Mission Possible

[InfoSec News <isn () c4i org>]

http://www.herring.com/vc/2002/0118/908.html

By Justin Hibbard 
January 18, 2002 

It took just 90 minutes from the moment the first jetliner ripped
through the north tower of the World Trade Center on September 11
before a TV anchorperson uttered the words "failure of intelligence."  
In the hours that followed, the phrase shot through the media,
eventually finding its target: the U.S. intelligence community and its
lack of technological prowess.

"For many years, our intelligence technical capabilities were the
standard of the world," U.S. Senator Bob Graham (D: Florida), chairman
of the Senate Select Committee on Intelligence, told reporters on the
day of the attacks. "We have fallen behind, and we need to close the
gap and reassert our leadership."

The sound bite had a familiar ring to anyone who had hung around the
Central Intelligence Agency in 1999. That year, nearly the same words
were spoken by supporters of a plan to start a CIA-funded
systems-integration firm called Peleus. Proponents argued that the
agency was failing to keep up with new technologies like sophisticated
Internet search tools being developed by small, innovative companies.  
In February 1999, Peleus was founded, given an annual budget of $30
million, and ordered to seek risky startups that could keep the agency
stocked with futuristic, James Bond-like gear.

The following year, Peleus evolved into a nonprofit
technology-procurement shop--one that not only hired contractors, but
also made equity investments in small companies, much like a venture
capital firm. Moreover, it changed its name to In-Q-Tel in homage to
Mr. Bond's gadget-happy colleague, Q.

To date, the experiment has received high marks from its overseers in
Congress. In just two and a half years, In-Q-Tel has reviewed over 900
business plans, funded 23 companies and research and development
projects, and introduced five technologies into the CIA for testing.  
In a report presented to Congress on September 14, Mr. Graham singled
out the firm for praise.

But since September 11, even In-Q-Tel has had to field the question
that has pestered the entire U.S. intelligence community: why didn't
we know? After all, if this taxpayer-funded venture firm provides the
CIA with such powerful technologies, shouldn't the agency have been
equipped to anticipate the attacks?

Probably not. By traditional VC standards, two years isn't long enough
for In-Q-Tel's portfolio companies to perfect their products, much
less transform the CIA's information systems. Even more important,
it's uncertain if any technology could have helped predict the
hijackings anyway. September 11 was a failure of "human intelligence,"  
counterintelligence, and analysis.

Still, the tragedies underscored the need for the CIA to act on the
recommendations made by an independent panel just weeks before--in
particular, to speed the pace at which the agency integrates the
products of In-Q-Tel companies into its operations. The CIA's adoption
of advanced technologies isn't only necessary to stay ahead of new
enemies, it's also vital to In-Q-Tel's success, which will be measured
by the CIA's technological supremacy, not by IPOs.

Panel Discussion

For Gilman Louie, In-Q-Tel's 40-year-old president and CEO, any doubts
about the firm's viability disappeared on September 11. Before the
attacks, he had endured debates with members of the CIA about the
importance of technology and trade-offs the agency would have to make
to adopt new tools immediately. "There's no more question," he says.  
"Today, everyone's saying, 'We have to have it.' Speed is everything
now."

Speed was a major theme of a 78-page report on In-Q-Tel released by
Congress just five weeks before the attacks. Lawmakers had requested
the study from a panel led by Business Executives for National
Security (BENS), a nonprofit, nonpartisan research group. A 30-person
team of private-sector VCs, lawyers, bankers, and executives studied
the firm from January to June and came away applauding its progress in
funding new technologies--and booing the CIA's sluggishness in
adopting them.

"The CIA's technology-introduction process is way too bureaucratic and
complicated," says C. Lawrence Meador, a technology executive who
chaired the panel. For instance, at the time, new hardware or software
required a 136-step review process by six different boards before it
could be installed on the agency's networks, the panel found.

The panel recommended that In-Q-Tel measure its performance by the
speed with which it inserts new technologies into the CIA. But it
added that responsibility for inserting the technologies should be
shared by In-Q-Tel, the CIA, and a liaison between the two, the
In-Q-Tel Interface Center (QIC), which is a department within the CIA.

Some of the panel's harshest criticism was aimed at QIC. "QIC had
focused too much on overseeing the functions of In-Q-Tel when its
better role would have been the intermediary for getting technology
into the CIA," says Paul Taibl, a BENS analyst who contributed to the
report.

After searching six months for a description of the CIA's technology
strategy, the panel came up empty-handed. "We were unable to find any
alignment of the agency's technology and business strategies," Mr.  
Meador says. That misalignment could make it hard for In-Q-Tel to
match its companies' products with the agency's needs, the reviewers
concluded.

By the time the panel completed its study in late spring, the CIA had
addressed many criticisms through a reorganization led by its newly
appointed executive director, A.B. "Buzzy" Krongard. The agency filled
the vacant post of chief information officer, named a new director of
QIC, and streamlined the process by which technologies are added to
its information systems. "The report's recommendations have been fully
implemented," says Mr. Louie. "[Director of central intelligence]
George Tenet and Buzzy Krongard said information technology is a
priority for this agency."

Spy Culture

But permanent improvements may require more than a management
shake-up. Resistance to ventures like In-Q-Tel is ingrained in the
CIA's culture. Though the agency has a history of embracing innovative
technologies, its secretive ways lead some employees to reflexively
distrust ideas from outside.

"The agency has an established culture that has grown up around a
security model and a way of doing business that are less appropriate
to some of the threats we face today," says Ruth David, former deputy
director of science and technology at the CIA. While developing the
original concept for In-Q-Tel in the late '90s, Ms. David struggled to
win acceptance for working with nontraditional intelligence
contractors. "I ran up against a lot of brick walls and had limited
success," she says.

Her sentiments echo a now-infamous farewell memo circulated inside the
CIA in January by the agency's outgoing inspector general, L. Britt
Snider. "The world of information technology does not relate very well
to the world of intelligence," he wrote. "It thrives on transparency;  
we thrive on secrecy. It does not want to be tied up by government
contracts and classification stamps; we know nothing else." The memo
went on to implore support for In-Q-Tel: "Agency managers and
overseers must find a way to make it work."

The U.S. intelligence community's culture is still based largely on
the cold war-era notion of "stovepipes," in which each organization
shares information internally but not with the others. Connecting
organizations is risky, since an intruder might glean secrets from
multiple spy outfits by penetrating just one of them. But the
technology revolution of the past decade has demanded that
intelligence agencies and foreign governments increasingly coöperate,
since no single entity can process the world's daily output of data.

In the weeks leading up to September 11, the U.S. intelligence
community's 14 organizations--which span the departments of defense,
energy, justice, transportation, and treasury, as well as the CIA--may
have gathered fragmented clues that together might have hinted at what
was to come. Though it's unlikely any combination would have suggested
the exact plan of attack, the need for increased communication and
data analysis is clear. "One of the post-September 11 themes is
collaboration and information sharing," says Alan Wade, the CIA's
chief information officer. "We're looking at tools that facilitate
communication in ways that we don't have today."

The CIA and In-Q-Tel were already looking at those tools; the attacks
haven't drastically altered their interests. "If you compare what we
were looking at before September 11 and what we're looking at now,
they're identical," Mr. Louie says. Along with collaboration, In-Q-Tel
has consistently invested in companies like Intelliseek, MediaSnap,
Mohomine, and SafeWeb, whose security software and search applications
are capable of analyzing data from a wide variety of sources. The
firm's other investment themes have included mapping, visualization,
and sensors.

Deployment Agency

The ultimate goal of In-Q-Tel's investments is that its ventures
introduce valuable technologies into the CIA, not return cash or
high-priced stock. Along with every investment it makes, the firm
requires a portfolio company to sign a contract promising delivery of
a product to the agency.

For startups, working with In-Q-Tel is like working with a corporate
customer that is also an investor. During product development,
In-Q-Tel portfolio companies work closely with CIA employees to learn
the agency's requirements. "It pays off because you build what people
need and want," says Kathy DeMartini, president and CEO of MediaSnap,
a security software company that took a $1.3 million investment from
In-Q-Tel in June 2000.

But In-Q-Tel's pre-investment screening process (also known as due
diligence) is more rigorous than that of most corporate customers,
which some companies appreciate. "In-Q-Tel's core value is due
diligence on the technology," says Mahendra Vora, chairman and CEO of
Intelliseek, an advanced search-engine developer that took a $1.4
million investment from In-Q-Tel in May. "They're not just doing it
for government purposes. They want to make sure it works for corporate
customers, too."

Another benefit of In-Q-Tel's demanding technical testing is the
potential for additional sales. If the CIA buys a product, agencies
like the Federal Bureau of Investigation and the National Security
Agency may follow suit. "Naturally, there's an appeal to other
government agencies if one agency is already using the technology,"  
says Ms. DeMartini.

Some startups might be wary about taking an investment from a firm
that could pressure it to develop technology that is useful to only
one customer--the CIA. But In-Q-Tel insists it has an incentive to
help its portfolio companies widely commercialize their products
because commercial products are cheaper to upgrade and support than
custom ones.

To find deals, In-Q-Tel informally shares leads with about 80 VC
firms, as well as investment banks, universities, and research labs.  
Some VCs have asked what business the government has competing with
private-sector investors for deals. "With a $30-million-a-year budget,
you're not in competition with anything in venture capital," says Mr.  
Louie. In-Q-Tel tends to invest much smaller amounts than its
private-sector co-investors, some of which like investing with
In-Q-Tel because of its thorough due diligence.

The U.S. government has a history of so-called public VC programs
dating back to the Small Business Investment Company program started
in 1958. The results have been mixed. The programs often fail when
they try to stimulate growth in geographic regions where there is
little private-sector investment. But they sometimes succeed when they
focus on an under-funded industry that is independent of a region.

"In-Q-Tel is quite different from typical public venture capital
programs," says Josh Lerner, a professor at Harvard Business School.  
"It's largely stimulating technologies in industries where it feels
there is insufficient private development taking place."

The In-Q-Tel model could eventually be extended to other U.S. defense
and intelligence agencies. The BENS panel recommended that In-Q-Tel
remain focused on the CIA until it has had time to mature. But Mr.  
Meador envisions the firm eventually spawning 14 divisions, each
supporting an intelligence agency.

That vision isn't likely to come true on an annual budget of only $30
million. But substantial budget increases are on the way for U.S.  
defense and intelligence agencies, including the Department of
Defense's R&D budget (total expenditures are classified), which is
likely to gain $20 billion over the next five years. In addition, the
Senate Select Committee on Intelligence has called for revitalizing
the NSA's technology and rebuilding a strong R&D program for the
entire intelligence community. An organization like In-Q-Tel could
channel a portion of these funds to innovative startups.

But first, In-Q-Tel must master the CIA--a mission that has become
imperative since September 11. "From that point on, there was no
question why we're here and what our role is," says Mr. Louie. From
his office window in Arlington, Virginia, he can see the hole in the
Pentagon left by the hijacked airplane. "If I ever forget what's
important, I just look out the window," he says.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.