Risk
8/9/2013
04:00 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

NSA Cuts 90% Of System Admin Jobs

National Security Agency pursues automation to limit insider threats in wake of Snowden incident. Some experts doubt that's the answer.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
In an effort to reduce the risk of unauthorized leaks, the National Security Agency plans to eliminate most of its system administrator positions.

Reuters on Friday reported that Keith Alexander, director of the NSA, speaking in a panel discussion at the ICCS 2013 security conference in New York, said that the agency "is reducing our system administrators by about 90%" and that employing technology in place of people will make the agency's data and network more secure.

The NSA did not immediately respond to a request to confirm the report and to clarify whether affected system administrators are being laid off or assigned different responsibilities. According to Reuters, the NSA employs about 1,000 system administrators.

[ Are government info demands driving some companies to close? Read Lavabit, Silent Circle Shut Down: Crypto In Spotlight. ]

The efficacy of the move was immediately questioned. "NSA to turn 90% of its system administrators into disgruntled former employees," quipped Wired investigations editor Kevin Poulsen via Twitter. "That will surely end leaks."

The NSA's purge of system administrators follows a series of unauthorized disclosures by a former IT contractor, Edward Snowden, that sparked unprecedented political debate in the U.S. and abroad about the scope and legality of U.S. surveillance powers and adequacy of oversight mechanisms.

Alan Kessler, CEO of Vormetric, a data security company, doesn't see a headcount reduction as the optimal way of dealing with insider threats. "It's not the quantity of system admins," he said in a phone interview. "It's what they can do, because it only takes one." He suggests it is better to prevent systems administrators from being able to access sensitive data. "You need to give them just enough information to do their jobs," he said.

Kessler also pointed out that insider threats are not always deliberate, noting that phishing emails to employees can turn oblivious insiders into the source of a breach.

U.S. authorities are seeking to arrest Snowden, who has been granted temporary asylum in Russia. They refuse to consider him a whistleblower, someone who sought to expose illegal activity for the benefit of the public, insisting the NSA's surveillance is lawful.

On Friday, The Guardian, the U.K. news organization through which much of Snowden's leaks have been presented to the public, revealed still more details about NSA surveillance. The paper reported that an undisclosed rule change gives the NSA legal cover to search through the email and phone calls of U.S. citizens without a warrant, a claim that calls into question assurances by government officials that the communications of U.S. citizens are not being deliberately collected.

The NSA is not alone in re-evaluating its ability to prevent insiders from exposing its secrets. Still smarting from Army Pfc. Bradley Manning's unauthorized disclosure of classified information to Wikileaks, the Army last month established an Insider Threat Program, in response to a 2012 White House directive.

Just how useful this hunt for potential leakers will be remains to be seen. The kinds of behavior military and intelligence agencies will be using to flag potential threats appears to be broad enough that false positives might be a problem. As noted by Steven Aftergood, who tracks government secrecy at the Federation of American Scientists' Secrecy Blog, Defense Information Systems Agency training materials suggest that an employee who "speaks openly of unhappiness with U.S. foreign policy" might merit watching.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
NickyHelmkamp
50%
50%
NickyHelmkamp,
User Rank: Apprentice
9/3/2013 | 8:32:57 PM
re: NSA Cuts 90% Of System Admin Jobs
InterWorx included this article in their Monthly Round Up for August: http://www.interworx.com/commu.... Thanks for the awesome content Thomas!
bkosh
50%
50%
bkosh,
User Rank: Apprentice
8/14/2013 | 9:28:37 PM
re: NSA Cuts 90% Of System Admin Jobs
I agree with Charlie, there seemed to be something off about this, either the guy is A: crazy or B: undone. Probably the latter. The NSA is obviously doing most everything wrong security wise while the FBI showed at Black Hat they are doing most everything right. Perhaps inter-agency cooperation?
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
8/14/2013 | 12:38:03 AM
re: NSA Cuts 90% Of System Admin Jobs
There's no time element to the NSA director's statement. He was going in Monday morning and firing 900 system admins, or he was establishing the goal, to be executed over several years, of reducing the number. If the latter, than Keith Alexander was expressing the secret wish of every CIO from Maine to Mexico. Move toward automated IT operations, reduce the number of people dedicated to keeping machines running.We have a fragment of reporting on a jaded, politicized administrator caught in the public spotlight. I don't know which he meant. Charlie Babcock
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
8/13/2013 | 12:33:40 PM
re: NSA Cuts 90% Of System Admin Jobs
I was also surprised that substantial leaks hadn't come out earlier. But I don't think that many people would take all the risks Snowden has (just look at his ordeal with trying to get temporary asylum), knowing that they could be slammed with an espionage charge and that they would have a difficult time seeking asylum in another country.
D. Henschen
50%
50%
D. Henschen,
User Rank: Apprentice
8/13/2013 | 3:30:28 AM
re: NSA Cuts 90% Of System Admin Jobs
You read my mind, here, Smail, but I tend to agree with MyW0r1d that it's a senior-level, knee-jerk reaction that's more likely going to lead to administrative gaps, delays in service and problems. Even government agencies wouldn't be so overstaffed that they could survive such drastic cuts without impacts -- would they? At the very least the surviving 10% would revolt
SmailB826
50%
50%
SmailB826,
User Rank: Apprentice
8/13/2013 | 12:49:36 AM
re: NSA Cuts 90% Of System Admin Jobs
If you can operate with 1/10 the network admins that you had yesterday what does this say about your management of your operation?

Seriously, any place that can fire 900 out of 1000 admins and still function is about to be a major mess or was an expensive daycare for IT people.

Can our government do ANYTHING right? They don't even know how to downsize credibly...
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
8/12/2013 | 8:52:33 PM
re: NSA Cuts 90% Of System Admin Jobs
Agree with Cara-- seems like a sort of desperate reaction. That said, when the leaks hit, I was surprised that this level of sensitive data was available to a contractor such as Snowden in the first place. Career government people? Sure. But that a contractor could see the whole scope and scale of the surveillance program-- not the kind of system I would have guessed. Upon learning that someone of Snowden's status had access to the content, I was doubly surprised, given the wildly divisive nature of the project, that substantial leaks hadn't been come out earlier.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
8/12/2013 | 5:04:47 PM
re: NSA Cuts 90% Of System Admin Jobs
Barn door, meet horse. On the plus side, Top Secret clearances are expensive to issue and maintain. Funneling some of that money to automation should help.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
8/12/2013 | 5:01:40 PM
re: NSA Cuts 90% Of System Admin Jobs
Edward Snowden's actions, whatever else they may be, amounted to a security audit that found NSA IT security policies lacking. Getting rid of IT people won't make those policies more robust.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
8/12/2013 | 3:29:01 PM
re: NSA Cuts 90% Of System Admin Jobs
Typical Fed.Gov. senior management reaction in an attempt to deflect attention from the real cause, failure in the hiring process compounded by poor personnel management (maybe Snowden just needed someone to listen seriously to his concerns to mitigate his actions). It will be interesting to know if those individuals are reassigned other duties or layed off, but whatever the case if you can even consider doing without 90% of your staff you have been almost criminally overstaffing. Overdependency on automation will almost certainly create more service outage as human discretion to intervene is removed (the human desire and success to find ways to circumvent automation is proven).
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.