In-Q-Tel's Louie: IT security policies have become self-defeating

Find opportunities — and win them.

The head of the CIA's venture-capital arm says misguided IT security policies have paralyzed the government's ability to share vital national-security data.

LAS VEGAS?The head of the CIA's venture-capital arm told an audience of cybersecurity experts earlier this week that misguided IT security policies have paralyzed the government's ability to share vital national-security data.

"From an IT perspective, we are losing the war on terror," said Gilman Louie, president and CEO of In-Q-Tel. "The bad guys are winning because we have convinced ourselves that our networks are so insecure, and that we are unable to protect information on them, that we don't put information on our systems."

Louie, speaking at the Black Hat Briefings computer security conference, said this paralysis impedes our ability to protect ourselves from terrorist attacks such as the recent bombings carried out on London's transportation systems.

"People are going to die," he said. "Attack is imminent. London is coming to the United States."

In-Q-Tel was chartered to help fund the commercial development of technologies that could be used by the intelligence community. The name was inspired by the gadget master known only as "Q" in the James Bond movies.

Louie said that layers of information security are inhibiting the use of vital information. Almost four years after the attacks of Sept. 11, 2001, little progress has been made on information-sharing between and among government agencies.

"We fundamentally don't have it," Louie said. "We are crippled beyond your wildest imagination. We can't even get a simple thing like e-mail to work across agencies" because no one trusts anyone else, he lamented.

Louie blamed the problem on policies created by non-IT professionals restricting the use of technology because its security is less than perfect. "Perfection is the enemy of the good," he said. Such policies could be increasing the nation's risk rather than reducing it.

The solution, according to Louie: "Shoot all the lawyers in the room [and] shoot all the 'Dr. No's"?policy-compliance types who blindly insist on layers of security that inhibit rather than enable the use of information. "Either educate them, get rid of them or send them to Siberia."

Louie said the focus of IT should be the effective use of information, and that security is only one function of that. That focus is reflected in his work at In-Q-Tel, he added.

"The interesting stuff we're working on right now is in visual sciences," that enable an understanding of how information is used across a system so that the value of sharing it can be balanced against security risks.

William Jackson is a staff writer for Washington Technology's sister publication, Government Computer News.