technologies worldwide.
The second part of the Intelligence business is analysis, figuring out what the "raw data", or collected information means. This is the job of the Intelligence analyst. The Intelligence Community, which consists of 13 Agencies, has photographic analysts, signals analysts, and so on. The CIA has all source analysts. They look at many sources of data and make judgments on difficult issues such as the status of a foreign weapons program or where a terrorist group plans to strike next. They're detectives. Their job is to assemble a complete picture from an incomplete set of facts. They're often called on to predict the future as well. I think you'll agree that this is not an easy job.
The analytic part of the CIA, the Directorate of Intelligence, produces a variety of publications and other products. These range from the President's Daily Brief (PDB) to long term reports.
CHANGING DEMANDS FOR INTELLIGENCE
The job of the CIA, and the Intelligence Community as a whole, is getting harder. It may or may not be harder in an absolute sense; there's no absolute standard against which to compare. However, it's facing huge challenges driven by rapid global change - political economic, and technological. These changes have been accelerating since 1989, the year that the Berlin Wall came down. At CIA headquarters in Langley, Va., we keep this piece of the Wall.
It reminds us every day of the history of the cold war and the new world order that has begun. However, this new order is still in the process of being created. Even though it started ten years ago, we are still in the middle (or maybe only at the beginning) of the change.
Political change has led to a new set of problems. Consider the Cold War problem of the Soviet Union and possible military aggression. The US needed to understand the Soviet military, a huge bureaucracy. This was a stable problem, one that by the late 1980's, we had studied for years. Based on this long study, we had a good understanding of their capabilities and what we might see if military hostilities were imminent. However, the likelihood that hostilities might actually occur was very low.
In contrast to the old Soviet problem, consider the terrorist issues that are increasingly important to us. There are hundreds of terrorist groups, but there is no bureaucracy! Terrorism is a dynamic problem - a new group can spring up overnight. There is no time for years of study. Finally, as we know all too well, the probability of terrorist activities is real and frightening.
The issue of terrorism is only one of the emerging "transnational" issues that bedevil us. Regional conflicts, the proliferation of weapons of mass destruction (chemical, biological, and nuclear), environmental issues, and special security and peacekeeping arrangements are all becoming more important.
These kinds of issues share certain common characteristics. There is less time to study an issue and build up institutional expertise. The possibility for trouble that could injure or kill American citizens is real. The CIA must understand both the long term intentions of the organizations that perpetrate these activities and their tactical plans. The latter is crucial. It's the only way for us to prevent terrorist bombings, the sale of prohibited materials, and a host of other very undesirable activities. In order to accomplish these goals, we require a range of robust analytical techniques and focused collection capabilities that can be deployed rapidly against a suspected Intelligence target (I use "target" to designate the subject of an Intelligence investigation).
COLLECTION TECHNOLOGY CHALLENGES
Over the years, we have developed many technical collection disciplines in the Intelligence Community. Perhaps the best known of these is our photographic reconnaissance capabilities. Here is a famous example of missiles on Cuba that was obtained in this way. Consider for a moment some of the characteristics of this activity. It is safe because it is conducted from a stand-off location. We don't have to get too close to the subject of our investigation. It's also a flexible capability. The satellites and aircraft that we use can take pictures anywhere. However, photographic reconnaissance is an indirect way of determining what someone or some organization might be doing, and it has inherent limits. For example, from this picture, we cannot determine how accurately these missiles might fly. Even worse, we could not say when or under what circumstances they might be used. To answer questions like these, we need more than pictures of an object from which we make deductions. We need to obtain information directly from our Intelligence target.
Over the years, we have built up an extensive array of capabilities that enable us to obtain this kind of information. Basically, all the techniques were built around the idea of intercepting communications. We perfected the art of communications intercept, so that we could do this from a long distance, using large antennas or even satellites. This was a flexible and safe method. The subject of our investigation might never know we were listening. This worked well in the 1970's and 1980's. Today, however, in parts of the world where high capacity fiber optic cables carry the bulk of communications, these traditional techniques are no longer useful.
Tapping telephones is another basic Intelligence tool, one that is different from the type of stand-off collection described above. It allows a very focused look at a particular individual or organization - close surveillance rather than broad reconnaissance. Here too, we perfected techniques to enable interception of communications and to keep the activity hidden from the target of our investigation.
It's impossible, however, to use a traditional wiretap (which is literally wires connected to wires) against cellular or wireless local loop systems. Again, a traditional technique is rendered useless when it confronts the modern types of communication technologies that are being deployed today.
Technology impacts like these pose a significant challenge. Over the years, we had become dependent on our traditional techniques, which we had spent years refining and optimizing. In 1996, the DCI requested a study of emerging communications and information technologies that were likely to have an impact on the Intelligence Community. There were five basic trends identified.
