Image 01 Image 03

NSA Taking Action to Implement New System Security Measures

NSA Taking Action to Implement New System Security Measures

NSA head General Keith Alexander said at a forum earlier this week that the agency is taking steps to insure that a breach of its systems like the one committed by Edward Snowden, a former NSA contractor employed through Booz Allen Hamilton, cannot occur again.  The agency is said to be implementing new security measures to prevent unauthorized access to it systems.

From Bloomberg:

Alexander said the NSA has determined which files Snowden took and said they amounted to a lot of information, though he wouldn’t say how much. “We’re taking action to fix this” so it can’t happen again, said Alexander, who was interviewed on stage at the forum by Pete Williams of NBC News.

The new security measures include restricting the use of removable media, such as thumb drives, by systems administrators to move data among network servers, Alexander said. U.S. officials have said that Snowden used a thumb drive to copy the documents he took.

Alexander outlined other steps, including requiring two people to execute some activities, such as gaining access to server rooms, and speeding programs to encrypt files to make them readable only to authorized users.

I hate to ask the obvious, but how were such protections not already in place? This is the NSA, after all.

This, as the announcement came last week that Booz Allen just won part of a $900 million contract for Navy cyber work.

While the Air Force ultimately determined that the contracting firm held no responsibility for Snowden’s actions, the U.S. Office of Personnel Management’s inspector general testified in June that the firm responsible for vetting Snowden had been under investigation.

From the Associated Press (via Yahoo News):

Appearing at a Senate hearing, Patrick McFarland, the U.S. Office of Personnel Management’s inspector general, said USIS, the company that conducted the background investigation of former NSA systems analyst Edward Snowden, is now under investigation itself.

McFarland declined to say what triggered the inquiry of USIS or whether the probe is related to Snowden. But when asked by Sen. Jon Tester, D-Mont., if there were any concerns about the USIS background check on Snowden, McFarland answered: “Yes, we do believe that there may be some problems.”

[…]

At the hearing, McFarland called for much closer oversight of the investigators who conduct background checks. He said that 18 background investigators and record searchers have been criminally convicted since 2006 for fabricating information in background reports.

McFarland’s office is actively working on 11 fabrication cases and another 36 cases involving background investigators are pending, according to data he provided to the subcommittees.

I’m not against the use of contractors in government security work.  But a system’s security is only as strong as its weakest link.  Under the circumstances, let’s hope the NSA is a little further along than just banning thumb drives (again) and requiring escorts to server rooms.

 

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

Barn door

ain’t like we didn’t know this was coming !!

So they are going to fix the system so that they no longer spy on Americans without a warrant or reason? They are going to come clean about which politicos they have been collecting evidence on?

I could care less about them ‘tightening up’ security as it is a 100% certainty that Russia, China, etc are arm deep up the subcontractors’ backsides.

At this point what we need is sunlight as a disinfectant not more procedures to ensure that Americans never know what violations are occurring.

Barn door indeed.

Agree with forksdad; no mention was made of the public and the spying being done on us, only tightening up security measures to prevent another Snowden-like situation.

Public be damned. F’in idjits can’t even see the problem. Hint: it’s not security, Duh!

In the late 70’s, I went to work for a military contractor, where I was granted a secret clearance after just 6 months of employment and maintained that clearance for the 23 years I worked there. That I am aware, there was never a reassessment of my clearance by company security, only a requirement that I self-report any travel to prohibited (read: communist) countries or contact with ‘un-American’ (subversive) group(s). It’s been 15 years since I last worked there so I don’t know whether there have been policy changes, but it strikes me odd that the secret clearance is for the duration of an employee’s career.

Perhaps that is because the security program relies upon the honesty and integrity of the individual first, with only cursory surveillance by security personnel to spot the obvious and serve as a reminder. How well I remember the factory labor filing past the security guards at shift’s end, each stopping to open their lunch and tool boxes to be inspected for company property. Meanwhile, cars driven by management were waved through the gates to the inside parking lots with nothing more than a flash of the badge and parking pass. Drawings and documents could have been carted out by the truckload with ease, as vehicles were almost never stopped and searched.

I suspect the only reason most programs remain secure, is the fact few individuals have a complete view/understanding of the overall program. In my business, the guys in the know would have been system’s engineering and project management. And of course the vault keepers where the documents and drawings are stored. Sounds like Snowen is the ‘electronic’ equivalent of a document vault librarian. Snowden could have been stopped by individual document encryption. I’m surprised that system security wasn’t implemented at the individual record level. A sys-admin could conceivably do the job with encrypted files by checksum verification. They don’t need to see/have access to the unencrypted files.

Look if you don’t want people whistleblowing, then stop being evil. The only reason why Snowden did what he did is because he saw what the NSA did to other people that questioned the legalities and ethics of what was happening. The NSA turned the ethics channels into honeypots to suppress dissent and intimidate anyone else that would question their methods. Imagine if we had a Snowden at the IRS! The FBI! the ATF! Hell the freaking Press core!

My God I can only imagine this. BTW, the above security protocols are BS. Good luck trying to enforce them.

[…] NSA head General Keith Alexander said at a forum earlier this week that the agency is taking steps to insure that a breach of its systems like the one committed by Edward Snowden, a former NSA contractor employed through Booz Allen Hamilton, cannot occur again.  The agency is said to be implementing new security measures to prevent unauthorized access to it systems. [Read the full article] […]

BannedbytheGuardian | July 20, 2013 at 4:41 am

I think random shooting might do the trick. Like the French did for battle failure – just round up one per office / unit & take them out & aim.

Snowden is a hero. I pray there are thousands more Snowden’s out there. He did his part. Now sheeple, wake up!

[…] the national security policy realm, the laws and regulations are very well defined and need to be enforced. Congress and the agencies should start by enforcing these laws. Moreover, Congress must use the […]