Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Information handcuffs: Counterterrorism IT needs support from the top, Congress told

leave a comment »

Information handcuffs: Counterterrorism IT needs support from the top, Congress told

There is no technological silver bullet for identifying would-be terrorists in the terabytes of information the National Counterterrorism Center receives each day, a deputy director for that center said today.

Russell Travers, NCTC’s deputy director for information sharing and knowledge development, said the center has many technological tools that sort, sift and cull through the swaths of information it receives each day from some 30 networks that feed the center. But privacy and policy considerations put boundaries on what officials can do with the data.

“The further you move in the direction of comingling foreign and domestic data in a single enclave where you can effectively apply tools, the harder the legal and policy and privacy issues become,” Travers told the Senate Homeland Security and Governmental Affairs Committee.

Travers testimony comes as intelligence agencies work to remedy problems exposed by Umar Farouk Abdulmutallab’s alleged attempt to blow up an airplane en route to Detroit on Dec. 25. Officials have said the inability to foil the plot was a failure of integration and analysis rather than a problem of information hoarding.

Travers said the failure to thwart the attack wasn’t due to a lack of information sharing, but rather the longstanding problem of identifying and integrating fragmented information in absence of an obvious threat.

“Notions of a Google-like search or a federated search are actually of relatively limited value,” Travers added. “We actually have significant Google-like searches that will go across many message-handling systems and we still would not have come across” Abdulutallab. Even with search capabilities, Travers said a challenge was conducting a precise query.

Speaking of jihadi sites and OSINT, here we have a peek at the NCTC’s problems where data is concerned. It seems that they have a fire hose to gulp from at times and at other no one is talking to one another.

So what can be done?

This article and the testimony clearly point out a basic premise.

“They need support from the top”

This is the only way things will hppen. Its the same with infosec in the private sector. If you don’t have buy in from the top, nothing will actually be enforceable below. So, what needs to happen for these folks and frankly, in my opinion, the private sector are the creation and enforcement of some rules.

In the case of the spook “community” and military, they need to be able to share what they know. This especially goes for the federal entities like the FBI who are known to be pricks about jurisdiction and need to know. If they can’t get this stuff straight we will have another 9/11 situation where you had the 19 living just down the road a piece from Ft. Meade and memos on Arab men taking flying lessons who were not interested in landing, on the desk of some SAC with his finger in his ass.

In the private sector, we need some laws and rules as well as real honest to goodness repercussions if you are not compliant. This whole HIPAA and SOX game today just does nothing for security really.

I have little hope of change though.

CoB

Written by Krypt3ia

2010/03/11 at 23:28

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: