Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Monday July 30 2018, @06:42AM   Printer-friendly
from the dinky-leaks dept.

NSA has yet to fix security holes that helped Snowden leaks

Edward Snowden's success in leaking NSA data was chalked up in part to the agency's own security lapses, so you'd think that the agency would have tightened up its procedures in the past five years... right? Apparently not. The NSA Inspector General's office has published an audit indicating that many of the Snowden-era digital security policies still haven't been addressed, at least as of the end of March 2018. It hasn't correctly implemented two-person access controls for data centers and similar rooms, doesn't properly check job duties and has computer security plans that are either unfinished or inaccurate.

The audit also showed that the NSA hasn't implemented the latest federal security guidance, doesn't have a complete inventory of its IT framework and isn't gathering all the documentation it needs before it gives a computer system the go-ahead. And while Snowden didn't rely on malware, the NSA isn't thoroughly scanning for viruses on USB thumb drives and other removable media.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by progo on Monday July 30 2018, @08:35AM (1 child)

    by progo (6356) on Monday July 30 2018, @08:35AM (#714651) Homepage

    NSA's automated IT security and standard operating procedures and policies maybe can't be made any more draconian than they were in Snowden's time unless you want to prevent any work from actually getting done.

    You can work on building trust and trustworthiness among employees, but you can never check a box that says that trust is working perfectly.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  

    Total Score:   3  
  • (Score: 2) by JoeMerchant on Monday July 30 2018, @09:51PM

    by JoeMerchant (3937) on Monday July 30 2018, @09:51PM (#714961)

    I'd say: the hell they haven't fixed the Snowden problem. The solution has been known for centuries, the old movie "Master and Commander" has a good demonstration of how to keep discipline: fear. Fear of punishment. Terrible, possibly life ending punishment. Terror, if you will, that's how you keep security tight: scare the living shit out of everybody in sight, fear will keep them in line.

    Nope, never perfect, and in a soft, cushy, giant faceless machine like the NSA they really should be using something else, because that terror model doesn't scale well beyond about 200:1 ratio between the terrorized and the terrorists, tight IT security should cost a lot less than 0.5% of total productivity.

    While I was working in a "sensitive" but not even secret organization, we'd get annual security briefings from the FBI - they'd come in and give the speech about how the enemy thinks differently and we shouldn't be sharing information un-necessarily with people who don't need to have it. They even ran post-lecture undercover tests - some guy wearing an absurd pink polo shirt walking a pansy dog just wanders into our lobby and starts asking technical questions about our product a few days after the briefing - jeez guys, can't you even wait 6 months to see if the training stuck, and maybe be a little less obvious with your leak testers?

    --
    🌻🌻 [google.com]