Risk
5/3/2011
12:44 PM
John Foley
John Foley
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

U.S. Intelligence Connects The Dots On Bin Laden

Intelligence agencies are leveraging new surveillance technologies and IT architectures to facilitate information sharing in their anti-terrorism and other national security efforts.

A bullet killed Osama bin Laden, but U.S. intelligence is what did him in.

The counterterrorism mission that caught up to al Qaeda's leader was a multi-agency intelligence effort that, for a change, worked as planned. The CIA, the National Geospatial-Intelligence Agency (NGA), the National Security Agency (NSA), and the Office of the Director of National Intelligence all played a part. James Clapper, the U.S. director of national intelligence, called their work "a more remarkable example of focused integration, seamless collaboration, and sheer professional magnificence."

That's a 180-degree turnaround from what the nation's spy agencies, under intense pressure since their failings on 9/11, have been hearing for much of the past decade. The attempted bombing of Northwest Airlines flight 253, en route from Amsterdam to Detroit, on Dec. 25, 2009, showed that gaping intelligence holes still existed. President Obama fumed that the incident was "totally unacceptable." And the embarrassing leak of Department of Defense and State Department documents via Wikileaks showed that the feds couldn't protect their own databases, let alone U.S. citizens.

So the elimination of the world's most-dangerous terrorist is a much-needed proof point that the U.S. Intelligence Community (IC) -- comprising the four agencies involved in the bin Laden mission and a dozen others -- is up to the monumental security challenges facing our nation. While details are still emerging on the intelligence that led to bin Laden, the foundation has been laid by IC member agencies over the past few years in the form of new surveillance, analysis, and information-sharing capabilities.

Of the $80 billion that the IC spent on intelligence operations in fiscal 2010, $27 billion went to military intelligence -- the Defense Intelligence Agency, for example -- and the balance to non-military intelligence agencies such as the CIA and FBI. One takeaway from the Navy SEAL's successful raid on bin Laden’s Pakistan hideout is that it was a joint effort between non-military U.S. intelligence agencies and the Pentagon. "This operation was the best of both worlds," Army Lt. Col. Tony Schaffer told Fox News. "You have CIA intelligence driving a Department of Defense operation."

How did they do it? Intelligence agency CIOs have been busy developing new platforms to support precisely this kind of collaboration. NSA CIO Lonny Anderson, in an exclusive interview with InformationWeek a few weeks ago, described work the agency is doing to foster information sharing through IT architecture and infrastructure.

One project, called "the Quad," is a joint initiative between NSA, NGA, the National Reconnaissance Office, and the Defense Intelligence Agency to create a shared development environment. Another is the Integrated Intelligence Pilot, or I2P, which involves deploying software and servers on the IC's classified network, the Joint Worldwide Intelligence Communications System, so developers can share applications and run database queries across agencies.

"Instead of taking data from CIA-specific or NSA-specific repositories, or FBI or DIA, you'll be able to query via the cloud into those organizations and ask, 'Do you have information that meets this question?' and they'll be able to say yes or no," Anderson said. NSA's CIO is optimistic that such efforts will lead to an even higher level of integration and data sharing. "Come back a year from now, and it'll be a much different discussion on what data we can share and how," he said.

At the CIA, the big news last month was the announcement that director Leon Panetta will be leaving to take over as Secretary of Defense. Lesser known is that the agency's CIO, Al Tarasiuk, left two months earlier to become CIO of the IC, where he's now responsible for establishing common IT standards and procurement across intelligence agencies and for developing an information-sharing architecture.

Tarasiuk's former IT team at the CIA played an important role in the agency's work to track down bin Laden. His move to the IC bodes well for the IC's continued thrust in information sharing. No mere speeds and feeds guy, Tarasiuk spent his early years overseas in the CIA's National Clandestine Service.

The NGA, one of the other agencies involved in the mission to get bin Laden, provides photos generated by earth-orbiting satellites for use in national defense and in response to natural disasters such as hurricanes and earthquakes. NGA provided the high-res images used by military planners to swoop in on the compound in Abbottabad, Pakistan, where bid Laden was hiding.

Last year, NGA awarded contracts valued at $7 billion to Digital Globe and GeoEye to develop next-generation satellite surveillance capabilities. Look closely at the aerial view of the compound provided by Google in this CNN story, and you'll notice that Digital Globe and GeoEye are credited with providing the image.

For an overview of the other organizations within the IC and what they do, see our guide "Who's Who In U.S. Intelligence."

Uncle Sam's success in tracking down bin Laden is validation of the long, expensive, and often frustrating effort to establish better intelligence capabilities, but there can be no letdown. With the prospect of an al Qaeda response, national security depends on it.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6278
Published: 2014-09-30
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and m...

CVE-2014-6805
Published: 2014-09-30
The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6806
Published: 2014-09-30
The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6807
Published: 2014-09-30
The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6808
Published: 2014-09-30
The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.