Risk
8/9/2013
04:00 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

NSA Cuts 90% Of System Admin Jobs

National Security Agency pursues automation to limit insider threats in wake of Snowden incident. Some experts doubt that's the answer.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
In an effort to reduce the risk of unauthorized leaks, the National Security Agency plans to eliminate most of its system administrator positions.

Reuters on Friday reported that Keith Alexander, director of the NSA, speaking in a panel discussion at the ICCS 2013 security conference in New York, said that the agency "is reducing our system administrators by about 90%" and that employing technology in place of people will make the agency's data and network more secure.

The NSA did not immediately respond to a request to confirm the report and to clarify whether affected system administrators are being laid off or assigned different responsibilities. According to Reuters, the NSA employs about 1,000 system administrators.

[ Are government info demands driving some companies to close? Read Lavabit, Silent Circle Shut Down: Crypto In Spotlight. ]

The efficacy of the move was immediately questioned. "NSA to turn 90% of its system administrators into disgruntled former employees," quipped Wired investigations editor Kevin Poulsen via Twitter. "That will surely end leaks."

The NSA's purge of system administrators follows a series of unauthorized disclosures by a former IT contractor, Edward Snowden, that sparked unprecedented political debate in the U.S. and abroad about the scope and legality of U.S. surveillance powers and adequacy of oversight mechanisms.

Alan Kessler, CEO of Vormetric, a data security company, doesn't see a headcount reduction as the optimal way of dealing with insider threats. "It's not the quantity of system admins," he said in a phone interview. "It's what they can do, because it only takes one." He suggests it is better to prevent systems administrators from being able to access sensitive data. "You need to give them just enough information to do their jobs," he said.

Kessler also pointed out that insider threats are not always deliberate, noting that phishing emails to employees can turn oblivious insiders into the source of a breach.

U.S. authorities are seeking to arrest Snowden, who has been granted temporary asylum in Russia. They refuse to consider him a whistleblower, someone who sought to expose illegal activity for the benefit of the public, insisting the NSA's surveillance is lawful.

On Friday, The Guardian, the U.K. news organization through which much of Snowden's leaks have been presented to the public, revealed still more details about NSA surveillance. The paper reported that an undisclosed rule change gives the NSA legal cover to search through the email and phone calls of U.S. citizens without a warrant, a claim that calls into question assurances by government officials that the communications of U.S. citizens are not being deliberately collected.

The NSA is not alone in re-evaluating its ability to prevent insiders from exposing its secrets. Still smarting from Army Pfc. Bradley Manning's unauthorized disclosure of classified information to Wikileaks, the Army last month established an Insider Threat Program, in response to a 2012 White House directive.

Just how useful this hunt for potential leakers will be remains to be seen. The kinds of behavior military and intelligence agencies will be using to flag potential threats appears to be broad enough that false positives might be a problem. As noted by Steven Aftergood, who tracks government secrecy at the Federation of American Scientists' Secrecy Blog, Defense Information Systems Agency training materials suggest that an employee who "speaks openly of unhappiness with U.S. foreign policy" might merit watching.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
NickyHelmkamp
50%
50%
NickyHelmkamp,
User Rank: Apprentice
9/3/2013 | 8:32:57 PM
re: NSA Cuts 90% Of System Admin Jobs
InterWorx included this article in their Monthly Round Up for August: http://www.interworx.com/commu.... Thanks for the awesome content Thomas!
bkosh
50%
50%
bkosh,
User Rank: Apprentice
8/14/2013 | 9:28:37 PM
re: NSA Cuts 90% Of System Admin Jobs
I agree with Charlie, there seemed to be something off about this, either the guy is A: crazy or B: undone. Probably the latter. The NSA is obviously doing most everything wrong security wise while the FBI showed at Black Hat they are doing most everything right. Perhaps inter-agency cooperation?
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/14/2013 | 12:38:03 AM
re: NSA Cuts 90% Of System Admin Jobs
There's no time element to the NSA director's statement. He was going in Monday morning and firing 900 system admins, or he was establishing the goal, to be executed over several years, of reducing the number. If the latter, than Keith Alexander was expressing the secret wish of every CIO from Maine to Mexico. Move toward automated IT operations, reduce the number of people dedicated to keeping machines running.We have a fragment of reporting on a jaded, politicized administrator caught in the public spotlight. I don't know which he meant. Charlie Babcock
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/13/2013 | 12:33:40 PM
re: NSA Cuts 90% Of System Admin Jobs
I was also surprised that substantial leaks hadn't come out earlier. But I don't think that many people would take all the risks Snowden has (just look at his ordeal with trying to get temporary asylum), knowing that they could be slammed with an espionage charge and that they would have a difficult time seeking asylum in another country.
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
8/13/2013 | 3:30:28 AM
re: NSA Cuts 90% Of System Admin Jobs
You read my mind, here, Smail, but I tend to agree with MyW0r1d that it's a senior-level, knee-jerk reaction that's more likely going to lead to administrative gaps, delays in service and problems. Even government agencies wouldn't be so overstaffed that they could survive such drastic cuts without impacts -- would they? At the very least the surviving 10% would revolt
SmailB826
50%
50%
SmailB826,
User Rank: Apprentice
8/13/2013 | 12:49:36 AM
re: NSA Cuts 90% Of System Admin Jobs
If you can operate with 1/10 the network admins that you had yesterday what does this say about your management of your operation?

Seriously, any place that can fire 900 out of 1000 admins and still function is about to be a major mess or was an expensive daycare for IT people.

Can our government do ANYTHING right? They don't even know how to downsize credibly...
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/12/2013 | 8:52:33 PM
re: NSA Cuts 90% Of System Admin Jobs
Agree with Cara-- seems like a sort of desperate reaction. That said, when the leaks hit, I was surprised that this level of sensitive data was available to a contractor such as Snowden in the first place. Career government people? Sure. But that a contractor could see the whole scope and scale of the surveillance program-- not the kind of system I would have guessed. Upon learning that someone of Snowden's status had access to the content, I was doubly surprised, given the wildly divisive nature of the project, that substantial leaks hadn't been come out earlier.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/12/2013 | 5:04:47 PM
re: NSA Cuts 90% Of System Admin Jobs
Barn door, meet horse. On the plus side, Top Secret clearances are expensive to issue and maintain. Funneling some of that money to automation should help.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/12/2013 | 5:01:40 PM
re: NSA Cuts 90% Of System Admin Jobs
Edward Snowden's actions, whatever else they may be, amounted to a security audit that found NSA IT security policies lacking. Getting rid of IT people won't make those policies more robust.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
8/12/2013 | 3:29:01 PM
re: NSA Cuts 90% Of System Admin Jobs
Typical Fed.Gov. senior management reaction in an attempt to deflect attention from the real cause, failure in the hiring process compounded by poor personnel management (maybe Snowden just needed someone to listen seriously to his concerns to mitigate his actions). It will be interesting to know if those individuals are reassigned other duties or layed off, but whatever the case if you can even consider doing without 90% of your staff you have been almost criminally overstaffing. Overdependency on automation will almost certainly create more service outage as human discretion to intervene is removed (the human desire and success to find ways to circumvent automation is proven).
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.