The U.S. Central Intelligence Agency doesn't like to talk about its mistakes. It's not just embarrassing, but officials believe exposing details about how an operation went wrong reveals too much about how it captures enemy secrets. But published statements and news reports suggest one recent error--the U.S. bombing of the Chinese embassy in Belgrade during the Kosovo war last year, which killed three and injured 20--happened in part because CIA officers targeted what they thought was a Yugoslav Army warehouse based on outdated maps, and others failed to catch the mistake before the proposal was passed to the military.
No knowledge management system can replace human judgement, but CIA officials are convinced that if employees can find the information they need more easily, they'll produce better analysis and make fewer errors like this one. CIA analysts draw from tens of thousands of satellite feeds, news reports and tips from counterparts in other government agencies to produce daily intelligence reports for the president and military leaders. But if someone who isn't part of an analyst's network of colleagues has some critical data or a new insight, it's hard for him to learn about it. To protect classified information from falling into the wrong hands, the CIA discourages employees from sharing information with anyone who can't prove they need to know it. As a result, groups of analysts have erected thick firewalls around themselves, built their own systems and organised information in ways that make sense only to them.
It's this lack of uniformity that bedevils most knowledge-sharing efforts, says Christopher Olsen, chief of records and classification management with the agency. It's hard to find anything--even green beans in a grocery store--if you don't know how what you're looking for is arranged. Knowledge management experts call such organisation schemes taxonomies.
"If information isn't captured [in a filing system], it goes into the corporate mass in a disorganised way," Olsen says. "Even if you put some fancy search engine over it, the likelihood of being able to get to the information you want quickly is not high." So when the CIA launched a new knowledge management project two years ago, Olsen and his boss, Deputy Director of Information Management Lanie D'Alessandro, argued for a solution based on a tried-and-true taxonomy--the system that its in-house librarians and records managers had been using for more than half a century for cataloguing official agency records.
It's these records, not surprisingly, that are most valuable to analysts. As a government agency, the CIA is required by law to save documents that explain its operations, from national security assessments to covert actions. These records are organised by subject matter and timeliness under numerous categories and subcategories. Anything important enough for others to see is, by definition, important enough to store in this official record-keeping system, which also includes procedures for getting rid of outdated material.
The CIA needs knowledge management for the same reason large companies do. No longer focused on one well-known enemy, as it was on the Soviet Union during the Cold War, and under pressure to deliver better products at lightning speed, it's much harder for CIA analysts to rely on their own collections of data and personal contacts and keep up with the workload.
"We looked at what we actually kept as business records," notes Olsen, and analysts agreed that this was the information they wanted to be able to share. From there, the CIA set out to design a knowledge management system that mirrored how files were traditionally organised. The solution: something they call a "metadata repository," which is essentially a Web-enabled "card catalogue" that lets end users search for information using standard fields, such as author, subject, date, secrecy level and each file's original recipients. Most of this data is already supposed to be collected for record-keeping purposes, although a recently released audit of CIA record-keeping practices by the National Archives concluded that not every office in the agency has done this consistently in the past.
The agency intends to solve this problem by automatically capturing most of the metadata. New information systems or upgrades to legacy systems will include this capability, although to date only four systems do.
Having the metadata repository will let the CIA balance analysts' need for information with traditional security concerns. "Before, we could never be sure how to let someone know we had something that would be of use to them without divulging too much," says Olsen. Using the metadata repository, an analyst can get a list of resources. But because the search engine screens the database according to each user's security clearance or similar restrictions, the analyst would learn only about resources he is allowed to know about.
Because users get pointers to information from the repository but not necessarily access to the actual files, the people who own the information can still control whether they share it. There's no guarantee that they will, acknowledges agency CIO John Young. "It would be fatuous if I said we had solved the problem and that every officer in the agency was inspired to put the interests of the agency above the interests of his or her office," he says. But the demands of the job are opening minds and databases. "Intelligence problems require more co-operative work than before," he adds.
