WASHINGTON — “Tag the data, tag the people.”
Director of National Intelligence James Clapper says that’s the “bumper-sticker mantra” of a key part of the intelligence community’s plan to prevent another catastrophic release of information like the one former NSA contractor Edward Snowden pulled off last year. The extent of the damage revealed in the numerous programs, sources and methods Snowden farmed out to journalists and activists may not be fully known for years, according to experts.
“What we’re pushing is a project called ICITE (pronounced EyeSight), which is the Intelligence Community Information Technology Enterprise,” Clapper said in an exclusive recent interview with WTOP.
He said the program started several years before Snowden’s release.
“The basic idea is to have one integrated enterprise, as opposed to separate stove pipes, and to take advantage of cloud computing and the requisite security enhancements,” Clapper said.
The intent of the program is to keep tabs on what data are in the intelligence community’s databank, and so “we can connect that data with the people who have the appropriate bona fides to have access to the data,” said Clapper.
The system is able to be audited and, according to Clapper, can enhance security and promote sharing.
Other initiatives are under way to promote better security of information and to discourage leaks. One of them is a layered management system to secure information.
“We have different tiers of systems administrators,” Lonny Anderson, director of the NSA’s Technology Directorate, told WTOP.
“So if you are going to add code to or change code on one of our systems, it doesn’t matter if you are a tier one, two or three systems administrator; you’ll be observed by another systems administrator,” explained Anderson.
But Clapper is under no illusion that Edward Snowden was the last disgruntled intelligence-community member thinking about leaking damaging information to the public and, worse, to the U.S.’s adversaries.
“If we do have people like that, and I’m sure we do, the intelligence community is a large enterprise with a lot of people in it who have all the typical idiosyncrasies and foibles of the larger population. I would hope they would use the legitimate outlets that they have available to them if they have grievances that they think are so egregious that they must say something about them,” said Clapper.
A year before Snowden’s extraordinary breach, Clapper was outraged by what he called “a hemorrhage” of top-secret U.S. intelligence, and he warned those responsible for leaking the classified information related to U.S. activities involving Iran’s nuclear program.
He said intelligence officials are working on strong, new procedures to halt the flow of classified information that is finding its way into the news media. At the top of the list was “expanding the counterintelligence polygraph, which is already given to large numbers of people in the intelligence community. I think we can enhance that,” Clapper said.
He would like to see it expanded beyond the agencies that comprise the intelligence community to the agencies that work with them.
“There are many others who know about these things beside those that are formally a part of the intelligence community. The secrets that are generated within the intelligence community don’t necessarily stay within the intelligence community. There are many others who are exposed to those same secrets,” Clapper said.
The official definition of the intelligence community, according to Presidential Executive Order 12333, includes the following:
The directive confirms that U.S. government employees, who don’t work for intelligence agencies but do work with IC agencies, have access to extremely sensitive information.
As the Office of the Director of National Intelligence (ODNI) continues to grapple with the fallout from Snowden’s historic release and deterring others from following suit, the NSA is beginning its annual exercise to test the next generation of military cyber warrior’s capacity to protect classified information.
The cyber-security skills and ingenuity of students from the U.S. service academies are being put be put to the test by NSA top information assurance professionals in the 14th Annual Cyber Defense Exercise (CDX), which will be held from April 8-10.
Teams from the U.S. Military Academy, U.S. Naval Academy, U.S. Air Force Academy, U.S. Coast Guard Academy, U.S. Merchant Marine Academy, the Naval Postgraduate School, and the Royal Military College of Canada will participate in the exercise.