[infowar.de] Die Computerprobleme der NSA

[Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>]

... die aber offenbar mit dem aktuellen Abhörskandal[1] nichts zu tun 
haben. Der Artikel ist schon etwas älter, aber wenn Bruce Schneier ihn 
heute erst rumschickt, dann darf ich das auch. ;-)
RB

[1] Dazu eine aktuelle Pressemitteilung, an der ich auch beteiligt war:
<http://www.netzpolitik.org/2006/pressemitteilung-us-abhorskandal-erfordert-umdenken-auch-in-europa/>



<www.baltimoresun.com/news/custom/attack/bal-te.nsa26feb26,0,6311175.story>

Computer ills hinder NSA
2 technology programs, weapons for the war on terrorism, have proved duds

By Siobhan Gorman
Sun reporter

February 26, 2006

WASHINGTON -- Two technology programs at the heart of the National 
Security Agency's drive to combat 21st-century threats are stumbling 
badly, hampering the agency's ability to fight terrorism and other 
emerging threats, current and former government officials say.

One is Cryptologic Mission Management, a computer software program with an 
estimated cost of $300 million that was designed to help the NSA track the 
implementation of new projects but is so flawed that the agency is trying 
to pull the plug. The other, code-named Groundbreaker, is a 
multibillion-dollar computer systems upgrade that frequently gets its 
wires crossed.

The downfall of the Cryptologic Mission Management program has not 
previously been disclosed. While Congress raised concerns about the 
agency's management of Groundbreaker in a 2003 report, the extent and 
impact of its inadequacies have not been discussed publicly.

Intelligence experts told The Sun that as a result of these failures, 
agency computers have trouble talking to each other and frequently crash, 
key bits of data are sometimes lost, and vital intelligence can be 
overlooked - all as the agency aggressively argues for broader 
surveillance power under the president's warrantless wiretapping program.

Moreover, there are no agency-wide controls to make sure effective fixes 
are put in place, and, with the demise of the mission management program, 
none will be in place anytime soon.

"The stuff that NSA does is probably more valuable today than it's ever 
been," said John Pike of Globalsecurity.org, who has monitored the 
intelligence agencies for 25 years. "If their infrastructure doesn't work, 
they can't work. If the people can't work, the agency can't work."

A former NSA employee put it more bluntly, as he explained why he was 
speaking to a reporter for the first time, though on the condition of 
anonymity: "What I am fearful of is: Because of all this, we will have a 
9/11 Part II."

These two programs, in combination with the NSA's $1.2 billion 
threat-sniffing initiative called Trailblazer, were to be the engine that 
would propel the formerly cutting-edge intelligence agency into the 
digital age. The Sun disclosed last month that six years after it was 
launched, the Trailblazer program consists of little more than blueprints 
on a wall.

NSA spokesman Don Weber did not return repeated phone calls and did not 
respond to a series of e-mailed questions submitted at his request more 
than a week ago.

Reporting for this article was based on interviews with 10 former NSA 
officials and intelligence experts. Most were granted anonymity because 
elements of these programs are classified, and those who work for the 
agency or its contractors risk losing their security credentials.

In recent months, as his agency has come under intense scrutiny, NSA 
Director Lt. Gen. Keith B. Alexander has sent memos to his employees 
reminding them of their orders not to speak with reporters.

Crisis atmosphere
At the NSA, and throughout the government, the Sept. 11 attacks created a 
crisis atmosphere. Congress responded by pouring money into anti-terrorism 
efforts, while intelligence agencies scrambled to put new programs in 
place - often without the planning and oversight needed to succeed, 
intelligence professionals said.

At an agency-wide meeting at the NSA not long after the Sept. 11 attacks, 
Michael V. Hayden, then the NSA director, announced a $1 billion budget 
increase.

But the top-secret agency, based at Fort Meade between Baltimore and 
Washington, has no mechanism to systematically assess whether it is 
spending its money effectively and getting what it has paid for, NSA 
veterans said. One former employee likened it to a neighborhood with no 
police to enforce the traffic laws.

Oversight by Congress and by the inspectors general of the NSA and 
Pentagon has been sporadic. The head of the Government Accountability 
Office, the congressional audit agency, recently complained that his 
agency has not been asked to look at any of the NSA's programs.

The NSA's Cryptologic Mission Management program was supposed to fill 
those gaps by imposing financial planning and management discipline.

The five-year-old program aimed to tackle a challenge many modern 
companies face: How can you monitor the progress and spending of projects 
across the organization? Companies generally answer that question with 
commercially available software, such as Microsoft Project, which helps 
businesses track projects against an established timeline and measure 
their results.

The NSA, instead, said it needed specially tailored software but 
continually changed its mind about the scope and design of the program, 
making it impossible to develop and execute a plan, said former government 
officials knowledgeable about the program.

In addition, the program was not integrated into the rest of the agency's 
efforts. Not long after the effort was launched, a 2001 Senate report 
warned that the NSA "appears to have no plans or processes in place" to 
link the Mission Management program to the rest of the agency's 
information technology and intelligence collection.

Late last year, Alexander, who took over as NSA director in August, tried 
to kill the program, according to four former government officials 
knowledgeable about the program. He faced resistance from members of 
Congress who wanted to continue funding the project because the NSA would 
have no other way to assess its programs, which are estimated to number in 
the thousands, two of the former officials said.

