Features
Interview: Mike Mestrovich – Full Transcript
Mike Mestrovich is the senior technology officer for solutions in DIA's Information Management Directorate. Think of him as DIA's advanced IT guru. Before joining DIA, he helped build nuclear targeting tools for the Air Force and worked on government networks for Cisco. Depending how things go, the highlight of his career could be the role he was assigned earlier this year as chief architect for a key element of the intelligence community's IT efficiency drive. Mestrovich leads the team that is designing a common desktop computing environment for workers across the agencies. He spoke to Ben Iannotta by phone on August 29, 2012.
Ben Iannotta: …I saw you were Air Force. What was your expertise and rank?
Mestrovich: I left as a captain in the Air Force. From '91 to '97, I was a communications officer. The first three years I helped build nuclear targeting tools. So if you ever saw the movie WarGames back then, I think that was actually some of the programming we did for SAC at that time.
…the way the displays appeared?
Um, well the movie took a little liberty with the displays. But effectively how we plan and executive nuclear wars and then that type of stuff was kind of the programs that we built and ran simulations on those kind of events.
And I saw you were at Cisco.
I was. I was at Cisco for 11 years, from '97 to 2008. I was a systems engineer with Cisco supporting government and military customers in Europe, the Middle East and Africa.
Were you ROTC or academy?
I actually was ROTC, ROTC scholarship through the Air Force to University of Notre Dame.
How do you keep in touch with what kind of technologies or problems the working level DIA people have, whether they're analysts or maybe in this new Defense Clandestine Service? How do you help them?
Well, historically, the director for information management had what they called senior account managers and knowledge managers. Those were, if you will, kind of our senior requirements gathering folks that worked with various different customer segments. So for example, there'd be a senior account manager that would cover PaCom as a cocom, but there would also be a senior account manager that might cover people working MASINT or GEOINT or intel production. And so either by geography or by stratification of users and functions there would be senior account managers who work with that group who knew enough about how they did business to start interpolating some of the requirements that they had into something the IT group could understand and start to work with. Once those kind of requirements came in then some of the more technical, well, the engineering team, if you will, would take a look at what's been going on within industry or within other facets of the intelligence community to see if there were solutions or technologies out there that could be readily adapted and applied to those particular problem sets. And then if there was, you know, did it require funding? Did it not? Was it a simple modification of something we already had? Was it something we had to go get new? There'd be a whole process by which you'd run through, ultimately delivering in some amount of time, depending on the complexity of the problem, a solution set as it came in.
Is that the same process you have now?
The process has evolved a little bit now. And, so what we have now, is we have something where the customers actually get together amongst themselves in the functional disciplines. And they themselves kind of vet out requirements. So for example, many of the cocoms would get together and they would vet out their requirements for -- let's say for a new digital production tool. And the reason that's helped is because now the customers get an opportunity to see what each of them are submitting. They get to talk about them and debate them a little bit, and they can stratify what requirements need to take priority over others. The IT group doesn't necessarily have to do that rank ordering. The customers actually get an opportunity to do that rank ordering, and they do that amongst themselves so that they're hearing amongst themselves all of that discussion. The other piece that that helps with is we don't get effectively conflicting requirements, or diametrically opposed requirements, you know, PaCom wants you to do X, and EuCom wants you to do Y, and X and Y are totally incompatible with one another. So, this new process helps facilitate getting around this new kind of problem set.
I wanted to switch gears a little bit and ask you to update me on the Next Generation Desktop Environment. Where are you on that effort?...
We have somewhere between 12 and 13,000 systems deployed now. That is effectively the end of what we had originally gone out for under contract. So we effectively deployed next generation desktop to somewhere between 12 and 13,000 systems worldwide. That includes systems in Korea; Japan; Hawaii; Colorado Springs; Tampa; Stuttgart, Germany; Molesworth, England, and so on and so forth, so effectively across the entire DoDIIS [Department of Defense Intelligence Information System] enterprise about 12 to 13,000 systems have been deployed. We are continuing to work on some enhancements to those systems, so we're doing some upgrades to various different components of the system. So for example we'll be implementing some of the new VMware software some of the new Citrix Xen desktop software and as well as we'll upgrading some of the Raytheon trusted computer systems software, mostly to give us some new features and functionalities to enhance -- as you would with any IT system -- to enhance the features and functions and capabilities along the way. But effectively from the original desire to replace our thin client architecture, we have actually successfully done that as of, I want to say, the middle or the beginning of July of this past year.
…Is that all DIA people or other agencies?
Well, it's what we call the DoDIIS enterprise and that consists of DIA people although many people at the -- for example the cocoms -- have a number of different joint staff members there. There's J2s, J6s, J3s, J4s. The J3, as an example, wouldn't really be a DIA employee or a DIA employee or a DIA person, but they are what we call a DoDIIS customer. So they're a core customer of ours. They support the cocoms. Those would be some of the people that get these systems as well. There are some other folks that are in that same boat. Different components of the Army, of the Air Force, so on and so forth. They're not DIA employees but they come to DIA for services, and so we provide services to some of those people in different locations.
There's also an effort to have a common desktop across the community, so how does this effort fit into that?
Right, so, um, within the -- as you're probably well aware, there was something launched under the auspices of the ODNI called the IC IT Efficiencies [sic: Enterprise]. ICITE for short. And one facet of the IT efficiencies activity is providing a common standard baseline operating system, desktop environment for the entire intelligence community. DIA and NGA submitted a joint proposal and were selected to lead that desktop component, and in fact I'm, as well, the chief architect for that IC desktop environment. And, you're correct, what that envisions is providing a common desktop to all IC members, such that any IC person could go to any IC desktop, log in and have access to their emails, their files, their SharePoints, all of that stuff regardless of location.
Refresh me when you started that effort and where are you now? Have people started using it or testing it?
The effort itself started last year. I want to say it was in the August or September time frame. There were two phases. There was one which was a quick and dirty 30 day study that was designed to focus on: Would IT consolidation in the intelligence community actually be feasible? And if it was feasible, what are kind of some rough orders of magnitude as to costs and complexities? That was then briefed out. The results of that study were favorable, and so a second, 75-day study was launched that was a little bit more expansive. So it was, dig deeper into the -- now that we understand that it is possible and that there are some rough orders of magnitude of cost savings, now dig into the details of what would the actual implementation phases look like? How would we -- what were the things that we would do to walk through it to make that a reality. Again, that was briefed out in December of last year, favorable results from that. Then you went through the process this spring -- formalizing which intelligence agencies and components would have responsibility for delivering which pieces and parts of that overall solution. So as an example, NSA and CIA were designated as the cloud service providers. DIA and NGA jointly were designated as the desktop service provider. There was an Applications Mall service provider, and then individual app stores would be delivered by individual agencies. We've just gone through some design reviews for that. It was all completed, I want to say two weeks ago, if I'm not mistaken. And we're now in effectively the implementation phase of that, so individual service providers are now building out the various different components of that IT architecture, with an expected IOC date for the IT enterprise of the 31st of March 2013.
So does that mean 31st of March 2013 people would be able to what you described earlier – be able to sit down and log into any IC computer?
Right, I mean, some will, and it's obviously going to be a phased approach. And there's tens of thousands of people in the intelligence community at lots of different locations. So it will be a phased approach. But yes, the expectation is that on -- around the 31st of next near -- indeed some of those people, the early adopters if you will, will have a common desktop and will have the ability to be mobile – that is log into those desktops that have been brought into this new IT environment, yes.
…Does that undo the [DoDIIS] Next Generation Desktop Environment?
No, not at all. So, the next generation desktop environment has a couple different components. Number one, it offers us the ability to offer different security classifications to the same desktop device. So we don't have to run a secret cable, and a TS cable and various different multi-lat and bi-lat cables and put all those computer systems on a desktop. We can present those desktops all through one physical desktop computer system. So, that's one piece of it. That functionality will still stay the same. It's a thin client virtual desktop. And so what will really happen in the NGD [Next Generation Desktop] space specifically is the TS desktop, the JWICS [Joint Worldwide Intelligence Communications System] desktop that the customer logs into today that'll simply be replaced – again, it's all done on the data center in the backend; the customer doesn't see anything –- it'll just simply be replaced by a new image that is this common image, and anybody that then has an account in this new IT environment, and logs into an NGD, will see that as an option, and they just click on that option as they go about their business. So it reutilizes all the same infrastructure the NGD was effectively built on. We're just presenting a different TS desktop option to people.
…I see, so the TS desktop option is the ICITE implementation.
Exactly correct. Yes.
…Does that mean now you can -- well, why is that important? Let me not try to refine it, box you in.
