INTERVIEW TRANSCRIPT
C-SPAN’S “NEWSMAKERS”
Guest:
Major General Dale Meyerrose, Chief Information Officer for the Office
of the Director of National Intelligence
Moderator: Ben O’Connell
Reporters: Kevin Whitelaw, US
News and World Report & Shaun
Waterman, UPI
TAPE DATE: Wednesday, January 3, 2006
AIR DATE/TIME:
SUNDAY, January 7, 2006 at 10 a.m. and 6 p.m. ET
USE WITH ATTRIBUTION TO C-SPAN’S “NEWSMAKERS”
If you have any
questions, please contact Jennifer Moire in C-SPAN's Media Relations Department
at jmoire@c-span.org or 202-626-8797
© NCSC
Copyrighted material:
use with attribution only
Newsmakers
January 3,
2007
BEN O'CONNELL, C-SPAN: This week on Newsmakers our guest is General Dale Meyerrose, the Chief Information Officer for the Director of National Intelligence. He is here to talk about national security issues. And he was nominated to the position in 2005 by President Bush, after a 30-year career in the United States Air Force.
Questioning him today, Kevin Whitelaw, National Security Correspondent for US News & World Report; and Shaun Waterman, the Homeland & National Security Editor for UPI.
General, before we get into the general questioning, what exactly are your responsibilities as the chief information officer of the Director of National – for the Director of National Intelligence?
GEN. DALE MEYERROSE, CHIEF INFORMATION OFFICER, OFFICE OF THE NATIONAL DIRECTOR OF INTELLIGENCE: Well, as you probably know, the Director of National Intelligence was created in 2004 by the Intelligence Reform Terrorist Prevention Act. And in that the Director of National Intelligence is responsible for bringing together all of the intelligence agencies under a single head.
And I work for Ambassador Negroponte, who is the director. And I am responsible for maximizing his information sharing capabilities across all the intelligence agencies and enabling information technology to support and make intelligence better and relevant.
O'CONNELL: OK.
Kevin.
KEVIN WHITELAW, NATIONAL SECURITY CORRESPONDENT, US NEWS & WORLD REPORT: General, your job is one of these that is incredibly daunting, I think, for many outsiders looking at it. But the IT challenge you’ve encountered is one of the most challenging that probably exists in government or corporations at all. Are you – do you feel like you're starting to have an impact on this or is this a – going to take a number of years before you can really say that your office and your people have been able to make a true difference?
MEYERROSE: I think we've made a real difference. It is the business of taking excellent individual organizations that deal in excellence and bringing them collectively together excellently, make them collectively better. And we've done that in many ways. We've done that in many information sharing things, we've had policies that have enabled us to bring things together that we've never brought together before whether it’s information sharing across the government, intelligence for military operations, intelligence assessments for decision makers, et cetera.
In essence, what we've done over the past year/year-and-a-half under the Director of National Intelligence is pull away the autonomy of organizations that used to operate separately without taking away their authorities. And I think we've had several successes in that regard.
WHITELAW: Well, one of the most important challenges is coming up right around now where you're looking at preparing the 2008 budget, and it will be the first budget that the DNI’s office has prepared from scratch, the first time it has been done in this sort of coordinated way for the 16 different agencies in the community. Can you tell us a little bit about how that’s going to look different, especially in the area of information technology?
MEYERROSE: Sure. It is the first – our first opportunity to pull together and make a – make a statement. As you know, nothing is totally from scratch and so you're looking at what different orientations are we going to take.
The President has outlined several things associated with improving intelligence. Many of these have come in the forms of recommendations from commissions, et cetera. You’ll see – when the 2008 budget comes out you’ll see implementation of several of those things.
Additionally, you’ll see a bringing together of – in the IT area – of where we would have four or five different data standard programs or projects there will be one. There’ll be – you’ll – there are instances where we had several elements which would – which were projects which were different areas. And the projects may remain there but their – what their end result is, what their outcome is, what their output is has been melded together.
Of course, you're not going to solve every problem in one – in one budget process but where we do believe we've made significant inroads, particularly in the terms of infrastructure and the ability to bring on new analysts into the intelligence business.
SHAUN WATERMAN, HOMELAND & NATIONAL SECURITY EDITOR, UPI: Do you – I mean in the budget process are you leveraging – I mean one of the things that you talked about in the past wanting to do is leveraging the – your authority, the DNI’s budget authority, to improve some of these procurement issues that have been in the intelligence community, especially with IT, a rather, you know – some rather unfortunate cases in the past Trail Blazer at the NSA, other efforts at the FBI obviously not – that doesn’t come under the Director of National Intelligence but – so there is this sort of slightly unfortunate history in some – in some regards.
Are you – what are you doing to try and fix that?
MEYERROSE: Well, first we've recognized that acquisition as it pertains to planes, tanks and ships is not necessarily how you acquire information technology. The idea of having a big bang acquisition in which – in which a program starts in one year and delivers information technology four or five years later is a failed strategy. And so, obviously, we're looking to avoid that.
Instead we're looking at creating a series of spirals in which we have on ramps and off ramps for either decisions about bringing new technology on or, in fact, taking obsolete technology out of the project.
It’s important to realize that in many of these major programs we may buy a bridge technology which, in fact, we’ll only use for a couple years. In the past, anytime you brought something onto a program it would tend to hang on for the entire duration of the program because well, you bought it and, therefore, it’s got to be a part of the program.
What we're realizing that the art of the possible, the doable and the probable changes over the course of time in a very short period of time. And so we're looking to create more procurement-like entities which allow us to leverage new technologies and take the bridging technologies out of the equation in order to move forward.
WATERMAN: When you say procurement entities, what – could you be a little more specific?
MEYERROSE: Well, again, our concept of acquisition is is you state requirements you go off you find a technology, then you do some sort of development kinds of things. That – those parts of the acquisition process will be replaced by spirals in which we don’t necessarily go out and develop something new but we take something from a commercial, off-the-shelf software and integrate it into an existing baseline. Therefore, the – our ability to accept more change, and to some degree more risk, then becomes more a part of the effort.
The real problem in some circles is making sure that we provide different metrics than the traditional metrics that says is the program failing or not, because the fact that you buy a bridge technology, you bring it on for two years then you pull it off, doesn’t mean that the program’s failed. It means that you’ve moved on, you’ve leveraged that for the time that you needed – that you needed to do.
And in Washington, D.C., as you know, a lot of times some people take the idea of spiral processes as a cover-up for you can't make up your mind, you're continually changing, and oh, by the way, there are no metrics to measure your progress to whether or not you're getting towards your objectives and goals.
I think it will be as important and just as tough for us to come up with the right performance measures as we go through the spiral procurement development aspect of these large integrations efforts as it will to come up with the right technologies to fit with the right processes.
WHITELAW: General, before we continue, what kind of technologies are we talking about here? What are they geared to do?
MEYERROSE: If you use the phrase Web-enabled, that captures the general direction and gist of technologies that we're looking to capture and utilize.
Many things that people are used to in their own home computing elements as far as things that they’re exposed to on the Web, techniques such as blogs and Wikipedias and all those other kinds of things are techniques and technologies that we have already successfully brought in in a very short period of time. And we need to continually stay up with the leading-edge elements of what the possible, the doable and the probable is in terms of information technology.
WHITELAW: Well, in a world of information coming out of especially out of 9/11 but also Iraq to some degree, information sharing and across this community was one of the real imperatives. Past efforts, however, always seemed to meet with the – that reality of security concerns and the blockages that existed when it came to agencies trying to or not trying to share information.
I know that security policy is one of the things that your office and others have been working to try to re-write a little bit and this was due around now or – could you talk – could you update us …
MEYERROSE: Sure.
