Uncle Sam's Info-Tech Crisis


By Alex Salkever In the wake of September 11, the federal government's technology infrastructure is not only backward but may also be downright dangerous. Any doubts about that were cleared up by with FBI Director Robert Mueller's recent testimony before the Senate. Mueller revealed that the bureau was unable to search through its electronic documents using anything but single terms. Searching for something as simple as, say, "flight schools" in agent files would confuse the computer -- even though such search capability has long been the available to anyone who staggers into an Internet cafe from Delhi to Des Moines.

What's the problem? The FBI -- and much of the rest of the federal government -- has unwisely chosen to build its technology atop specialized software that's hard to use and expensive to maintain and update. Staying out of the commercial-software loop, where malicious hackers share information about programs' vulnerabilities on the Internet, was an effort to maintain security through obscurity.

PONY EXPRESS. Security may have been maintained -- but at the expense of Uncle Sam's communications capabilities. Under the current technology constraints, few government agencies can actually communicate electronically, let alone search easily through information on their own systems. Such problems are writ large in the FBI, where fugitive alerts still are transmitted to local law-enforcement bodies via an ancient system of fax and teletype machines that insiders compare to the Pony Express.

So here's a quick guide to what the government needs to do to upgrade its technology. For starters, it has to stop living in a "flat" world -- and stop using antiquated flat-file databases. Such databases store information in rigid tables that are difficult to link and reference for complex queries. By comparison, much of the private sector has long since switched to relational databases, such as Microsoft's SQLServer, IBM's Informix, or Oracle's 9i software. These databases are organized around a more flexible basic system of tables that can be easily reconstituted around specific criteria.

A table holding biographical information about terrorists could hold categories for name, country of origin, known associates, and favorite modus operandi. Another table could hold biographical information on weapons dealers, their residences, and the types of armaments they specialize in. With a relational database, someone wishing to match information between arms dealers and terrorists could easily conduct a quick search for overlaps. Not so in flat-file databases, where it's cumbersome -- and often impossible -- to connect tables.

GRADUAL TRANSITION. Upgrading these databases is crucial, but there's a big hurdle. Everything from e-mail servers to system-usage logs are underpinned by databases. Simply ripping out old databases and dropping in new ones isn't that easy. What happens to all the old data, a treasure trove of field reports and more? They could get lost forever if the systems administrators aren't careful.

For that reason, the FBI should use conversion software that can take the old flat-file systems and reconfigure the data into modern programs. This is a big systems-integration undertaking, but it would allow agencies to make a gradual transition. They could continue using existing systems while simultaneously building more modern ones, according to Vivek Wadhwa, CEO of Relativity Technologies, which builds conversion software.

Relativity, based in Cary, N.C., has helped the North Carolina Justice Dept. move its handgun-registration system out of older software and onto newer systems built around relational databases. A far larger conversion project, such as the FBI's internal networks, would take months and cost many millions, says Wadhwa. But Mueller has admitted publicly that upgrade efforts could take years if they continue at their current pace.

LEAVING TRACKS. Once the government's world is no longer flat, a whole new vista of possibilities would open up. Entire departments could begin to install commercial search software from Verity, Inktomi, Google, FAST, or AltaVista. This software tracks everything, so the government could then have a much better handle on exactly who has seen what information or what case files. Such audit capability would have helped immensely in the case of FBI agent and convicted spy Robert Hansen, who had years of unfettered access to bureau files, both online and off. The FBI had no good way of tracking his interests, knowing what files he had looked at, or learning which operations had been compromised.

Establishing internal audit trails isn't the only concern, however. Sending top-secret intelligence reports requires a higher level of security than is in place now. A separate e-mail system built around high-powered virtual private networks (VPNs), which strongly encrypt data transmissions, would be a good start. Technology exists from companies such as San Franciso-based ZoneLabs that can force a user to plug into a VPN before being allowed to transmit information. Such software doesn't have to be hugely intrusive or onerous.

Once its information can be searched and transmitted -- the two key elements in any type of serious data-based intelligence effort -- the government can start to think about better ways to use computers to analyze it. Perhaps the FBI could build a program that automatically cross-checks for overlapping elements between newly filed reports and existing intelligence campaigns. One possibility: linking up with the new airline screening program CAPPS II, which will track key information on known suspects, such as credit-card and car-rental activity (see BW Online, 6/05/02, "The Intensifying Scrutiny at Airports").

DROWNING IN DATA. Of course, none of this solves several basic problems. Even if the various agencies can pull off their upgrade, they'll be faced with the daunting task of managing even more data. The same info that before was sitting only in front of agents in Minneapolis, say, will now be accessible throughout the system. "They're already at information overload at the FBI, the CIA, and the NSA [National Security Agency]. They're swimming in information," says Paul Roberson, the director of risk assessment for computer-security company TruSecure in Herndon, Va., and a former computer-security manager at the White House.

The usefulness of computer-automated analysis to alleviate this crush remains limited. Automated searches often generate a surfeit of junk information, and they can't replicate the inherently intuitive search abilities of human analysts. Similarly, automated language analysis, which the U.S. military is now using in Afghanistan, has its limitations. Computers perform literal translations but can't provide much context.

"The advantage is a generic analyst can look at the [translated] stuff and [decide] to get someone with native-language skills to look at the source information," says Roberson. But he points out that such programs aren't always useful in analyzing e-mail, "because people tend not use grammatical structures."

"NOT SO SEXY." More human eyes and ears would be a good start. But that hasn't played well on the Hill in the past. "It's sexy to be able to eavesdrop on every cell-phone conversation and pick up key words. What's not so sexy is sifting through gigabytes of data to look for attack patterns," says Sunil Misra, the director of global security at technology provider and consultant Unisys.

To their credit, President Bush and Congress have provided unprecedented levels of funding to fuel these changes. The new Transportation Safety Administration alone has a startup technology budget of $1.5 billion. But throwing money at similar problems hasn't always yielded the desired results. Witness not one but two failed attempts to revamp the IRS's computer systems -- a debacle that has cost taxpayers hundreds of millions of dollars and infuriated lawmakers.

The government needs to stay focused on first rescuing data trapped in older systems and then establishing the basic framework for widespread search and communications functions. Exotic, automated intelligence forays would be gravy atop such basic achievements, which by themselves would dramatically improve agencies' ability to work more efficiently -- on their own and together.

For more homeland-security coverage, see:

BW Online, 6/10/02, "Homeland Security's Winners and Losers"

BW Online, 6/6/02, "Post-9/11: How Business Is Buckling Up"

BW Online, 6/5/02, "Global Shipping in the Security Age"

BW Online, 6/4/02, "Uncle Sam's Ally: Corporate America"

BW Online, 5/31/02, "America's Biggest Job"

BW Online, 5/31/02, "Tom Ridge on Safety's Fearful Price"

The McGraw-Hill Companies' Homeland Security & Defense special report

Salkever covers computer security issues his regular Security Net column, only on BusinessWeek Online Salkever covers computer security issues weekly in his Security Net column, only on BusinessWeek Online


Tim Cook's Reboot
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus