Delivering his keynote speech at the first day of the Black Hat 2005 conference in Las Vegas yesterday, In-Q-Tel boss Gilman Louie said the intelligence community has it hands tied by restrictive security measures.
Sounding increasingly frustrated, Louie said: I’m telling you today, an attack is imminent. London is coming to the US. And they’re all going to blame the information security guys.
Forty-seven months after 9/11, we now have testimony about how we’re going to approach information sharing. Yesterday was the first day we’ve started talking about this, he said. It took less time to win World War II, he said.
Drawing on examples from his experience in government circles, Louie said security has become too complicated for users to use their information systems effectively, and that data is frequently too secure to be used well.
We’re crippled beyond your wildest imagination, he said, talking about security procedures that prevent intelligence employees from, for example, taking their Blackberry devices into agency buildings.
We’d better change this conversation in a hurry, he said. Information security as a goal should be replaced by information effectiveness, he said.
He drew comparisons between government’s ineffective use of technology, and practices such as blocking TCP port 25 to stop email threats, inconvenient digital rights management technology, and using slow PKI to encrypt communications.
In these cases, the security makes it harder to access and use information. Users work around it. In the commercial world, it means customers go to competitors. In enterprises, they go to external sources of information. In counter-terrorism, it means information does not reach the people who need to use it.
There’s no point putting the information in a safe and locking it away. Why did we collect it in the first place? Louie asked.
