NSA instigates security measures to hamper future whistleblowers

NSA instigates security measures to hamper future whistleblowers

Summary: A new "two-man rule" will be put into place to stop administrators from having access to entire governmental systems.

TOPICS: Security
snowden nsa two man system national security buddy
Credit: Screenshot via The Guardian

Former NSA contractor Edward J. Snowden, currently on the run, has set a precedent which may hamper future whistleblowers in the United States.

Once the now-fugitive leaked details about surveillance on American citizens to the media, Snowden went on the run — moving from Hong Kong to Russia over the weekend — and is expected to attempt to reach Cuba. The U.S. government has revoked his passport and warned other countries not to help the former contractor on his international travels, predictably using political weight to try and bring the whistleblower to heel and back on American soil.

The former Booz Allen Hamilton contractor leaked information about the controversial PRISM data mining scheme to U.K. publication The Guardian, where the story was quickly picked up by media outlets worldwide. Now charged with espionage, theft and conversion of government property, whether or not Snowden manages to board a connecting flight and make it to Ecuador where he has applied for asylum remains to be seen.

There is something ironic about exposing spying in order to be charged with espionage. However, as reported by The New York Times, the situation plunges deeper than including only one individual. Not only has Snowden left an enraged, sleep-deprived government in his wake, but he may be the cause of future headaches for the next generation of IT staff.

The situation between Snowden and the National Security Agency has placed scrutiny on information technology and system administrators worldwide. These IT staff are required to keep systems functional and working smoothly, and so often have unrestricted access to every part of a network.

As 'super users,' system administrators do not always possess relevant security clearance, but are able to access files from a network's root, complete with full privileges.

However, if you have an axe to grind, this responsibility also hands you all the tools and data you need on a plate — something the NSA is determined to stop from happening again.

In a television interview on Sunday, NSA director Gen. Keith B. Alexander acknowledged this issue, and has outlined plans to boost the security of networks containing sensitive information. The agency is soon to institute a "two-man rule" which would stop the institution's 1,000 system administrators from having complete freedom over a system. Instead, a second check will be required before sensitive information is accessed.

Some agencies already have implemented similar systems, which are comparable to a safe that needs two keys to unlock. However, the concept is not just present in cryptography; instead, other industries also use the system as a safety measure. When a plane is repaired, another engineer is required to pass the vehicle — and the nuclear industry also makes use of similar checks. Now it seems security will also be tightening in the digital field. Eric Chiu, president of computer security firm Hytrust, told the publication:

"The scariest threat is the systems administrator. The systems administrator has godlike access to systems they manage."

Software could also be used to monitor staff access, but a good systems administrator is likely to be able to circumvent such checks. In addition, some U.S. officials argue that more thorough employee vetting protocols are the best long-term solution to stop rogue IT members of staff slipping through the net.

However, even with additional security measures being taken, it's unlikely to prevent whistleblowers from eventually reaching their goals. Chris Simkins, the former Justice Department counterespionage lawyer, commented that it is "more difficult than it sounds" to keep confidential information from being leaked.

"At the end of day, there's no way to stop an insider if the insider is intent on doing something wrong. It's all about mitigating."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And

    They are ordered to terminate each other on signs of suspicious activity!

    I've seen Person of Interest!!
  • Freedom on the Rocks - Federal Tyranny versus Terrorism

    The depth of connections between high-tech corporate America and the NSA is not being fully revealed; we’re being lied to daily.

    If you want to know what’s REALLY going and with all your personal data and what the NSA’s goal is, read this:

  • The rule makes sense

    Regardless of whether Snowden did the right thing, this incident has exposed a weakness in the system that needs to be addressed. But this will make it harder for system administrators in both government and private industry to do their jobs.

    For every stupid rule, there's a stupid idiot that made it necessary.
    John L. Ries
    • Not only that

      But can't the "two people" simply collude and do it together, doing even further damage? Needs to be more technical controls in place and more scrutiny on contractors and employees to make sure these sensitive, private and business/personal/government materials that are deemed as truly sensitive and private don't get exposed like this. Makes everybody look very bad and in fact incompetant.
    • The rule does not work as modeled

      I have worked in a two-man IT related process before. For simple efficiency, not dishonesty, but just in order to get things done in a timely maner, both of us knew each other's passwords and could be 'both men' when needed. Of course, we did trust one another, but one supposes that Snowden was also trusted before he did what he did.
    • Sense my foot!!!

      On the one hand the incident has revealed in spades significant errors in "trust" where there should be no room for error - so the agency has become fully politicized - now is not time for knee jerk (pun intended) rules, but a complete overhaul. The saddest part is that on up the "leadership chain" there is no evidence of either understanding nor of integrity... So, on that basis many believe disbanding is the only effective solution.
      It seems we have sunk to a point where every political whim wants to use the term "national security" as a barrier to hide behind instead of exercising some gray matter for a change.
  • Criminals and traitors always learn how to cover up the evidence.

    NSA is nothing but a terrorist organization run by criminals and traitors.
    Close the NSA and either deport or imprison every employee.
    Reality Bites
  • Two people, two keys

    Just like when firing a nuclear-armed missile. Irony?
    Rabid Howler Monkey
    • How is that ironic?

      Dual-authorization is used in lots of mainstream business processes. I work in banking IT and it's been used all over the place for years. Why the NSA just thought of this now is the sad part.
      • Perspective: sense of scale and proportion within the U.S. government

        As just one example, dual authorization is supported by some banks for use in online banking. In this case, the banks' commercial customers designate two individuals that must approve ACH and wire transfers. Note, especially, that the customer, through its two designated employees, has a say in the matter of fund transfers.

        Dual-authorization is being used by the U.S. government in an effort to keep U.S. citizens, their customers, in the dark. Just curious, do banks keep their business policies hidden from their customers? U.S. citizens clearly have no say with regard to the collection of their private data and its release to the U.S.government. Thus, for the U.S. government, it's just as important to keep U.S. citizens in the dark as it is to prevent unauthorized launching of a nuclear-armed missile (IMO, the latter IS important to prevent and the former is just plain wrong, or worse, illegal). Thus, irony.
        Rabid Howler Monkey
  • Snowden had insider help

    Anyone blowing a whistle at NSA, IRS or EPA will all suffer the same fate as Michael Hastings Guardian reporter in L.A.

    What the NSA is really worried about is that Snowden did not act alone and that the public will eventually connect the dots and demand to know the where abouts of these other "co-conspirators" of Snowden. That is why they are floating this story that super user has the ability to hack the entire NSA operations. Snowden didn't have this ability. If he did so do their hundreds of other system administrators in the NSA and working for contractors like Snowden. If Snowden could have hacked into the entire operations any foreign operation could have done the same thing. Snowden had other inside help of would be whistle blowers. The NSA doesn't want the public to ask where these other whistle blowers are (just as we know the survivors of Benghazi have been sequestered.) The only way U.S. senators and other officials could "responsibly" call Snowden a felon and saying what sentence he will serve before Snowden has a speedy public trial by a jury of his peers is if he has already been convicted and sentenced by a secret court as his accomplices no doubt already have. That's what the NSA is worried about - not Snowden but that the public connecting the dots will demand a writ of habeas corpus be issued for the unknown whistle blowers that the secret court has already dealt with.
    • Snowden was an insider

      He was a contractor, but these sorts of contractors are really quasi-public employees anyway.
      John L. Ries
  • Whistleblowers aren't bad

    "However, even with additional security measures being taken, it's unlikely to prevent whistleblowers from eventually reaching their goals."

    The author is using the word 'whistleblower' in the wrong context. The whole purpose of a whistleblower is to expose bad behaviors - this makes it sound like they are black hat hackers or terrorists. Sure, it is bad for the company/organization/government that is responsible for the behavior, but it's not for everyone else. Things like this need to be brought to light.
    • What happened?

      Once upon a time in a land far, far away, we protected people who had the courage to report abuse...
    • TOTALLY agree that whistleblowers...

      perform a very useful function, acting as the "conscience" that an organization *should* have, but apparently lacks. Please do NOT relegate whistleblowers to prison, but reward them for exposing where personal or political wishes (or both) have risen above integrity.
  • Down the rabbit hole we go

    It is so ironic it's hilarious. The NSA is worried that it's admins have too much access to information and power!!!! Their concern is not that someone with access might do something nefarious with that access, just that they might let the Public know that the spying network exists?!
    David Beachler
  • That would break about a million policies . . .

    "As 'super users,' system administrators do not always possess relevant security clearance, but are able to access files from a network's root, complete with full privileges."

    That would break about a million policies concerning security clearance and access in most intelligence organizations. I seriously doubt that's actually the case.
  • Snowden is a true patriot.

    Our founding fathers risked everything in order to protect the American people from the human rights abuses of a tyrannical government. Snowden just did the exact same thing. They're all patriots and should be recognized as such. Stop chasing Snowden and give him a medal.

    The crimes of our lying, evil, power-crazed, freedom-abusing government need to be exposed. The government was originally created to protect the people. Now, the government only protects itself and the financial interests of the rich & powerful few who control the government. Snowden only showed us the tip of the iceberg of the government power abuse. Now they're hastily trying to bury the rest of their evil actions even deeper to keep the rest of the iceberg from ever being seen.

    With the crazies running the asylum, I think we're long overdue for a government redesign. We have strayed too far from what this nation once was.
  • As an SA

    I have had direct access to all types of sensitive information i never looked at it! Systems Administrators are placed in a trust relationship with a given company breaking that trust shows a lack of honor and cowardice typical with millenials.
    • So, please tell us, Mr. "perfect"....

      do YOU have the willingness (and honor) to expose wrongdoing within the ranks if you see it, or will you act as a coward and try to protect your job??? (Note used your own words here...)