D'Alessandro says analysts "have been yearning for some standards to allow them to accept and pass along" files because they don't have the budgets to build interfaces system by system as they did in earlier, better funded times. The CIA doesn't disclose its budget, but according to one recent estimate, the total money the United States spends on intelligence has just kept pace with inflation.
Many companies also catalogue important records--legal documents, product designs, customer files and research notes--and could base their own knowledge management systems on these catalogues. But D'Alessandro says technologists often don't ask librarians and records managers, who are information management experts, to take the lead in designing new databases and interfaces. Her previous job was as the CIA's deputy CIO, so she knows firsthand that "information management is always overlooked by the IT side."
"I think we were invited as a courtesy," she says. "We have interjected ourselves and have tried to tie ourselves to the [technology] side" of the project. "We got in through the backdoor."
Agency officials agree that broader access to information by CIA officers might also help to prevent intelligence blunders. Jim Reid, chairman of the CIA's knowledge management steering committee, notes that getting "the right information to the right person at the right time" is a mantra in the agency. Neither Reid nor other officials interviewed for this article would provide specific examples of how knowledge sharing might have helped in past cases. But Reid did say part of the point of knowledge management is to prevent fiascos like the Chinese embassy bombing in the future.
For instance, says Reid, the metadata repository will point end users to a set of official maps. "If the map in there is wrong, you're going to see the wrong data," he says. "But it will solve the problem of someone having a map you don't know exists."
Have any KM ideas you'd like to share? E-mail us at firstname.lastname@example.org.
The Organisation: Central Intelligence Agency (CIA)Founded: 1947 Budget: $3.1 billion (estimate) Employees: 16,000 (estimate) KM Problem: How to organise many types of electronic information used to produce daily intelligence briefings for government leaders URL: www.cia.gov Critical Analysis:
Spy Versus Spy
By Tom Davenport
Ever see the movie Enemy of the State? In this (pretty decent) movie, Will Smith witnesses a murder by a U.S. senator and then has to outwit an intelligence agency with virtually perfect information on his whereabouts, vocal expressions, friends and family, and so on. It seemed to me that everything in the movie was actually possible if only the various data, information and knowledge bases at the agency were fully integrated and available in real-time.
So as a law-abiding American citizen like Will, I am reassured by this case study of the Central Intelligence Agency. I'm reassured that the CIA is practising knowledge management because we don't want the bad guys of this world to get away with too much. And I am reassured that the lack of informational integration and a sharing-oriented culture will make it impossible for the CIA or other intelligence groups to know too much about us anytime soon.
As knowledge management goes, the Central Intelligence Agency's approach is straightforward. We're talking about a repository for electronic documents with a browser-based catalogue. As the case suggests, the idea of a catalogue is as old as the library. And there is no cutting-edge technology involved here. Who knows, maybe the agency is holding back on the really good stuff.
As a knowledge repository, the CIA system seems to employ most of the regnant best practices. For example, it not only captures knowledge but also records the name of the individual who created it. In addition, it supplies some information about contacting that person. "Pointers to people," I call it.
This is enormously helpful, as it allows seekers of knowledge the ability to acquire some tacit knowledge along with their explicit items. It might include more detail on the source, relevance and limitations of the knowledge in the repository. Apparently at the CIA, it's pretty difficult to find out who knows what, with everybody wearing sunglasses, fedoras and trench coats, thus being largely invisible.
Perhaps the most unusual aspect of this knowledge application relative to other organisations is that the categorisation scheme for knowledge at the CIA has endured without change for several years. Most companies have a more dynamic knowledge environment than that. For example, it's unlikely that the terms business-to-business exchanges, m-commerce and, for that matter, knowledge management would have appeared in most companies' lexicons five years ago.
And, of course, the CIA has more stringent policies for security than other organisations. When you do a query in this system, it returns only citations to documents you are allowed to see. I'm just speculating that if you stumble on a document that's not supposed to exist, perhaps your keyboard issues a massive electrical shock and you are liquidated.
Given the growing interest in information privacy, perhaps all companies will soon adopt approaches similar to that of The Company.