So NGD did something very, very good for the DoDIIS community in the sense that often times we have lots of contingency operations. And so in the past you might want to pool 7 or 10 or 15 different people together to have them work on a particular contingency activity. And in many instances, those contingency activities involved us setting up new networks… And so what NGD's allowed us to do is instead of actually having to physically put a new desktop on somebody's desk and run new cables to support that new effective network if you will, we don't have to do that any more. We can just say wherever the 15 people in the community that need to be a part of this thing, they just get a new icon on their desktop that is this new contingency, if you will, environment. And then they can log onto that without us having to run new cables, without us having to replace any hard drives, or computer systems, or any of that stuff. So they can just instantaneously get on to the system and start working with their peers and collaborating. So that was enabled for the DoDIIS community and different organizations around the IC had similar investments that allowed for that as well. We're basically leveraging all of that stuff in this ICITE activity to enable that not just for an individual agency, but to expand that out so it encompasses all agencies. So now when we build -- have a contingency -- and we need to have people from DIA, and NGA, and NSA, and NRO, the list goes on and on, all collaborating together, they can, in theory, do that from their own desk. Or they can go to a central location but we don't have to run any new cables. But we don't have to bring in a CIA specific workstation or an NSA specific workstation. They can just use the IC workstations that are there to immediately log in and start doing their work. So that's where we're driving with this activity.
So what about like FBI and Treasury, DEA?
Right, yup.
Those too?
So all of those are scheduled to be included in the ICITE activity. There's a phased implementation and we're right now looking at: When do we start bringing in those other agencies? Some of them have -- some of them will be easy because of the scope of where their people are, and where their facilities are, and what their requirements are. And some of them will admittedly be a little bit harder. So we're trying to walk through the requirements now to figure out what's the most appropriate time to start bringing in all of those other intelligence agencies.
I wanted to shift and ask you a little bit about mobile communications, which seems to be really hot right now. This idea of Bring Your Own Device, is that going to be compatible with DIA's type of very secretive work?
Well, I don't think there will be any – there's no activity on the books right now that would allow for, you know, bring your own personal device to work and use it on a government classified network. So that's not an offering that anybody has any idea of implementing today. There are two pieces to that however. Number one, we are looking at bring your own device for utilization on unclassified networks. You could then get your mail, and you could get your contacts and your calendar all to the same device that is your personal device that you get everything else. So effectively you wouldn't necessarily have to carry around multiple devices, one issued by the government, and then one that is your own. There is an activity underway to look at that. The second piece is, there is a desire, through ICITE to indeed enable within the SCIF [sensitive compartmented information facility], within the classified space, mobile computing in the sense that I should be able to take a laptop potentially or a tablet and carry it around inside my building and be able to review PowerPoint presentations, work on spreadsheets, work on documents, and that device would not leave the facility but it would enable you to have untethered access as you move through the facility. So there is an effort as well looking at how we do we do that, and how we do that in a secure fashion. And in that environment, that mobile device would actually be able to attach to the classified networks and do classified processing of data.
The mobile industry is really excited about these Mobility Capability Packages that NSA has published on its web site that are supposed to eventually allow top secret, and eventually I think even SCI conversations, by, you know, tunneling over commercial 3G, 4G networks. Are you familiar with that at all?
I am familiar with a bit of that. I mean, admittedly that is something that's certainly within NSA space. We have an NSA liaison that we work with and we, again, much like the senior account managers I described earlier at the outset. They take our requirements and one of the requirements I've passed to them is exactly this: how do we do this secure mobile computing? And so, yes, I'm somewhat aware of the activity, admittedly it's certainly not my area of expertise but certainly something that's more suitable to NSA. But generally I am aware of the concept. Yes.
What I'm trying to divine is, it's really interesting because it just sounds like – impossible. What's your level of the sense of the feasibility of it?
Well, I mean, there has been for a couple years now something called the SME-PED [Secure Mobile Environment Personal Electronic Device] which was the secure – I forget what – personal electronic device. Anyway, it was effectively a BlackBerry that allowed you to have secret level conversations and review secret level emails on that device. Some people liked it. Some people thought it was a bit bulgy and cloogy. But that's -- personal perceptions aside -- we were able to have a personal communication device that enabled transport of classified information. Now, realistically, you have to look at the use case scenario. So it's one thing to be sitting hopefully with nobody around you reading secret emails. That's one thing. It would be a totally different thing to be actually having an open, verbal classified verbal conversation over that. I mean, you'd have to, obviously, ensure that there's absolutely no way somebody could eavesdrop on your conversation. And not necessarily the bits inside the handset that are being transmitted wirelessly. Just the verbal conversation. How would you, from an ops sec perspective operate in that type of environment? And I think in many instances it was listen only – I'm going to tell you stuff and you on the other end out in public, you're just gonna basically hear what's happening. So you just gotta be cautious of the individual use case scenarios in that environment. I think technologically the capabilities certainly continue to advance and give us the opportunity to do that. You just have to be cautious of, you know, when is the most appropriate time to engage in that activity.
So, when you talk about apps, you're envisioning people using those mostly on desktop computers?
Like I said, inside the SCIF, inside the classified space, we certainly want to enable people to have more mobility than they had. So, ideally, we'd love to have the environment where you do pick up your laptop and go to the meeting room and your laptop is capable of connecting wirelessly and processing TS information. That is something we are striving towards. Lot of work to do in that space but it's something we're going towards. So, yeah, it's something we want to get to, no doubt. It's just gonna take a lot of work to enable that in a safe and managed fashion.
Is DIA itself developing apps, or how are you coordinating with these various apps stores that are being constructed?
So, the various different apps stores for the various different agencies were really designed for agencies to put in those app stores kind of their specific genre of applications. So for example, NGA may have a number of GEOINT capable applications. And those app stores would be where NGA would publish those so that other people who weren't NGA necessarily members, they could go to that, and they could see those and potentially those apps might be helpful to them in their daily business, but they otherwise never would have seen them or known about them before. NSA would do the same thing with SIGINT. DIA would do the same thing with MASINT or some digital production. Those types of things. So, the purpose of the app store was indeed effectively an agency specific repository for applications that were effectively native or used by that agency, such that other members of the intelligence community could see those and maybe those applications would have applicability for them as well. And it was a way for all agencies and all analysts to be able to share, see what other agencies had to offer, and partake in a sharing of those applications and potentially that those applications could manipulate.
Okay but if you're in DIA you would be a user, potentially, of that NGA app, so how do you know what apps NGA has?
Well today, often times, people don't. So the concept of the app store would be that there would be one central repository in the IC where people could go and they could peruse various different applications. Now, there's lots of operational activity behind that. How do I know that you as a person have the need to know? To deal with this -- How are you trained to run the application? So there's a lot of different operational components behind it, but natively what was understood was there would be kind of a central repository where all the analysts could go, much like you do with your iPhone or Android device today. And you get an opportunity to search and see all the apps that are out there. And maybe you discover that there's some new ones and you try them out and you find that they do have some applicability in your environment, and you know, you want to continue to use them because they bring some value to you.
Is DIA creating its own app store or relying on that central app store?
So each individual agency will create their own app store where they will post their own applications. And I guess technically the central repository of all the apps stores is something called the Apps Mall. So if you think about it, you know, you go to the mall, and as you wander through the mall, there's all these different stores. That's the same concept that we have here.
Does that Apps Mall exist yet?
That is what NSA is working on. I don't exactly have the timeframe, although they did brief it out at the design review two weeks ago. It should be ready to go again by the 31st of next year.
Where was that design review?
It was a DNI [director of national intelligence] sponsored event. As we all go through this IT E development process the ODNI is sponsoring lots of different events to ensure that all the different service providers have a coordinated approach -- That we all have an opportunity to get together and make sure that we're synched up. That our timeline's synched up. That our capabilities that were being delivered are synched up. That our dependencies are being met by the individual service providers that need to meet those dependencies. So the ODNI is really doing a great job in sponsoring many different events to ensure that there's a really consolidated consistency to delivering this ICITE environment.
Earlier, were talking about DIA's role in the Quad when you were talking about ICITE and NSA?
Well, DIA was one of the four members of the Quad.
Which now includes CIA so it's really five.
Yeah, so ICITE now effectively includes everybody. The Quad effort was, if you will, kind of a proof of what's possible. Can we do this consolidation activity and if so, what would that look like? It was a proof of concept of what was possible. The ICITE activity built upon that, right? Said you know, we went through this Quad activity. We learned a lot of great things. Now, how do we take that and move that into a more expansive enterprise wide operational environment? So, certainly DIA played a significant role in that Quad activity upfront. Certainly as one of the founding members. And you know, certainly will continue to play a leading role in this ICITE activity as we and NGA deliver on the desktop component.
Right now there's a big emphasis on human intelligence and of course you're a technology guy. So is that making it hard for you to get the resources you need?
No, I don't think it is. All the agencies have contributed substantially to this effort. It's like anything. I mean there were certain activities that the agencies had underway already from an IT perspective. And it's just a matter of the agencies going through and saying, "Do we need to continue on with that effort?" It may have applicability for the ICITE, so we want to complete it before we do that. Or it may be overtaken by activity that ICITE is delivering so maybe it's a duplicative and we don't need to do it. So, all agencies have had to go through that rationalization, but we certainly have not been hurting for resources. I think all agencies have ponied up the resources adequately to go ahead and support this.
Anything you're surprised I didn't ask?
No, I really think that the focus to be honest with you is this ICITE activity. It's certainly a consolidation event and an efficiencies event and something that's never been done before. It's a huge deal. It's a big game changer for the intelligence community. And it certainly would have lots and lots of positive benefits for the community as a whole.
And it's all tied together, like the cloud initiative
Exactly.