Alexander is expected to go to Capitol Hill in the next few weeks armed 
with a compromise that would replace the Mission Management program with 
another effort to track the agency's programs, said one of the former 
officials.

Supply and demand
Intercepting communications has long been a crucial element of national 
defense. But in an era of instant messaging and cell phones, demand for 
the NSA's expertise has far outstripped supply.

To try to keep pace, the NSA launched Groundbreaker in 1999 - a program to 
upgrade the agency's technology infrastructure and potentially save 
billions of dollars by outsourcing 600 jobs and responsibility for 
equipment and maintenance.

As with virtually all of the NSA's activities, many details of the 
initiative remain secret. Hayden announced it in 2000, calling it the key 
to a "robust and reliable infrastructure" at the NSA that would address 
the modern information explosion. The total cost, he said when the 
contract was awarded in 2001, could exceed $2 billion.

Since then, former intelligence officials said, the initial $2 billion 
price tag is estimated to have doubled.

A September 2003 report by the NSA's inspector general found that "key 
elements" for managing the Groundbreaker contract "were missing," 
including a "contract management program" and a quality control mechanism, 
according to a copy of the executive summary obtained by The Sun. 
Expenditures amounting to millions of dollars were unaccounted for, 
according to the inspector general.

A group of private contractors known as the Eagle Alliance, led by 
Computer Sciences Corp., is running the project. A spokeswoman for CSC 
directed a reporter to the NSA for comment.

Computers are integral to everything NSA does, yet it is not uncommon for 
the agency's unstable computer system to freeze for hours, unlike the 
previous system, which had a backup mechanism that enabled analysts to 
continue their work, said Matthew Aid, a former NSA analyst and 
congressional intelligence staff member.

When the agency's communications lines become overloaded, the 
Groundbreaker system has been known to deliver garbled intelligence 
reports, Aid said. Some analysts and managers have said their productivity 
is half of what it used to be because the new system requires them to 
perform many more steps to accomplish what a few keystrokes used to, he 
said. They also report being locked out of their computers without warning.

Similarly, agency linguists say the number of conversation segments they 
can translate in a day has dropped significantly under Groundbreaker, 
according to another former NSA employee.

Under Groundbreaker, employees get new computers every three years on a 
rotating schedule, so some analysts always have computers as much as three 
years older than their colleagues', often with incompatible software, the 
former employee said.

As a result of compatibility problems, e-mail attachments can get lost in 
the system. An internal incident report, obtained by The Sun, states that 
when an employee inquired about what had happened to missing attachments, 
the Eagle Alliance administrator said only that "they must have fallen out."

When computers need to be fixed or upgraded, the Eagle Alliance provides 
three levels of service. The fastest service is reserved for the NSA's top 
management. One mid-level employee gave up waiting for an administrator to 
put free software on his computer and downloaded it onto his home 
computer, so he could finish an online training course. The program was 
installed at work eight months later, he said.

Expertise questioned
In 2003, Congress finally punished the NSA for chronic mismanagement by 
taking away its authority to sign big contracts, such as the one for 
Groundbreaker, and gave that responsibility to the Pentagon. But that 
decision made it harder for the NSA to complete projects on time because 
the agency must ask the Pentagon for permission to initiate and review 
projects, former NSA Director Bobby R. Inman said in an interview.

Alexander, the current director, declined an interview request for this 
article. But in August he told The Sun that the NSA needed to leap from 
the "industrial age" to the "information age" to survive.

There is little disagreement that programs such as Groundbreaker and 
Cryptologic Mission Management are complex, but that does not diminish the 
national security demands that require the NSA to tackle modern 
communications.

Several agency veterans said, however, it isn't clear that the expertise 
to run these programs exists at the agency.

The NSA has become increasingly dependent on private contractors, who, 
rather than offering a fresh view, tend to hire former NSA employees and 
install them on the same projects they had handled when they were at the 
agency, said a former senior intelligence official who works for a contractor.

"It's more of the same people," the former official said. "The contracting 
system makes it very hard to engage industry, and it's very hard for 
people to break into government contracting. This is one of the areas I 
think needs tremendous review."

In fact, a security clearance is required just to see the list of NSA 
contracts, but a company representative cannot obtain a clearance without 
an NSA contract.

Throughout the national defense agencies, Pike said, there has been a 
sharp uptick in the past five years in programs that ultimately cost 
multiples of what the contractor initially promised.

Meanwhile, new bureaucratic hurdles have tripled the time it takes to 
develop and produce new intelligence products, said former NSA director 
Inman. In the 1950s, projects could go from concept to the field in four 
or five years; now, it is a 12- to-15-year time frame, he said.

Because it is so difficult to plan on a 15-year schedule, "as this 
pressure to attack new problems increases, more large programs will be 
canceled in midstream with loss of money," Inman said. "It's not a good 
way to spend the public's money."

siobhan -
gorman -!
- baltsun -
com

---------------------------------------------------------------------
To unsubscribe, e-mail: infowar -
de-unsubscribe -!
- infopeace -
de
For additional commands, e-mail: infowar -
de-help -!
- infopeace -
de