Risk
8/9/2013
04:00 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

NSA Cuts 90% Of System Admin Jobs

National Security Agency pursues automation to limit insider threats in wake of Snowden incident. Some experts doubt that's the answer.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
In an effort to reduce the risk of unauthorized leaks, the National Security Agency plans to eliminate most of its system administrator positions.

Reuters on Friday reported that Keith Alexander, director of the NSA, speaking in a panel discussion at the ICCS 2013 security conference in New York, said that the agency "is reducing our system administrators by about 90%" and that employing technology in place of people will make the agency's data and network more secure.

The NSA did not immediately respond to a request to confirm the report and to clarify whether affected system administrators are being laid off or assigned different responsibilities. According to Reuters, the NSA employs about 1,000 system administrators.

[ Are government info demands driving some companies to close? Read Lavabit, Silent Circle Shut Down: Crypto In Spotlight. ]

The efficacy of the move was immediately questioned. "NSA to turn 90% of its system administrators into disgruntled former employees," quipped Wired investigations editor Kevin Poulsen via Twitter. "That will surely end leaks."

The NSA's purge of system administrators follows a series of unauthorized disclosures by a former IT contractor, Edward Snowden, that sparked unprecedented political debate in the U.S. and abroad about the scope and legality of U.S. surveillance powers and adequacy of oversight mechanisms.

Alan Kessler, CEO of Vormetric, a data security company, doesn't see a headcount reduction as the optimal way of dealing with insider threats. "It's not the quantity of system admins," he said in a phone interview. "It's what they can do, because it only takes one." He suggests it is better to prevent systems administrators from being able to access sensitive data. "You need to give them just enough information to do their jobs," he said.

Kessler also pointed out that insider threats are not always deliberate, noting that phishing emails to employees can turn oblivious insiders into the source of a breach.

U.S. authorities are seeking to arrest Snowden, who has been granted temporary asylum in Russia. They refuse to consider him a whistleblower, someone who sought to expose illegal activity for the benefit of the public, insisting the NSA's surveillance is lawful.

On Friday, The Guardian, the U.K. news organization through which much of Snowden's leaks have been presented to the public, revealed still more details about NSA surveillance. The paper reported that an undisclosed rule change gives the NSA legal cover to search through the email and phone calls of U.S. citizens without a warrant, a claim that calls into question assurances by government officials that the communications of U.S. citizens are not being deliberately collected.

The NSA is not alone in re-evaluating its ability to prevent insiders from exposing its secrets. Still smarting from Army Pfc. Bradley Manning's unauthorized disclosure of classified information to Wikileaks, the Army last month established an Insider Threat Program, in response to a 2012 White House directive.

Just how useful this hunt for potential leakers will be remains to be seen. The kinds of behavior military and intelligence agencies will be using to flag potential threats appears to be broad enough that false positives might be a problem. As noted by Steven Aftergood, who tracks government secrecy at the Federation of American Scientists' Secrecy Blog, Defense Information Systems Agency training materials suggest that an employee who "speaks openly of unhappiness with U.S. foreign policy" might merit watching.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
NickyHelmkamp
50%
50%
NickyHelmkamp,
User Rank: Apprentice
9/3/2013 | 8:32:57 PM
re: NSA Cuts 90% Of System Admin Jobs
InterWorx included this article in their Monthly Round Up for August: http://www.interworx.com/commu.... Thanks for the awesome content Thomas!
bkosh
50%
50%
bkosh,
User Rank: Apprentice
8/14/2013 | 9:28:37 PM
re: NSA Cuts 90% Of System Admin Jobs
I agree with Charlie, there seemed to be something off about this, either the guy is A: crazy or B: undone. Probably the latter. The NSA is obviously doing most everything wrong security wise while the FBI showed at Black Hat they are doing most everything right. Perhaps inter-agency cooperation?
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/14/2013 | 12:38:03 AM
re: NSA Cuts 90% Of System Admin Jobs
There's no time element to the NSA director's statement. He was going in Monday morning and firing 900 system admins, or he was establishing the goal, to be executed over several years, of reducing the number. If the latter, than Keith Alexander was expressing the secret wish of every CIO from Maine to Mexico. Move toward automated IT operations, reduce the number of people dedicated to keeping machines running.We have a fragment of reporting on a jaded, politicized administrator caught in the public spotlight. I don't know which he meant. Charlie Babcock
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/13/2013 | 12:33:40 PM
re: NSA Cuts 90% Of System Admin Jobs
I was also surprised that substantial leaks hadn't come out earlier. But I don't think that many people would take all the risks Snowden has (just look at his ordeal with trying to get temporary asylum), knowing that they could be slammed with an espionage charge and that they would have a difficult time seeking asylum in another country.
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
8/13/2013 | 3:30:28 AM
re: NSA Cuts 90% Of System Admin Jobs
You read my mind, here, Smail, but I tend to agree with MyW0r1d that it's a senior-level, knee-jerk reaction that's more likely going to lead to administrative gaps, delays in service and problems. Even government agencies wouldn't be so overstaffed that they could survive such drastic cuts without impacts -- would they? At the very least the surviving 10% would revolt
SmailB826
50%
50%
SmailB826,
User Rank: Apprentice
8/13/2013 | 12:49:36 AM
re: NSA Cuts 90% Of System Admin Jobs
If you can operate with 1/10 the network admins that you had yesterday what does this say about your management of your operation?

Seriously, any place that can fire 900 out of 1000 admins and still function is about to be a major mess or was an expensive daycare for IT people.

Can our government do ANYTHING right? They don't even know how to downsize credibly...
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/12/2013 | 8:52:33 PM
re: NSA Cuts 90% Of System Admin Jobs
Agree with Cara-- seems like a sort of desperate reaction. That said, when the leaks hit, I was surprised that this level of sensitive data was available to a contractor such as Snowden in the first place. Career government people? Sure. But that a contractor could see the whole scope and scale of the surveillance program-- not the kind of system I would have guessed. Upon learning that someone of Snowden's status had access to the content, I was doubly surprised, given the wildly divisive nature of the project, that substantial leaks hadn't been come out earlier.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/12/2013 | 5:04:47 PM
re: NSA Cuts 90% Of System Admin Jobs
Barn door, meet horse. On the plus side, Top Secret clearances are expensive to issue and maintain. Funneling some of that money to automation should help.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/12/2013 | 5:01:40 PM
re: NSA Cuts 90% Of System Admin Jobs
Edward Snowden's actions, whatever else they may be, amounted to a security audit that found NSA IT security policies lacking. Getting rid of IT people won't make those policies more robust.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
8/12/2013 | 3:29:01 PM
re: NSA Cuts 90% Of System Admin Jobs
Typical Fed.Gov. senior management reaction in an attempt to deflect attention from the real cause, failure in the hiring process compounded by poor personnel management (maybe Snowden just needed someone to listen seriously to his concerns to mitigate his actions). It will be interesting to know if those individuals are reassigned other duties or layed off, but whatever the case if you can even consider doing without 90% of your staff you have been almost criminally overstaffing. Overdependency on automation will almost certainly create more service outage as human discretion to intervene is removed (the human desire and success to find ways to circumvent automation is proven).
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.