2009/02/09

Pondering counterintelligence

I have recently started playing around with twitter.  I am only following a couple of people at the moment.  One of them recommended reading "Foreign Spies Are Serious.  Are We?" by Michelle Van Cleave.  He then recommended that after reading and thinking about this article, people should blog about it.  He wrote his post here: "Foreign Spies Make Recession Worse and Steal Part of Our Future."  Both individuals are highly experienced individuals with experience in the intelligence community.  Ms. Van Cleave was the head of the National Counterintelligence Executive (great site for some historical papers on counterintelligence, by the way) from 2003 to 2006.  She wrote a longer, more in depth case study on the same subject here.

I cannot lay claim to their level of experience or subject specific knowledge.  I only have access to open source information.  Here is my take:

-There have been some truly embarrassing CI failures over the last three decades (Ames, Hansen, Walker, et al).
-The threat has not changed, despite changes in geopolitics, wars, and economies (it may be more dangerous than before, but is certainly no safer).
-US counterintelligence is still decentralized and distributed (i.e., no single Federal agency in charge), with little apparent change in operating techniques (despite significant changes in technologies, real/potential enemies, etc).

I think this generally lines up with some of the items written in the articles and blogs mentioned above.  I do, however, have some differences of opinion.

-There seems to be a call to arms, as it were, to address this significant danger, before it is too late, etc.  I am convinced that we can and should do things better in every government endeavor-we are paying billions and billions of dollars every year.  We should get the best service or get our money back.  Since it is important to get it right and since it will be difficult to undo the bureaucracy that will inevitably result, we should move slowly.  Any serious threats are already damaging us today and are not likely to be instantly fixed.  So let us get this right on paper, get the supporting agencies and consumers to agree, program the money and the people, and then drive it home with the appropriate laws, Presidential orders and congressional mandates (rather than starting with the mandates and trying to work in the other direction).

-I am not convinced that technology transfer via espionage, violation of export controls, etc is as dangerous as advertised.  I take this position because I am an engineer (okay, a geek and a nerd, but I know some really crazy martial arts, so back off man).  Any nation capable of understanding and exploiting our technology would have gotten there anyway.  Espionage might accelerate things or it might not (knowing how a nuclear weapon is designed does not help if you do not have the materials, tools, and personnel).  Espionage might even work for us (we could feed false or misleading information causing our opponents to waste time and money-Strategic Missile Defense comes to mind).  

-Whether or not you agree with that assessment, you should realize that it is too late.  Much of our technology has already been exported voluntarily by the our companies.  Most large defense contractors have international operations whose goal is to sell US defense technology everywhere they are allowed to do it.  At least one (BAE) started as a foreign company and moved some operations into the US to tap into our huge budgets.  Many US technology companies routinely outsource manufacturing, coding, and tech support over seas to save money.  Many US companies have opened joint ventures in China and elsewhere (joint research ventures, joint manufacturing operations, etc).  I do not think you can protect your technology by hiding it.  I do think there are strategies.  One is to always advance.  Keep updating your tech, keep researching alternatives, do not put all of your eggs in one basket (so if one technology or system is compromised, you can "ground" it and fire up the alternate systems instead).  Another is to incorporate fool proofing or copy protection into your products and software.  This is not as easy as it sounds and is more of a delaying tactic (it forces your opponent to crack the code first-and they will crack it).

Anyway, that's my short rant on the subject.  Fire when ready, Gridley.

No comments: