NSA head General Keith Alexander said at a forum earlier this week that the agency is taking steps to insure that a breach of its systems like the one committed by Edward Snowden, a former NSA contractor employed through Booz Allen Hamilton, cannot occur again.  The agency is said to be implementing new security measures to prevent unauthorized access to it systems.

From Bloomberg:

Alexander said the NSA has determined which files Snowden took and said they amounted to a lot of information, though he wouldn’t say how much. “We’re taking action to fix this” so it can’t happen again, said Alexander, who was interviewed on stage at the forum by Pete Williams of NBC News.

The new security measures include restricting the use of removable media, such as thumb drives, by systems administrators to move data among network servers, Alexander said. U.S. officials have said that Snowden used a thumb drive to copy the documents he took.

Alexander outlined other steps, including requiring two people to execute some activities, such as gaining access to server rooms, and speeding programs to encrypt files to make them readable only to authorized users.

I hate to ask the obvious, but how were such protections not already in place? This is the NSA, after all.

This, as the announcement came last week that Booz Allen just won part of a $900 million contract for Navy cyber work.

While the Air Force ultimately determined that the contracting firm held no responsibility for Snowden’s actions, the U.S. Office of Personnel Management’s inspector general testified in June that the firm responsible for vetting Snowden had been under investigation.

From the Associated Press (via Yahoo News):

Appearing at a Senate hearing, Patrick McFarland, the U.S. Office of Personnel Management’s inspector general, said USIS, the company that conducted the background investigation of former NSA systems analyst Edward Snowden, is now under investigation itself.

McFarland declined to say what triggered the inquiry of USIS or whether the probe is related to Snowden. But when asked by Sen. Jon Tester, D-Mont., if there were any concerns about the USIS background check on Snowden, McFarland answered: “Yes, we do believe that there may be some problems.”

[…]

At the hearing, McFarland called for much closer oversight of the investigators who conduct background checks. He said that 18 background investigators and record searchers have been criminally convicted since 2006 for fabricating information in background reports.

McFarland’s office is actively working on 11 fabrication cases and another 36 cases involving background investigators are pending, according to data he provided to the subcommittees.

I’m not against the use of contractors in government security work.  But a system’s security is only as strong as its weakest link.  Under the circumstances, let’s hope the NSA is a little further along than just banning thumb drives (again) and requiring escorts to server rooms.