Future Snowden hunt starts with audit of NSA spooks' privileges
No more sudo cp -R * /dev/DVD
The National Security Agency (NSA) has decided it really needs to catch the next Edward Snowden before he turns whistleblower/traitor (strike one according to your political orientation).
According to this memo (PDF) from Carol Gorman, an assistant inspector general in the Department of Defense's Readiness and Cyber Operations, an audit is going to ask whether too many individuals have privileged access to NSA computers.
In the memo, Gorman says the audit begins this month, to check whether the NSA's initiatives since Snowden “are effective to improve security over its systems, data, and personnel activities”.
Gorman wants to know whether the NSA's procedures and technical controls would prevent a repeat of the disclosures, whether they limit privileged access to systems, and whether the agency is able to monitor privileged user actions for “unauthorised or inappropriate activity”.
As well as NSA offices and locations, Gorman flags that the audit “may identify additional locations”, presumably putting the NSA's external contractors on notice.
Nextgov notes that since 2013, the agency has implemented a two-person policy mandating that nobody can read or move sensitive information without someone else present. It's also added a digital audit trail to data entering its systems, identifying where it came from and who is authorised to view it.
The full instructions for the audit are in a classified annexe to this year's Intelligence Authorisation Act. ®