WHITELAW: … on where you are on that?
MEYERROSE: Sure. We started out last February in a joint effort with the Department of Defense and the National Institute of Standards and Technology to relook at how we certify and accredit bringing new systems on, how – what security parameters we use, what risk parameters we use, what decision elements and phase points we use.
And many of the elements currently in that process are years old, based upon technologies that we no longer use. And so those processes no longer serve us as well as they once did.
And the security hindrances that you talk about, to some degree, has increased our cost, increased – and, in fact, been contributing elements to some of these past acquisition failures.
And so for the past 11 months we've been working with all concerned and we've figured out a way in which to invite industry and academia to give us ideas about how to solve this, best practices, leading technology ideas and such.
We have – we have gone through that process and right now we’re in the process of sorting through what the implementation elements are as a result of that.
WHITELAW: Can you talk a little about what that might look like? Is this going to be trying to move to less of a risk-averse thing, more of a, you know, sort of trying to lean forward a little bit, take more risks? I mean …
MEYERROSE: Absolutely. And we're not talking about taking risk in an uncalculated way. We’re – you know, security still remains very, very important. But security shouldn’t be a reason not to do something. You need to figure out a way how to do something and also maintain proper elements of security.
But to give you an example of one of the things that’s just common sense, if you look at the Department of Defense and the intelligence community and the National Institute for Standards and Technology, we all had different numbers of levels of protection criteria. You know, one had six, one had five, one had four.
And so the ability for us to build common systems built – based on common criteria was pretty hard to do from the start. And so we're going to agree on we're going to pick – we've got a number in mind and we're going to pick that number and we're going to come up with criteria and we will adopt that same criteria across the board so that when agency A says that this system poses – is securable at this level poses these risks, then agency B can adopt it without going through retesting, recertification, re-accreditation, re-security applications, and so forth.
And so the element of common criteria not in the old sense but in the new sense of we're going to agree on various levels of accreditation and we're going to accept each other’s certifications and accreditations of those – of those levels we think will reduce a lot of the hindrances. And it will, in fact, enhance security because we're all going to be speaking off of a common sheet of music.
WATERMAN: Is that going to be – is that connected with – I hate to use the acronym but can't remember what it stands for at the moment, FISMA – the International Security Management …
MEYERROSE: Act.
WATERMAN: … because that established standards across the federal government but the DOD, and to – and therefore, a large part of the intelligence community never accepted those, is that right?
MEYERROSE: Well, it’s maybe not a level of acceptance, it’s a level of application. Because we all use different criteria, it’s almost like you're putting apples and oranges. And while you know you’ve got fruit salad, you're not exactly sure what the contribution of each is to the total security of the enterprise.
And so, I believe that if we – if we get common levels of understanding, we use the same grading criteria and some of those kinds of things, just getting on the same language will improve and leverage a lot of the security that we're putting in.
As you know, if the past we across the federal government had had difficulty in measuring up to the FISMA – using the acronym – reporting to Congress. And again, because we've all used different levels and criteria, even the independent assessments that all of us are required to do don’t use the same judging criteria that we judged ourselves by.
And so because of that lack of understanding, there is an apparent – in my view, there is an apparent more insecurities and more lapses than really exist. And so I am absolutely convinced that the intent that Congress had when they passed that law back in 2002 will be better met with us – with us developing common criteria, common – a common basis and foundation, and approaching security in a similar manner.
WHITELAW: What’s interesting about a lot of these answers, the challenges you talk about often are less technological than they are cultural. And when we've spoken before you’ve told me that there are still analysts in the community who don’t have Internet access. That’s not a technological problem, that’s a policy decision.
MEYERROSE: That’s correct.
WHITELAW: Can you talk about the kind of cultural challenges you’ve been encountering so far, anything that surprised you there or …
MEYERROSE: Sure.
WHITELAW: … you know, how that’s changing?
