1 March 1999. Thanks to J. Orlin Grabbe.
From: The Laissez Faire City Times, Vol 3, No 9, March 1, 1999
Intelink is the classified, worldwide intranet for the U.S. Intelligence Community¾ linking together the Central Intelligence Agency (CIA), the National Security Agency (NSA), the National Reconnaissance Office (NRO), the National Imagery and Mapping Agency (NIMA), the Defense Intelligence Agency (DIA), and 8 other intelligence organizations, including the FBI.
Intelink is the subject of Frederick Thomas Martin’s flashily titled Top Secret Intranet: How U.S. Intelligence Built Intelink¾ The World’s Largest, Most Secure Network. Perhaps the most surprising revelation the book makes is that this very closed network was built entirely on open system standards like TCP/IP (the communication protocols of the Internet) and SGML (Standard Generalized Markup Language, of which HTML¾ the hypertext presentation language of the World Wide Web¾ is an application). Indeed, Martin gets around to boldly stating that "Intelink is patterned after the global Internet."
"It was a dark and stormy night," Martin’s introduction begins, and that is the best written sentence in the somewhat ponderously crafted and repetitious Intro¾the literary techniques of English novelist Edward Bulwer-Lytton otherwise conspicuous by their absence. Reading Martin’s mushy acknowledgements, one quickly forms the impression of a book both written and vetted by a committee; indeed, one begins to question whether Martin’s name should appear on the book at all. Martin recently retired from the NSA as Deputy Director of its Information Services Group.
But it gets better once we reach the book proper. Chapter 1 tells the origin of Intelink, how in 1994 DCI James Woolsey created the Intelligence Systems Board (ISB) to improve the interoperability of information systems supporting intelligence operations. Along with ISB came a permanent staff, known as the Intelligence Systems Secretariat (ISS). Steven Schanzer, the first Director of the ISS, became the "father" of Intelink. A "proof of concept" prototype was put together in April 1994, and by the end of the year Intelink was operational. The rest of Chapter 1 gives a thumbnail history of the Internet and the World Wide Web, introduces SGML and its offspring HTML (an SGML application) and the more recent XML (eXtensible Markup Language, a subset of SGML which will be supported in future Netscape and Internet Explorer browsers), and concludes with a discussion of the need for Intelink to meet the changing needs of intelligence.
Martin notes that SMGL was adopted for document tagging by the Department of Defense in 1987 in its CALS ("Continuous Acquisition and Life-Cycle Support") Program, then as an information processing standard by the CIA in 1993, and finally by Intelink in 1994.
Chapter 2 is essentially a bureaucratic history of the development of Intelink, and describes the eventual formation of the Intelink Management Office (IMO), whose Director alternates between the CIA and DIA, and whose Deputy Director is always NSA. There are dry recitations of duties and goals, some of which read like they were written by an IT-trained Russian speaker struggling with the English language. For example:
The chapter notes that the Global Command and Control System (GCCS)¾ the Department of Defense’s new system for delivering command and control capabilities to the warfighter¾ relies in part on Intelink. (See "Intelink-S," below.)
As currently constituted, Intelink is segmented into security levels. At the core is "Intelink-SCI." SCI, according to Martin, stands for "Special" Compartmented Information, although most other people seem to think it stands for "Sensitive" Compartmented Information (see, for example, Jeffrey T. Richelson, The U.S. Intelligence Community, 3rd edition). Information available on Intelink-SCI is classified up to "Top Secret/SCI." About 50,000 people have access to this level, including Monica Lewinsky, while she was at the Pentagon. (You will recall that Monica had a Top Secret/SCI clearance for reasons never explained, but presumably because of her need for detailed handling of Presidential Decision Directives. Image what could have happened, for example, if a foreign intelligence service had gotten a sample of Presidential DNA and created a Clinton clone.)
The next level is "Intelink-SecretNet" or "Intelink-S," which carries information classified up to the Secret level. Intelink-S primarily serves the military, and has around 265,000 users¾ most of whom access Intelink-S through the Defense Information Systems Agency’s SIPRNET (short for Secret Internet Protocol Router Network).
The most interesting (and most highly classified) level is "Intelink-PolicyNet" or "Intelink-P," which is operated by the CIA and is only available to very high-level policy makers¾ such as the National Security Council, the DCI, or the President. That way the latter can get all the information they need, say, before deciding to decimate pharmaceutical factories in the Sudan or nomad tents in Afghanistan with Tomahawk cruise missiles.
The final level is "Intelink-UnclassifiedNet" or "Intelink-U," which includes all open-source (unclassified) intelligence, and which is available to members of OSIS (the Open Source Information Service) or others approved by them. OSIS is managed by the CIA, and relies on public data bases and other unclassified information¾ the "open-source intelligence" promoted by Robert Steele. This level is accessed through Virtual Private Networks (but hopefully not ones that use Microsoft’s Point-to-Point Tunneling Protocol).
Martin notes the close relationship of the intelligence community¾ especially the NSA¾ to the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh.
Chapter 3 argues the need for standards (and there is little to argue with here), and discusses three from the Department of Defense: TAFIM (Technical Architecture Framework for Information Management), COE (Common Operating Environment), and JTA (Joint Technical Architecture). In charge of all this is the Assistant Secretary of Defense for C3I (otherwise known as Command, Control, Communications, and Intelligence). (Elsewhere I have attempted to create an easy-to-read intuitive guide to what command and control¾ C2¾ is all about, in the context of SIOP, the Single Integrated Operational Plan for Nuclear War.)
The 8 volumes of TAFIM basically focus on open systems and the need to follow international and national standards. JTA¾ which like TAFIM was inspired partly by co-ordination failures in the 1991 Gulf War¾ is the practical implementation of TAFIM, mandating the use of commercial-off-the-shelf (COTS) software and hardware products, as well as standards such as SGML for documents.
COE can be briefly explained as follows. The 1970s mainframe-based war-fighting system, the World-Wide Military Command and Control System (WWMCCS, "whim-mix"), was upgraded in the 1980s, and eventually replaced in the 1990s. The new system was called the Global Command and Control System (GCCS), and was built by direction according to international and national information processing standards, using commercial and government "off-the-shelf" products wherever possible. (GCCS runs on Sun Microsystems computers running the Solaris Unix operating system.) COE consists of the software pieces of this common computing and communications environment, as well as the specifications for putting the pieces together to support specific military missions.
These three Defense Department standards automatically impact 8 of the 13 intelligence organizations within Intelink—NSA, DIA, NIMA, NRO, and the military intelligence units of Army, Navy, Air Force, and the Marines. To such Defense standards are added other initiatives relevant to Intelink and specific to the intelligence community, such as the Unified Cryptologic Architecture 2010 (by analogy to Joint Vision 2010), initiated by NSA Director Kenneth Minihan in September 1997, which mandates common cryptology standards and procedures across the intelligence community.
Chapter 3 concludes with a discussion of the Defense Message System (DMS), Defense’s new e-mail system using COTS software. It looks pretty much like the e-mail system you use, except encryption is provided by FORTEZZA instead of PGP. (In the DMS, "e-mail" refers strictly to personal, as opposed to organizational traffic. Here I ignore this distinction.) The DMS is being implemented throughout the intelligence community.
Chapter 4 talks about security. It discusses privacy, encryption, digital signatures, DES, public key cryptography, and the like. Nothing new here. The chapter also looks at the psychology of network attackers: what motivates their nefarious deeds? Martin mentions money, revenge, and terrorism, but not the much more common Faustian impulse (the simple desire to know and understand that motivates many hackers). However, Martin classifies the latter as terrorists, so in his terms the categories are complete.
Martin presents a curious group of spies, along with what he believes motivated them: the Walker family; NSA mathematicians William Martin and Bernon Mitchell, along with NSA’s Robert Lipka; the CIA’s Aldrich Ames, Edwin Moore II, Donald Groat, Harold Nicholson; the FBI’s Earl Edwin Pitts; the Korean Robert Kim. For example, Martin says Aldrich Ames was motivated by greed, but anyone who has studied the case knows the truth is much more complicated than that. But the strange thing about Martin’s list is the omission of Jonathan Pollard, who did more damage¾ especially to the NSA¾ than all of the above put together.
Martin is somewhat dismissive of the Deschall crack of DES in June 1997, which took several months and used the idle computer time among thousands of Internet computers. He probably knows better. But now that the Electronic Frontier Foundation has built Deep Crack, there is no further room for argument: 56-bit DES only gives fleeting security.
Chapter 5 gets off generalities and discusses actual Intelink security. At the time this book was written, Intelink was only protected by passwords: different passwords for different security levels of Intelink. In fact, each security level operated as a separate network, so that one might have an Intelink web page inviting comments on an article, say, and find it necessary to give three separate contact addresses for users, respectively, of Intel-SCI, Intel-S, and Intel-U.
Within each level, no distinctions were made among the users in the pool. All in all, the simple password mechanism suggests that security was fairly mickey-mouse in this "world’s most secure network."
The intent, however, was to introduce strong two-way authentication using a certification authority (CA) issuing X.509 certificates. The idea was to replace the current layered password approach with a single sign-on password, along with a security token (such as a smart card containing the required certificate information, which could also double as an identification card). Then when the user wanted to access a particular database, he would present his certificate (via the security token), which the server would check for the proper authorization.
Channel security (between the user and the Intelink server) is provided by the Secure Sockets Layer (SSL). Martin does not discuss any of the short-comings of SSL 3.0, such as the fact that within the key-exchange message protocol, the change cipher spec is not protected by message authentication in the finished message. He talks about RSA’s MD5 hash function without noting that even RSA no longer recommends its use (see "Recent Results for MD2, MD4, and MD5"). He refers to Triple-DES as using 112-bit keys, when in fact it uses either two or three 56-bit keys (64-bit keys if you include the disgarded parity bits), but has the equivalent security of a 112-bit key.
Intelink has its own bulletin boards, or Usenet-type groups, called Communities of Interest (COI). Restricting access to these was considered especially important, as they are liable to involve serious and detailed discussion of the lastest information (including classified data) on relevant topics. Beta-tests of the certificate-based approach using COTS software have been done in connection with the Non-Proliferation Center (NPC) and the Anti-Drug Network (ADNET).
Chapter 5 also discusses the NSA’s Multilevel Information Systems Security Initiative (MISSI), including Fortezza and Rosetta. Fortezza, of course, arises from the "Clipper chip" framework (with a government back-door) that the Clinton administration tried, but failed to cram down the throats of the American public. Fortezza is a PC card that includes the Secure Hash Algorithm (SHA), the Digital Signature Standard (DSS), the Skipjack encryption algorithm (with weak 80-bit keys), and a key exchange algorithm. To use his Fortezza card, the owner must enter a 12-digit PIN (similar to the 4-digit PINs used in ATM cards). But since most networks don’t use PC cards, and since Fortezza cards are relatively expensive, a second project called Rosetta intends to substitute a low-cost "Rosetta" smartcard as an alternative to Fortezza.
Chapter 6 describes Intelink user tools and services. The material here will be familiar to any user of the Internet. For example, one of the search tools used by Intelink is Altavista, one of the best and most widely-used Internet search engines. The main interest of this chapter lies in the discussion of the specific COTS software that Intelink uses for its search engines, for the management of its user groups (COIs, such as misc.weapons.iraq), and for the provision of reference aids. This includes such familiar commercial software as WebChat and RealMedia.
Chapter 7 describes how Intelink manages information. The book claims that corporations typically deal with structured data (the type that can be easily handled by relational databases) while the intelligence community deals with unstructured data. (This statement is easy to dispute: corporations haven’t learned to structure inherently unstructured information any better than intelligence organizations. That’s why, for example, universities have management departments which often teach by cases studies, which aggregate unstructured information and try to make sense of it.) But¾ moving on. How does Intelink deal with its inherently "touchy-feely" information problems?
First, Intelink set up a Joint Standards Board (JSB) patterned after the World Wide Web Consortium (W3C). Next, it formalized the use of metadata¾ essentially document tags, such as security classification, name of the intelligence organization producing the document, title, date, topic country, etc.
Next it set up its own Web publishing standards based on SGML. SGML is a metalanguage that allows you to create individual markup languages, such as HTML, the language that Tim Berners-Lee created for the World Wide Web. But you could just as easily create Your Own Markup Language (YOML). So a document marked-up in SGML potentially could be displayed in HTML or in YOML, depending on prior conversion or the future capabilities of your browser. A problem with SGML is that it is so general that programmers find it impossible to get a handle on it. That led to the creation of a simplified version of SGML, called XML, which still allows to you to create your own markup language, but removes some of the perhaps excessive generality of SGML. The World Wide Web is evolving from HTML to SGML/XML, and so is Intelink. (It appears that intelligence documents are currently marked up in SGML, in many cases, but automatically converted to HTML before being published on Intelink.)
Finally, Intelink has experimented with "push" and "pull" technology. "Pull" is when you go out to the Web (or Intelink) and search for what you are looking for. "Push" is when you set up criteria or filters for what you are generally looking for. Then newly published information is broadcast, and if it meets your filters, it arrives at your site as voluntary spam.
Chapter 8 involves some case studies from the Joint Intelligence Center, Pacific (JICPAC), the Office of Naval Intelligence (ONI), the NSA, the Foreign Broadcast Information Service, and NIMA. These studies document the problems of moving from paper to on-line or CD-ROM publishing, and highlight the implementation difficulties of new standards such as SGML. But there are benefits. The ONI, for example, can now publish its ships and weapons handbooks using 5 percent of previous resources, and in 1 percent of the turnaround time. "The traditional paper version of the Naval Ship and Submarine Characteristics Handbook series consisted of 11 regional volumes of about 1,000 pages each. These volumes were distributed to over 900 customers around the world at a total cost of approximately $250,000. The cost to produce the new CD version is about $10,000, or less than five percent of the paper version" (p. 265).
Chapter 9 looks to the future "information revolution of the Third Millennium." Intelink wants to be part of it. Here, as in much of the book, the approach is cut-and-paste: this person in a speech made this list of points¾ 1, 2, 3; that person made that list of points¾ A, B, C. Blah, blah, blah. But of course the real information revolution will arrive when Martin learns to integrate all this information into an informative, non-repetitive narrative. But instead he prefers to randomly quote as many people as possible (a paean to "our crowd"?), and to endless repeat the same ideas over and over in slightly differentiated form. And, naturally, every significant idea has to be credited, if possible, to an appropriately high-level bureaucrat.
The chapter does raise an interesting question: if information is conceived of as an economic commodity, what should its price be? Here I will only note that both Aldrich Ames and Jonathan Pollard worked hard to answer that question, but the value of their research was somewhat diminished because they each dealt in limited markets.
As an example of how the private sector is coping with the information revolution, Chapter 9 also looks at Walt Disney Imagineering¾ a company which works closely with the intelligence community. Walt Disney Imagineering, at least Bran Ferren, sees the global Internet as the enabler of the future¾ and one sees little reason to dispute this. (I wrote an article along the same lines, "The Internet and the Death of the News Monopoly," to explain the future to 60 Minutes, but they had no idea what I was talking about.)
According to the book, "the Internet is like fire." So I guess if you stick your hand in it, you are liable to get your fingers burnt.
Chapter 10 talks about the agile enterprise. "Agile" here is a buzzword, but basically means the opposite of sclerotic. We want agile enterprises, not sclerotic ones. The book helpfully quotes a MITRE Corporation white paper that explains that in order to create the agile enterprise, "we must become more agile . . ."
The reason for all this nonsense apparently is that Ruth David, Deputy Director for Science and Technology at the CIA, likes the word. The basic image is that of an enterprise that reacts quickly and efficiently to customer needs. Fair enough. However, once you turn something into a buzzword, it quickly loses all contact with reality. "What is the essence of agile?" "The ten (or is it 24?) characteristics of the self-organizing agile enterprise." "Why connected process A is 35 percent more agile than connected process B." "We need congressional funding for a global survey of forward-looking agility." Etc.
One measure of agility may be demonstrated when people post articles you don’t like to Usenet¾ such as "Hackers Vs. Politicians". See how quickly you can delete them. The agile enterprise, such as NSA, will hop right to it and get the job done.
One would not want to leave Chapter 10 without picking up another acronym: JIVA, the DIA’s Joint Intelligence Virtual Architecture. (Don’t ask. After a while, all these Five-Year Plans sound alike.)
The Glossary pretty much sucks. It will tell you, for example, that "CIA" stands for "Central Intelligence Agency" (gee, how helpful), but will not tell you that "ISS" stands for "Intelligence Systems Secretariat." (Under "Intelligence Systems Secretariat," however, it will let you know that "ISS" is its acronym.) The same is true of a myriad of other obscure acronyms that appear in the book and which are apt to slip the mind from time to time. But this is somewhat consistent with the cut-and-paste philosophy. One envisions that someone found a glossary of intelligence terms and pasted them into a hole in the manuscript, without giving further thought to the actual usefulness or completeness of the addition.
The CD-ROM included with the book doesn’t have a lot on it. The main thing is a sample copy of the "Intelink Central" homepage, and a few not-terribly-informative subpages. These, naturally, can’t be explored and used by the hoi polloi for real, but the latter can look at the pretty markup and wonder what’s behind all those links.
Will you find the book and CD-ROM worth the $35 cover price? Probably. Just buy it. You don’t have to like it.
J. Orlin Grabbe is the author of International Financial Markets, and is an internationally recognized derivatives expert. He has recently branched out into cryptology, banking security, and digital cash. His home page is located at http://www.aci.net/kalliste/homepage.html.