Interview: At the center of the IT revolution
Mike Mestrovich is DIA's senior technology officer for solutions in the information management directorate. Think of him as the agency's advanced IT guru. In past lives, he's helped build nuclear targeting tools for the Air Force and worked on government networks for Cisco. Depending how things go, the highlight of his career could be the role he was assigned earlier this year as chief architect for a key element of the intelligence community's IT efficiency drive. Mestrovich leads the team that's designing a common desktop computing environment for workers across the agencies. He spoke to Ben Iannotta about the desktop, the apps craze and the feasibility of going mobile.
Read excerpts below >>
Intelligence Community Information Technology Enterprise (ICITE, pronounced eyesight)>> It'll create "a common desktop to all IC members, such that any IC person could go to any IC desktop, log in and have access to their emails, their files, their sharePoints, all of that stuff…It's certainly a consolidation event and an efficiencies event and something that's never been done before. It's a huge deal. It's a big game changer for the intelligence community."
ICITE schedule >> "There's tens of thousands of people in the intelligence community … the expectation is that on -- around the 31st of [March] next near – indeed some of those people, the early adopters if you will, will have a common desktop…"
FBI, Treasury, DEA too?>> "All of those are scheduled to be included in the ICITE activity. There's a phased implementation and we're right now looking at when do we start bringing in those other agencies."
Latest on ICITE >> "NSA and CIA were designated as the cloud service providers. DIA and NGA jointly were designated as the desktop service provider. There was an Applications Mall service provider, and then individual app stores would be delivered by individual agencies. We've just gone through some design reviews for that… And we're now in effectively the implementation phase of that…"
Real world mobility >> "It's one thing to be sitting hopefully with nobody around you, reading secret emails…It would be a totally different thing to be actually having an open, verbal classified conversation….the capabilities certainly continue to advance and give us the opportunity to do that. You just have to be cautious of, you know, when is the most appropriate time to engage in that activity?"
Connected in your SCIF (sensitive compartmented information facility) >> "Inside the classified space, we certainly want to enable people to have more mobility than they had. So, ideally, we'd love to have the environment where you do pick up your laptop and go to the meeting room and your laptop is capable of connecting wirelessly and processing TS information. That is something we are striving towards. Lot of work to do in that space, but it's something we're going towards."
Apps Mall >> "There's lots of operational activity behind that. How do I know that you as a person have the need to know?....How are you trained to run the application? There's a lot of different operational components behind it, but natively what was understood was there would be kind of a central repository where all the analysts could go, much like you do with your iPhone or Android device today. You get an opportunity to search and see all the apps that are out there. And maybe you discover that there's some new ones and you try them out and you find that they do have some applicability…"
Evolution >> Historically, the director for information management had what they called senior account managers….The process has evolved a little bit…We have something where the customers actually get together amongst themselves in the functional disciplines, and they themselves kind of vet out requirements. We don't get effectively conflicting requirements, or diametrically opposed requirements - You know, PaCom wants you to do X, and EuCom wants you to do Y, and X and Y are totally incompatible with one another."
Talking stops, work starts on network consolidation
After a year of planning, the intelligence community has started the vast information technology project that the community is counting on to prevent deep cuts to collections and analysis in future years.
DIA's Mike Mestrovich is chief architect for the community's forthcoming common computing desktop.
Mike Mestrovich, DIA's senior technology officer for IT solutions, says the shift from talking to doing was made in mid August.
"We're now in effectively the implementation phase," he tells Deep Dive. "Service providers are now building out the various different components of that IT architecture, with an expected IOC [initial operating capability] date for the IT enterprise of the 31st of March 2013."
He's referring to development of the Intelligence Community Information Technology Enterprise, or ICITE (say eyesight).
Earlier this year, the intel agencies reached agreements about who would do what under the effort, whose basic outline and goals are unclassified.
CIA and NSA – two of the service providers referenced by Mestrovich – will shift information from fixed data centers into data storage clouds. DIA and the National Geospatial-Intelligence Agency are working jointly on a common desktop operating system for intelligence workers to be rolled out in phases. Mestrovich is chief architect for it. NSA is creating an Apps Mall that will incorporate apps stores of the various agencies.
No public dollar figure has been put on these changes, but they are supposed to generate enough savings later to prevent cuts to collections and analysis as the community throttles back its overall spending over the next decade.
An app for secure phone comms
On site with TeleCommunication Systems
The first thing you notice in the foyer of the TeleCommunication Systems headquarters in Annapolis is the flat screen TV with red dots showing where people in the U.S. are making 9-1-1 calls on their cellphones.
The locations are calculated with technology from TCS and other companies that provide Enhanced 9-1-1 services to Verizon, AT&T and other carriers. The display zooms in on one of the dots, and I'm a little spooked when I recognize the street name. It’s around the corner from my favorite Maryland fishing shop.
Authentication tokens will ensure you're not being spied on when using TeleCommunication Systems' new app. Credit: TCS
TCS operates at our society's convergence of military, intelligence and civil technologies. One moment it's helping 9-1-1 operators find wireless callers. The next it's transmitting text messages for consumers - 900 billion in the past 12 months. It also runs an unclassified "Art of Exploitation" cyber training course, and it has big plans to win a place in the network protection business.
TCS was founded in 1987 by Maurice B. Tosé. He's an Annapolis-grad and Naval reserve officer who remains CEO, president and chairman. Tosé is African American and he started the company with the aid of section 8(a) of the Small Business Act. It gives an edge to minority-owned small companies for some federal contracts. TCS started out by providing satellite communications to special operations forces, but the company has diversified and grown to 1,400 employees. It does not plan to stop there.
None of that is why TCS executives invited me here to their headquarters on the fourth floor of a brick office building in Annapolis. They want me to try the new secure wireless phone service they're developing.
TCS is one of the firms chasing a potentially lucrative line of business sparked by the National Security Agency. NSA has started a Mobility Program whose goal is to give government workers "the rich user experience of commercial technology" even when they're engaged in secure communications.
The underlying technology sounds hard to believe. NSA wants companies like TCS to figure out how to carve secure communications tunnels through commercial 3G and 4G networks using multiple encryption layers and authentication protocols. Government workers would download the apps onto phones of their choosing – or maybe their agency's choosing – under an approach dubbed BYOD for Bring Your Own Device.
TCS likes to point out that its version requires no extra hardware. Workers would simply download the app through one of the new government app stores now in the works.
NSA has been testing the basic concept of secure mobility under a pilot project called Project Fish Bowl – the bowl being encryption and authentication, and the fish being government workers. NSA would judge the security of the services but individual agencies would do their own selecting.
I don't have good insight yet about whether Fish Bowl is gaining traction, but TCS sure acts like it is. The company has soaked up every nuance it can find in the series of "Mobility Capability Packages" NSA began publishing on its public website in February. These guidelines tell competitors like TCS how to structure their secure communications services.
TCS expects NSA to release its last package before the end of the year, and hopes to start selling its service in 2013.
For now, though, I'm intrigued to have one of their demo phones in my hand. It happens to be a Motorola but really it's the app that matters. Across the conference room table, TCS' Vineet Sachdev holds an identical phone.
Sachdev is director of product marketing and management. He enters a password for me so that a TCS computer called the Security Broker can wirelessly verify it. The broker also generates the cryptographic keys that will scramble our voices on one end and de-encrypt them on the other. When Sachdev and I begin our conversation, a string of four authentication characters, called a token, appears on each of our screens. The first thing the participants in a secure call would do is read their tokens to each other. The characters are supposed to match. That's how the system verifies that a Voice Over Internet Protocol call is not passing through a "man-in-the middle" computer, a device programmed to eavesdrop. Sachdev says he won't reveal exactly how the authentication works, but in a nutshell, the two devices pass content between each, and this content would generate mismatching characters if it had passed through a third computer.
After we verify that our tokens match, I touch confirm.
Our voices are traveling over the Verizon consumer network, but the signals are disguised by the government's Advanced Encryption Standard 256 algorithm.
This was fun, but I wouldn't dare try to weigh the security merits of the TCS system. That said, the phone looks and feels familiar. It's easy to see why some people want this type of secure communications to be the future.
Letitia A. Long
Director, National Geospatial-Intelligence Agency
Since Aug. 9, 2010
Nickname: Tish
You might not know: She's a Hokie (Virignia Tech alumna) who worked on submarine acoustic sensor programs.
Quotable: "I want to take what NGA has done for the user and put that power directly in their hands on mobile devices or any means of their choosing."1
Long is the first woman to direct one of the country's main intelligence agencies. She is pushing to modernize NGA by making geospatial tools accessible online and on handheld devices.
Long's career has been on the fast track since the beginning. While attending Virginia Tech in 1978, she began working as a project manager in training at the Navy's David Taylor Research, now known as the Carderock Division. Long stayed on at Carderock after graduating in 1982 to work on submarine acoustic sensor programs.
In 1994, while managing research for the Office of Naval Intelligence, she became one of the youngest professionals ever selected to join the Senior Intelligence Executive Service, the highest echelon of federal intelligence professionals. She rotated over to DIA, where in 1996 she became the agency's first chief information officer.
Long left DIA in 1998 to participate in an early effort by then-Director of Central Intelligence, George Tenet, to coordinate policies and resources across the community. She returned to the Navy in 2000 as deputy director for naval intelligence, followed by three years as a deputy under secretary of defense in the Pentagon and four years as deputy director of DIA.
- 2010 GEOINT Symposium ↩
Interview: The End of Kumbaya?
As Chairman of the House Permanent Select Committee on Intelligence, Rep. Mike Rogers, R-Mich., has restored a measure of bipartisanship to a committee that was deeply divided by the George W. Bush years. The former FBI special agent faces the task of keeping the good will flowing even as he criticizes the Obama administration's handling of classified information and the adequacy of its intelligence approach to Syria. Rogers spoke with Ben Iannotta in his Capitol Hill office.
Read excerpts below >>
On Bipartisanship >> "I've tried to take all the edges out of the national security debate.…Working with Democrats on my committee and take their suggestions, their offers, their amendments before it gets to the place where you're supposed to fight about things, so that we can have an honest debate about it."
Oversight of the IC >> "When they're wrong, we need to tell them they're wrong. When they're right we should not be bashful about telling them they're right."
Political linkage >> "In this line of work, people do understand we're going to have differences of opinion. That's why you have Republicans and that's why you have Democrats….I'm out trying to repeal Obamacare today but we're working on very sensitive national security issues together the next day."
Polygraphs >> "There needs to be more than that. I would argue that there has to be some moral leadership coming out of the White House as well [to plug leaks]…There's a whole nother group of individuals that won't fall under those rules…National Security Council individuals and staff, and the folks who deal with that that come into a presidency and leave with a presidency."
Whistleblowers >> "When it comes to classified information, you cannot have individuals determining by what small piece of the world they see what should and should not be classified. That is a recipe for disaster. And there are lots of outlets. We have a Whistleblower Protection [Act] for a reason. They can come to a committee like the intelligence committee and offer up classified, sensitive information. It happens by the way, and we take every case that comes into our offices extremely seriously."
Syria collection strategy >> " I think being slow on an event like this is just not helpful… sometimes we just don't get to pick on our calendar when things happen, but we have to be willing to make hard, quick decisions to make sure we stay ahead of it. And I'm not talking about doing any action. I'm just talking about putting the United States government in a position to collect information that policy makers need to make good decisions. We're not just there yet."
Syrian rebels >> "There's been a lot of calls for arming rebels and I have been opposed to that because I just don't believe we know enough…As a policy maker, when you're talking about arming individuals to overthrow a government that's a big deal. It should be a big deal."
Analysts and agents >> "You take a counter terrorism case, and as complicated as they are, an analyst is critical to a better conclusion quicker… An analyst can help bring in information from across the country. The Crowley [sic: Coleen Rowley] case is a great example of that. If there had been an analyst on that case, who knows?"
Fort Hood intelligence >> "Somebody thought information was sensitive and not for sharing because of the way it was collected, and it was really just a simple mistake…And there was clearly some indications that the Army was very reluctant to move forward. They thought that they would be punished for being maybe overly aggressive with someone based on their religious beliefs…As an investigator, you can never do that…You have to take your leads where they take you."
Fort Hood confusion >> "It can be fixed…You had two very different cultures [in the Fort Hood case] trying to work in the same room "
Privacy >> "If you're an average citizen, the government isn't willy nilly collecting it and sitting down and having a good laugh over your emails and your tweets. It's not happening. In order for them to access your information, they have to have a warrant in order to say, 'Hey, I'm going to look at Mike Rogers' emails for the next three months,' They have to go to a judge and prove that there is some reasonable belief that there is going to be a crime committed."
Cybersecurity legislation >> " If we can get something that isn't overly proscriptive, overly regulatory to a conference committee, I think we can probably work out details to get something to the president…this fall.
FISA renewal >> "I think there's a difference between a big fight and a scuffle. I think you're going to see a scuffle."
IT modernization >> "If you're sitting at a desk having five different systems, we just can't sustain that any more. So we're going to have some merger of IT and some consolidation and synergy of services when it comes to IT."
Cloud security >> "We're still working through the security protocols to make sure that this stuff is safe and secure, not accessible outside of the cloud itself, so that you don't have intrusions that are dangerous to national security. We have all of that to work through. But I do think we're probably going to have to get there. I think it's the wave of the future."
General Dynamics makes addition to threat intel business
The planned General Dynamics purchase of Fidelis Security Systems might look like a case of a giant buying a cyber upstart to reduce competition, but executives said that is not what's happening here.
"This is really not about swallowing Fidelis, this is about giving it some resources to enable it to grow," said GD's John Jolly.
The companies announced an agreement Aug. 20 to purchase Fidelis at a price they are not yet revealing. Executives said the deal is 99.99 percent likely to be finalized.
Once that happens, the 70-employee company will be called GD Fidelis Security Systems and it will retain its offices in Bethesda, Md., and Waltham, Mass. "We are not planning any personnel moves as part of this," Jolly said.
Jolly and Fidelis President CEO Peter George discussed the acquisition in a telephone interview with Deep Dive.
Experts from General Dynamics already work closely with the intelligence community to respond to network threats and produce intelligence. What GD does not have is malware-detection software to sell along with those services.
That's where Fidelis will come in. The company's software inspects network traffic for evidence of malware and then blocks attempts by hackers to communicate with their handy work via network ports.
"When a bad guy wants to exfiltrate classified information, we can see that going outbound and do something about it," George said.
Depending on how things go in Congress, the timing of the acquisition could be fortuitous for GD. The company does not publicly take sides on pending legislation, but a cybersecurity bill introduced by Sen. Joseph Lieberman, I-Conn., would provide incentives for private companies to buy exactly the kind of software made by Fidelis.
Not surprisingly, Fidelis has been a strong supporter of S.3414, the Cybersecurity Act of 2012. "Having nation states steal our intellectual property is a national security issue," George said.
On Aug. 2, the Senate fell short of the 60 votes necessary to move the legislation forward to a final vote, but George said he hopes the Senate will revive the proposal after the presidential election.
Afghanistan-bound airship faces more testing
The U.S. Army's new football-field length airship flew with its nose high at the start of its inaugural flight over the New Jersey pines, requiring the two pilots aboard to adjust the balance of air and helium and shift diesel fuel among the tanks.
Even so, the first flight of the Long Endurance Multi Intelligence Vehicle on Aug. 7 was a long overdue breakthrough for Northrop Grumman in a development program whose delays have tested the patience of the Army.
By now, the 302-foot long demonstrator was supposed to have been flying in Afghanistan for nine months. The Army wants to fly LEMV for weeks at a time in its unmanned mode to eavesdrop on insurgents and search for IEDs.
Instead, Northrop has conducted just one of 10 to 15 flights planned at the Joint Base McGuire-Dix-Lakehurst, N.J complex. LEMV will then be flown to Melbourne, Fla., for more tests, including the first unmanned flights, which will need to be done over a military range.
What took so long to get airborne? "There were some areas that we potentially just underestimated in terms of complexity," said Alan Metzger, Northrop's vice president for the LEMV program, pronounced lem-vee.
Northrop and its team had to weave LEMVs fabric from scratch, join the pieces together to form the hull, test the hull for leaks by inflating it with air, and install LEMV's electronics. As for the nose riding a little high, Metzger isn't worried about that. "I wouldn't characterize it as an issue," he said. "It's just one of those things you deal with on a first flight."
The aircraft flew for 90 minutes, reaching an altitude of 3,000 feet. Inspections for signs of stress are underway toward a second flight.
Northrop won the LEMV competition in June 2010 and received a contract for $517 million to build up to three vehicles. The first flight was supposed to take place a year later, which would have provided plenty of time for tests and delivery to Afghanistan within 18 months of the contract award.
That didn't happen, but the Army has stuck with the program.
The complexity of building LEMV was driven by the fact that it is a hybrid airship. Its lift comes from helium, an aerodynamic shape designed by Hybrid Air Vehicles Limited of the U.K., and four identical, diesel driven propellers whose direction of thrust can be adjusted, or vectored.
Northrop wants to prove that a hybrid is the best way to meet the requirement for an aircraft that can carry 2,500 pounds of spy equipment at an altitude of 20,000 feet for 21 days.
"By the time we get to the third vehicle, we believe we'll meet all those requirements. But right now, we're short in a few areas," Metzger said.
Metzger said he does not yet know if the Army will exercise options to start work on the second and third vehicles. Some of the aircraft's equipment will be carried on its underside in an area the Army has dubbed the Murphy Bay, after Navy SEAL Lt. Michael Murphy, who received the Medal of Honor posthumously for his actions in Afghanistan. Under heavy fire during a 2005 reconnaissance mission, Murphy stepped away from his cover to call in help for his outgunned SEAL team. Murphy and two other members of his team died, along with 16 troops on a helicopter dispatched to rescue them.
LEMV is supposed to help prevent incidents like that by gathering reconnaissance remotely and relaying communications.
David H. Petraeus
Resigned Nov. 9, 2012 as Director, Central Intelligence Agency
Sept. 6, 2011 - Nov. 9, 2012
Nickname: Dave
(more…)