MEYERROSE: Well, one thing that has surprised me – again, in the lead up to one of your earlier questions you talked about having an unenviable job, almost painting the picture that says that there's no way you can succeed because there are so many people working at various ends maybe against you, or with your, or for you, or whatever.
The thing that has surprised me most is is in the intelligence community there is an acceptance of change on a wide basis. There are a lot of early adopters.
Our deputy director for analysis often uses the quote that says that 50 percent of the analysts in the intelligence business have less than five years experience. Well, if you take people with less than five years experience then their age is probably underneath 30. If their age is probably underneath 30, they are not scared away by the mere mentioning of Wikipedia, or blog, or a computer, or megabits, or any other technical-sounding thing. In fact, it is a part of how they grew up, how they were educated, how they live their lives, what they do for entertainment.
And so the big surprise to me was – is that there is a lot of acceptance, there is some pent-up frustration that said, you know, we need to adjust some of the policy in the institutions in order to accommodate and leverage these kinds of capabilities.
And so while there is resistance to change from a human standpoint and organizational standpoint, there is also a lot wider acceptance of change and – which has surprised me a great deal and which has made certain parts of my job a lot easier than I anticipated.
WHITELAW: But where resistance has come, you – probably from the middle management or just the sort of bureaucratic inertia that’s often there, what's the hardest to overcome, what’s going to take the longest to change?
MEYERROSE: Well, the hardest to overcome is the sense of values, of my institution has made these decisions – these types of decisions for years using this value. So when you change that value, people, needing to know what the frames of references are, develop the new frames of references. There’s always a resistance because well, they were taught and educated for the last 10-12 years that the reason we use these values to make decisions is is it protects the information, it protects the institution, it does the right things.
And so now you come along and say it may have done the right things in the past but will it do the right things in the future? And so particularly the mid-level managers who grew up in a hierarchical institution are the ones that tend to have the most amount of difficulty in a more horizontal approach, a more distributed approach, a more of a stewardship versus control approach in the information technology business.
WATERMAN: Tell me, on the information sharing, one particularly difficult challenge that is sharing with allies, with foreign countries. But it is something, you know, that, you know, you guys have made a commitment to trying to – to trying to improve. Can you say anything about the ways you are taking that forward?
I know there was a deal with the U.K. that was inked last year, anything else like that in the works?
MEYERROSE: Sure. Well, first of all, there were several accomplishments, in my view, over the past year with commonwealth allies in general. And that has to do with giving them access to classified networks to which they had never had access before.
And as you might imagine, there was a lot of consternation that says what risk, what exposure, you know, and so what that made us do is go back and get a little bit more disciplined in some of those classified networks about how you label information, how you make information accessible.
And so the – we, in fact, opened up a classified network and a series of classified databases to commonwealth allies. And …
WATERMAN: Can you say anything more about like which databases we're talking about, or what they were used for, or who the allies were?
MEYERROSE: Just the operational – operation reasons, folks at the tactical end working in theaters of – in operation, having to do with operation processes …
WATERMAN: Iraq and Afghanistan …
MEYERROSE: Iraq and Afghanistan, for instance, would be the biggest beneficiaries of our efforts in this area.
Additionally, we went a step further and when I talked about the reciprocity associated with certification and accreditation in our previous discussion about security, where we – we've also extended that to our allies in which if they inspect a facility and rate it – give it a certain security classification rating, we will accept that security classification rating without going over and duplicating it on our own. So we've made several elements in that regard.
You're talking though about fields, military facilities principally presumably or …
MEYERROSE: Facilities that house intelligence information.
WATERMAN: OK.
MEYERROSE: And as – because it includes both headquarters areas and field operations and so, you know, it’s really broader than just field operations. And the payoff has been tremendous in terms of flash to bang. I want to do something, how long before I get it accomplished. And we don’t have this long drawn out security process that we used to have in order to accomplish some of those things.
Another area that we're working on, as you might imagine, we've had several legacy systems that we've grown up with over the years. OK, what’s a legacy system? Typically, you know, a single circuit going somewhere, OK. So how do you change that into a network with a Web-enabled enterprise series of tools? And so those are the kinds of efforts that we continue to work on to take us to the next plateau of sharing with allies.
WHITELAW: Well, you know, in the microcosm for sharing within the U.S. government has been the efforts of the new National Counterterrorism Center. This is the center that was created to bring together all the different players …
MEYERROSE: Sure.
WHITELAW: … in the terrorism business for the analytical work. And there’s some – I believe it’s 32 different databases coming in, different people count it differently – but lots of different databases coming in. But still no ability to put them all on one monitor, no ability to do one search – one-stop searching – really a long ways to go. You know people with many different computers under their desks going between them.
It’s a microcosm both of what can be done with a little bit of effort but yet how much is – remains to be done.
MEYERROSE: Sure.
WHITELAW: How has that been going and is that a model or is that a – does that have some cautionary tales in it, too?
MEYERROSE: Well, you know, what you use as a model you have to be careful. In the business of bringing two cultures together usually the first thing you do is you co-locate them. And that’s the first thing to go about bringing down barriers.
And the situation you discuss with the National Counterterrorism Center is precisely what we did which is precisely why we have all those networks which then individually feed the National Counterterrorism Center.
Well, to go along with putting our money where our mouth is, we have a spiral procurement, IT procurement program, to create the information sharing environment within the National Counterterrorism Center which would eliminate all of those processors and separate networks as far as working on somebody’s workspace.
See the challenge is really simple if you boil it down. You have an individual that needs to find product, add value to it and then distribute it. So what you need to do is you need to make that person’s workspace as agile and responsive as possible.
And so what gets in the way of that? Well, what gets in the way of that is systems that are not integrated, what – you know, it doesn’t mean that you can't share information, it just means that it’s more difficult. And so when it’s more difficult the IT becomes – wrestling the IT, if you will, becomes more of what the person does in their workspace rather than adding the intellectual value to the product that they’re supposed to distribute.
So my job is in essence, to make the IT invisible to this workspace. That the individual has the workspace, they can go out and they can find product wherever they have to find it, they can bring it in, they can add value, and they can get it out to who they need to deliver it to easily in the most agile, responsive, relevant fashion.
And so that’s, you know – when you boil down what is this information-sharing problem it’s really pretty simple. Now it has lots of moving parts and it’s fairly complicated, but again, we've got a program to specifically address that work environment which we will then leverage into data standards, metadata standards, procedures, processes, data structures, et cetera, for an information-sharing – trusted information-sharing environment for all intelligence agencies and our partners.
O'CONNELL: I’m sorry but that was the last question, we're out of time.
General Dale Meyerrose, Chief Information Officer for the Director of National Intelligence, thank you very much for joining us this week.
MEYERROSE: Thank you for having me.
(Break)
O'CONNELL: Kevin Whitelaw, with U.S. News & World Report, what did you learn from General Meyerrose today?
WHITELAW: Well, I think we got some more clarity on where they are moving with sort of this next level of security policy and what they are trying to do when it comes to creating a uniform security policy across both the intelligence community, you know, that we think of, the CIA and also the military’s intelligence arms and so that they can actually have sort of a common way of classifying, and thinking about, and connecting these various networks and building them in the first place.
Now because they’re not – but at the same time we also heard they're not quite there yet and we were expecting this by the end of last year – by the end of last year. So it’s suggesting they're still having – ironing out the details.
O'CONNELL: Shaun Waterman with UPI, what did you learn?
WATERMAN: Well, I think the other interesting issue that came up was, you know, this adoption of so-called spiral development. I am not by any means an expert on (INAUDIBLE) government acquisition but we are talking – I mean it is an important issue. We are talking about approximately $40 billion a year the intelligence community spends we don’t know how much of that is on IT but I bet it’s a good chunk.
And, you know, these are very expensive and when they go wrong, as has happened, you know, we talked about Trail Blazer, the National Security Agency’s horrendously failed acquisition – when things go wrong it’s very …
O'CONNELL: What was Trail Blazer?
WATERMAN: Trail Blazer was basically an effort to take the National Security Agency’s indexing abilities for all this vast data that it sucks up from monitoring telephone, and satellite, and wireless communications all over the world – a kind of new database indexing system and very crudely. And, you know, it was – it was – it dragged on for years. It was – a lot of money was spent and basically at the end of it they had almost nothing to show for it.
And I mean I think it was interesting that he talked about, you know, the big bang acquisition, which is the classics of military, you know – you need a new fighter, you go out and design one, then you build it and you pay for it. And frankly, price is not an object.
So, you know, to move away from that into a more what they call a spiral development where each stage of the – of the process you're refining your needs, you're – and working out what technologies are out there or that you need to develop in-house to, you know, to meet the need.
It has proved rather controversial. I mean I believe a form of it is used in the ballistic missile development program where – and hasn’t – you know, hasn’t universally been welcomed as a good thing.
O'CONNELL: Kevin, you asked about the question of culture versus technology in integrating all of the intelligence services when it comes to communications. In your reporting what have you found?
WHITELAW: Well, you know, I think, you know, the General hinted at that a little bit and in the end it is these cultural aspects that are often difficult. It’s, you know, Congress can mandate one thing but it’s then there might be several other levels of bureaucratic differences or obstacles that people just sort of haven't dealt with in the past. I think this office is now starting to try to wrestle with not just the top level of saying we need to share information but then actually figuring out how that works.
And what’s interesting about what the General’s trying to do at the DNI’s office is he is trying to lay that basic foundation so that if you make all of these networks able to talk to each other sort of seamlessly and that it all happens in the background, that might actually change the culture of sharing all by itself.
In other words, once people can do it without any obstacles or with very, very few obstacles, it might happen whether or not they realize it. And I think that’s why people outside of the community and inside the community look at what he is doing and say this is the most potentially transforming part of what the DNI’s office is doing, problem is it’s also still very difficult. You're still talking about difficulty – difficult cultures that have their own, you know, very legitimate security concerns. And you're also still talking about these really huge, complicated systems.
You know, $44 billion community, 100,000 people, 16 different agencies, lots of computer networks, you know, all of them designed individually and to – you know, to maximize the utility for one individual agency or one individual departments it’s, you know, it’s a huge challenge.
O'CONNELL: But that may be a huge challenge but let me make an even bigger question, just intelligence reform in general, where are we and where do we still have to go, Shaun?
WATERMAN: Always with the easy questions – well, I mean I think one thing that we will find out more of the answer to that question when the budget comes – you know, when the budget process is finished. And obviously, we won't see the intelligence budget but it will be delivered to Congress, you know, the classified annexes, and we will, you know – I think then the people who do oversight on Capitol Hill will begin to get a much clearer feel. Because this is the first time they have had the budgetary reins and, you know, right from the beginning the whole, as it were, point of the Director of National Intelligence was that he would be able to leverage the power of the purse to essentially knock heads together within the – among these 16 agencies and make everyone play nice.
So I mean the jury’s still out. I think that – I mean, you know, the General – General Meyerrose talked about some of the successes that they’ve had. I mean, you know, intelligence community officials want to lament often at inordinate length, in my view, about the fact that their job is secret means that, you know, we never get to find out all the successes they have. We rarely get to – I mean often we don’t get to find out about the failures either.
But so I don’t know. I think the – I think the jury is still very much out on that.
O'CONNELL: Shaun Waterman, Homeland & National Security Editor for UPI; and Kevin Whitelaw, U.S. News & World Report, National Security Correspondent, thank you very much for joining us this week on Newsmakers.
WHITELAW: Thanks for having us. Thank you.
END