N.S.A. Leak Puts Focus on System Administrators

Share with others:


Print Email Read Later

Edward J. Snowden, the former National Security Agency contractor who leaked details about American surveillance, personifies a debate at the heart of technology systems in government and industry: can the I.T. staff be trusted?

As the N.S.A., some companies and the city of San Francisco have learned, information technology administrators, who are vital to keeping the system running and often have access to everything, are in the perfect position if they want to leak sensitive information or blackmail higher-level officials.

"The difficulty comes in an environment where computer networks need to work all the time," said Christopher P. Simkins, a former Justice Department lawyer whose firm advises companies, including military contractors, on insider threats.

The director of the N.S.A., Gen. Keith B. Alexander, acknowledged the problem in a television interview on Sunday and said his agency would institute "a two-man rule" that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system. The rule, which would require a second check on each attempt to access sensitive information, is already in place in some intelligence agencies. It is a concept borrowed from the field of cryptography, where, in effect, two sets of keys are required to unlock a safe.

From government agencies to corporate America, there is a renewed emphasis on thwarting the rogue I.T. employee. Such in-house breaches are relatively rare, but the N.S.A. leaks have prompted assessments of the best precautions businesses and government can take, from added checks and balances to increased scrutiny during hiring.

"The scariest threat is the systems administrator," said Eric Chiu, president of Hytrust, a computer security company. "The system administrator has godlike access to systems they manage."

Asked Sunday about General Alexander's two-man rule, Dale W. Meyerrose, a former chief information officer for the director of national intelligence, said, "I think what he's doing is reasonable."

"There are all kinds of things in life that have two-man rules," added Mr. Meyerrose, who now runs a business consulting firm. "We've had a two-man rule ever since we had nuclear weapons. And when somebody repairs an airplane, an engineer has to check it."

John R. Schindler, a former N.S.A. counterintelligence officer who now teaches at the Naval War College, agreed that the "buddy system" would help. "But I just don't see it as a particularly good long-term solution," he said.

"Wouldn't it be easier to scrub all your I.T.'s for security issues," he asked, "and see if there is another Snowden?"

The two-man rule "has existed in other areas of the intelligence community for certain exceptionally sensitive programs where high risk was involved," he said, "but it's not a standard procedure."

Mr. Meyerrose and Mr. Schindler both said that software monitoring systems can also help, though they can be evaded by a knowledgeable systems administrator. The biggest issue for government and industry, they said, is to vet the I.T. candidates more carefully and to watch for any signs of disillusionment after they are hired.

"It's really a personal reliability issue," Mr. Meyerrose said.

Insiders of all types going rogue have become a problem for the government and industry over the last decade. One of the most prominent is Pfc. Bradley Manning, who downloaded a vast archive of American military and diplomatic materials from his post in Iraq and gave it to WikiLeaks. But there have been others, including scientists and software developers who stole secrets from American companies where they worked and provided them to China.

Now the spotlight is on the system administrators, who are often the technology workers with the most intimate knowledge of what is moving through their employers' computer networks.

Beyond their store of technical manuals to keep the system running, administrators at intelligence agencies can have access to specific top secret programs without necessarily being cleared for them, like other intelligence agents must be.

If they can get into one part of the network with credentials for what is called "root access," they can get into almost everything else. They are known as the "super user."

Since 9/11, the vast majority I.T. experts in the intelligence world have worked for private contractors, and the Snowden case has set off a new debate about whether the government could have more control of the workers if they were direct employees.

"This is a dirty little secret that's being revealed," said Robert Bigman, a former chief information security officer at the Central Intelligence Agency. "When you log on with a root account, it doesn't know if you're staff employee or a contract employee. It just knows you're root. You're known as a superuser. You have all privileges."

At a New Jersey pharmaceutical firm in early 2011, a former I.T. administrator gained access to the company's system, deleted several files -- including those that tracked customer orders -- and froze the firm's operations for several days, causing $800,000 in damages. Prosecutors called it a revenge attack after the company, Shionogi, announced layoffs. The administrator, Jason Cornish, pleaded guilty in August 2011.

And in 2008, a network administrator for the city of San Francisco named Terry Childs found out that he was about to be laid off and modified the city's network in such a way that only he held the password. He refused to hand it over for 12 days, effectively disabling everything from the mayor's e-mail to the city's payroll records.

Reuters has reported that Mr. Snowden had made many posts anonymously on an online forum, including one in 2010 in which he seemed critical of technology companies cooperating with government surveillance programs.

Mr. Schindler, the former N.S.A. counterintelligence officer, said that while a person's political views are not considered in terms of security clearances, the reviews may need to be expanded to include Twitter posts and other online comments that could yield clues to a job candidate's thinking.

He said the N.S.A. could also do what Soviet officials did after one of their cipher clerks defected in 1945.

"Their response wasn't to crack down on code clerks, but to make them happier," Mr. Schindler said. "They boosted their pay and gave them more reasonable hours, and they got no-knock privileges with the boss to keep them happy."

Mr. Simkins, the former Justice Department counterespionage lawyer, said that it is "more difficult than it sounds" to address threats posed by rogue insiders.

"At the end of day, there's no way to stop an insider if the insider is intent on doing something wrong," he said. "It's all about mitigating."

interact

This article originally appeared in The New York Times.


Advertisement
Advertisement
Advertisement

You have 2 remaining free articles this month

Try unlimited digital access

If you are an existing subscriber,
link your account for free access. Start here

You’ve reached the limit of free articles this month.

To continue unlimited reading

If you are an existing subscriber,
link your account for free access. Start here