Transmission systems - (Fiber optics and high data rate connectivity) In the early 90's, organizations within the Intelligence Community argued as to how pervasive this trend might be. It took some time to achieve a general consensus that this trend was ubiquitous and important to the IC.
Last mile technology, or network access - (Including xDSL, Wireless Local Loop, etc.)The effect and importance of these technologies on the Intelligence Community is still under debate. However, there seem to be strong market drivers for the deployment of these technologies, both in the advanced and the less developed countries. I think we should be concerned.
Personal and wireless systems - It's well known in the law enforcement community, that criminals often use cellular phones and other personal communications systems to maintain anonymity and to provide security. The same is true for international criminals and others who might be the target of an Intelligence investigation. The technologies are challenging, and there are a great many different systems and standards. The growth trends are impressive, and the CIA and the Community realized the importance of these technologies early on.
Network technologies - there is no better place to look than the Internet, and emerging services like Voice over IP to realize how much has changed and how fast it has changed. An interesting trend is that in many parts of the world that are less developed than the US, technologies like Voice over IP may be deployed in the network faster than here. This "leap frog" phenomenon can occur because there is not a large installed base which impedes (for compatibility or other reasons) rapid deployment the most cost effective solutions. This means we may have to be in a position to respond to such a technology faster than you might think.
Encryption - The Intelligence Community recognizes that this is an important trend and a controversial topic. This is a good time to remind everyone that the CIA is a policy neutral organization - we have no position on this issue. However, we know that security and privacy concerns will lead to wider development and sale of products with integrated encryption capabilities. We know it's a question of how fast these will spread and how good they will be, not if they will spread or whether they will be strong. From our perspective, any kind of encryption, weak or strong, can greatly complicate our job.
This is a long list of technologies and challenges. More than any specific challenge presented by any one item on the list, it's the large number of items and the pace of change that presents a formidable challenge.
The 1996 study concluded that the pace of change would be dizzying. The graphic shows percentage growth with 1995 as a basis year. By 2000, total network connectivity would increase by a factor of four. This is surprising, since network connectivity is the result of over 100 years of investment in telephone and telecommunications infrastructure. The number of Internet subscribers would increase tenfold in the same time period. These predictions have proven to be reasonably accurate.
If anything, I think this pace is accelerating. For example, in the March issue of Wired magazine Tom Nolle of CMI, a consulting firm in New Jersey, states that "In the next five years, more money will be spent on new telephone equipment than the sum total undepriciated value of all the gear in place today. This is a tidal wave of at least $500 billion in new spending that's about to hit." We had reached a similar conclusion in the 1996 DCI report, which found that "Within a five-year time, market forces will produce a dramatic transformation in network infrastructures. This rapid change is fueled by unprecedented levels of investment ….The rapid deployment of new infrastructure will lead to a mix of technology and features that is dramatically different from today."
Acceptance of these new realities is uneven within the Intelligence Community, and it is taking longer than it should to bring about change. But, we are committed to meeting his challenge. We have redirected resources. We're creating cross-agency, cross-government and IC-industrial consortia. We intend to build closer ties with industrial partners.
AN INTELLIGENCE EXAMPLE
The activities required to develop or build stocks of BW and CW weapons can be hidden in legitimate activities occurring around the world. For example, pharmaceutical plants can be developing vaccines and biological weapons. Because the illegitimate activities are part of the legitimate, overt activity, they are very difficult to detect. If we could see the key purchases, shipments, and chemical byproducts in sequence, we would know that weapons activities were under way and who was involved. But this evidence is difficult to find: the purchases and shipments are hidden in plain view among millions of similar transactions. We would never seek chemical evidence unless we were already aware of the activity and were fairly certain that we would find something.
There are three parts to this problem: how do we discover the existence of in illicit activity; how do we refine our knowledge, and finally, how do we confirm what we believe to be true? This is an iterative process.
Each step of this process relies on finding minuscule clues among all the sources we have.
The number of sources and the overall amount of data to which an analyst has access makes the process of finding these hidden clues very difficult. How can the analyst know where to start looking? What data might be relevant and what should be ignored? Even when an analyst strongly suspects that a particular set of data bears on the problem at hand, he or she may not be able to find anything useful. This problem is amplified when we consider that this is only one part of the total job that an analyst must do.
Determining what a piece of information means and coordinating a finding with others takes more time (and it should) than basic research of facts.
