NSA Cuts 90% Of System Admin Jobs

National Security Agency pursues automation to limit insider threats in wake of Snowden incident. Some experts doubt that's the answer.
The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
In an effort to reduce the risk of unauthorized leaks, the National Security Agency plans to eliminate most of its system administrator positions.

Reuters on Friday reported that Keith Alexander, director of the NSA, speaking in a panel discussion at the ICCS 2013 security conference in New York, said that the agency "is reducing our system administrators by about 90%" and that employing technology in place of people will make the agency's data and network more secure.

The NSA did not immediately respond to a request to confirm the report and to clarify whether affected system administrators are being laid off or assigned different responsibilities. According to Reuters, the NSA employs about 1,000 system administrators.

[ Are government info demands driving some companies to close? Read Lavabit, Silent Circle Shut Down: Crypto In Spotlight. ]

The efficacy of the move was immediately questioned. "NSA to turn 90% of its system administrators into disgruntled former employees," quipped Wired investigations editor Kevin Poulsen via Twitter. "That will surely end leaks."

The NSA's purge of system administrators follows a series of unauthorized disclosures by a former IT contractor, Edward Snowden, that sparked unprecedented political debate in the U.S. and abroad about the scope and legality of U.S. surveillance powers and adequacy of oversight mechanisms.

Alan Kessler, CEO of Vormetric, a data security company, doesn't see a headcount reduction as the optimal way of dealing with insider threats. "It's not the quantity of system admins," he said in a phone interview. "It's what they can do, because it only takes one." He suggests it is better to prevent systems administrators from being able to access sensitive data. "You need to give them just enough information to do their jobs," he said.

Kessler also pointed out that insider threats are not always deliberate, noting that phishing emails to employees can turn oblivious insiders into the source of a breach.

U.S. authorities are seeking to arrest Snowden, who has been granted temporary asylum in Russia. They refuse to consider him a whistleblower, someone who sought to expose illegal activity for the benefit of the public, insisting the NSA's surveillance is lawful.

On Friday, The Guardian, the U.K. news organization through which much of Snowden's leaks have been presented to the public, revealed still more details about NSA surveillance. The paper reported that an undisclosed rule change gives the NSA legal cover to search through the email and phone calls of U.S. citizens without a warrant, a claim that calls into question assurances by government officials that the communications of U.S. citizens are not being deliberately collected.

The NSA is not alone in re-evaluating its ability to prevent insiders from exposing its secrets. Still smarting from Army Pfc. Bradley Manning's unauthorized disclosure of classified information to Wikileaks, the Army last month established an Insider Threat Program, in response to a 2012 White House directive.

Just how useful this hunt for potential leakers will be remains to be seen. The kinds of behavior military and intelligence agencies will be using to flag potential threats appears to be broad enough that false positives might be a problem. As noted by Steven Aftergood, who tracks government secrecy at the Federation of American Scientists' Secrecy Blog, Defense Information Systems Agency training materials suggest that an employee who "speaks openly of unhappiness with U.S. foreign policy" might merit watching.

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading