National Security AgencyPosted 2002-09-10 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A year after Sept. 11, law enforcement far too often finds itself left alone on the front line of defense.: Oceans of Information">
National Security Agency: Oceans of Information
The National Security Agency (NSA) is the biggest and most sophisticated spy organization in the world. From its "listening stations" on five continents, the agency harvests phone calls, e-mails, faxes and radio signals every second of every day, pouring the information into memory banks capable of storing 5 trillion pages of data.
According to a July 2001 Washington Post report, the agency yanks enough data from the ether every three hours to fill the Library of Congress. More linguists and mathematicians work at the NSA than anywhere else in the world, and it also owns the world's largest collection of supercomputers. One Cray machine used by the agency handles 64 billion instructions a second. Just running the agency's collection of supercomputers alone requires as much electricity as the city of Annapolis, Md. To cool the computers, it keeps 8,000 tons of chilled water; one particularly powerful supercomputer is submerged in a nonconducting liquid to keep it from overheating.
Despite the agency's technological savvy, however, the congressional subcommittee report makes it clear that the NSA has a lot of work to do to get its internal computer systems to operate together. For years, different divisions within the agency worked in separate worlds for security reasons. They developed their own software, bought their own hardware, and built their own networks.
When Lt. Gen. Michael Hayden took over the agency in 1999, it had 68 different e-mail systems. If he wanted to send out an e-mail to all NSA employees, he'd have to send the message 68 times.
Under Hayden, the agency is inching toward creating systems that talk to each other. Last year, it began awarding its first contracts under Project Groundbreaker, a $5 billion, 10-year project that is farming out, for example, the running of the NSA's office-technology infrastructure, which includes thousands of computers and a thicket of software and communications systems.
The ultimate goal: that NSA workers would be able to send top-secret files to colleagues within the company without having to navigate different systems and multiple layers of bureaucracy. The Project Groundbreaker contracts will not touch upon the NSA's core of surveillance networks.
Unlike the CIA, where spies are out in the field performing hands-on snoopingreferred to as HUMINT, or "human intelligence"the NSA relies almost entirely upon technology to gather its oceans of information.
The NSA does share information with the CIA, but there's nothing formal about it. While the NSA and CIA wouldn't comment on their data and information-sharing capabilities, Steven Aftergood, a senior research analyst at the Federation of American Scientistsa private policy research organizationsays the panoply of different systems the two agencies use barely works within each agency, never mind between the two agencies.
"Some people say the NSA and the CIA are further apart than the CIA and the FBI," says Rindskopf-Parker, the former University of Wisconsin general counsel, who also has served as counsel for both the CIA and for the National Security Agency.
Still, there's nothing technologically that is stopping the intelligence and law enforcement agencies from communicating with one another, says Matthew DeZee, who ran the CIA's computing and communications infrastructure on a global basis between 1999 and 2001.
"The technology is there to do whatever is needed to get doneor at least it's available," DeZee, now CIO for the state of South Carolina, says. "There will be minor problems like interoperability, the typical stuff you run into whether it's a government agency or a corporation. The technology is there for people to communicate."
The technological challenge in sharing data is the range of different classified levels and the security each level demands, at different agencies.
"Multilevel security is a killer issue," he says. "It tends to produce networks (where) everyone using them has the same clearance."