ADVANCED TECHNOLOGY OPPORTUNITIES
We think there is a significant opportunity to use automated analysis tools - datamining and information retrieval techniques - to help solve this problem. These include:
Clustering - lets the analyst exploit the most useful data sets first, and thereby helps us perform our warning function. Clustering is essential where we have reason to believe the density of useful information is low, for example, in open source information. These techniques can help us identify what might be useful.
Link analysis - can help establish relationships, and can help detect patterns of activities that warrant particular attention. Link analysis can show relationships between known problems and unknown actors.
Time series analysis - can support identification of time trends, which is the foundation of much intelligence analysis. Crises generally are departures from some norm level of behavior.
Visualization - to see complex data and to see non-traditional presentations of data can help an analyst deal with large and complex data sets.
Another area where we see a significant opportunity is collaborative tools. However, bringing collaborative technologies to the Intelligence Community is a large undertaking. The "Community" consists of 13 agencies, several DCI centers, the National Intelligence Council, and literally hundreds of collection and analysis offices. The problem of sharing data between this large number of organizations is immense.
Security - different agencies have different standards. Many offices have private data holdings that are not widely advertised or known. Some of the data, such as the names of spies who are helping the US, is extraordinarily sensitive and cannot be shared.
Collaborative tools - two types of requirements exist. Collaboration in the production process (to increase speed and accuracy) and casework collaboration, as a team of analysts work on a problem for several weeks or months.
Distributed knowledge - the Intelligence Community will never have a database that contains all information that is available to all people, due to the individual missions of each organization. However, the ability to share major holdings and to present an integrated view to the analyst's desktop is critical and not simple. Multimedia data, multiple standards, and use of non-integrated proprietary applications are some of the issues.
We have some challenges that very few organizations face. We deal in foreign languages extensively. There are lots of them - about 160 on a daily basis. Many of the tools that exist today, do not function well, or perhaps at all, in such an environment. In general have obtained our data through some clever, non-standard method. Most of our data does not exist in databases; it exists in whatever raw form we first obtained it. One of our datamining experts put it this way: "We must take it [the data] in the incomplete, unverified, unformatted state in which we find it and make the best of it." There are no pristine data sets.
We have great hope for innovation in the analytic area. The graphic illustrates our vision of a truly collaborative environment wherein information collected by the "INTs" (HUMINT, SIGINT, etc., which compose individual disciplines within the Community) is available to all analysts. While this would
greatly enhance our capability, realizing this vision requires solutions to the problems outlined above. It's very important that we do this, however, because too often, we fail to analyze, or to fully analyze, the information that we possess. In general, this problem results when highly classified information is held within too small a group.
Will we realize this vision? I think we can. First, the CIA is a good environment for innovation. Opportunities exist to try new ideas against focused problems in a small group setting. We're not looking for universal solutions to all problems. In the last few years, we've some had very exciting successes by applying this principle. Two specific examples are in the area of link analysis and information extraction.
The link analysis examples shown here illustrate a poorly understood set of relationships and a fairly completely understood set of relationships that was derived from the incompletely understood relationships (certain information has been removed from these displays). This is being done using tools that exist today, and it is a very powerful technique for us. I think these successes represent only a fraction of what is possible. For example, in a number of areas, we have taken fairly ordinary, non-sensitive information and turned it into very useful, revealing information, a lead into gold alchemy.I also think there are many opportunities for fundamental improvements that we have barely tapped into.
Suppose the CIA put up a web page like this.
If we could, it would greatly reduce the complexity of collection, and it might provide some very unusual insights that we'd never think of otherwise. However, there are basic problems. The first is that we would get a great quantity of useless information and very little useful information. How would we sort through all of this? Clearly, truly effective automated analysis tools would enable this kind of innovative approach, and we just spent a long time talking about this. Secondly, there are internal organizational problems, which I won't go into here. Finally, we have an advertising and marketing problem. We don't want secrets on just anything! We have our priorities and we'd want to target our message to those people who were most likely to have insight into the issues about which we most care. Some of you may have more insight into this marketing issue that we do! In spite of the challenges of actually implementing such a scheme, this is the new type of approach that the CIA and the Intelligence Community need more than anything.
The CIA and the Intelligence Community face significant challenges driven by rapid deployment of new technologies. Our old methods of collection won't work very well in the 21st century, so we're committed to modernization. On the analytic side, information technologies offer great promise, and we are moving to implement new systems and techniques of analysis. The Internet offers the possibility of conducting our business in radically different ways. So, while we see lots of challenges, I believe there are more opportunities. We are committed to achieve the change it will take to realize these opportunities, and I believe it is very important that we succeed.
Our relationships with commercial partners will be critical for our success. In a short time, the DCI will announce some very creative steps we are taking to allow closer ties with industry and for us to move at the speed of commerce, not government, in these critical technology areas.