SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    NSA Had NFI About Opsec: 2016 Audit Found Laughably Bad Security
Date    Tuesday June 20 2017, @06:43PM
Author    Fnord666
Topic   
from the do-as-I-say dept.
https://soylentnews.org/article.pl?sid=17/06/20/1335242

Phoenix666 writes:

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws.

It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector General report, first obtained by the New York Times, finds everything from unsecured servers to a lack of two-factor authentication.

The formerly-classified review (PDF) was instigated after Snowden exfiltrated his million-and-a-half files from August 2012 to May 2013.

"NSA did not have guidance concerning key management and did not consistently secure server racks and other sensitive equipment in the data centers and machine rooms" under its "Secure-the-net" initiative, the report says.

Data centre access is supposed to be governed by two-person access controls, the report notes, and the rollout of 2FA to "all high-risk users" was incomplete at the time of writing.

The agency had too many users with admin privileges, the report continues, they're insufficiently monitored, and the NSA had not cut the number of agents authorised to carry out data transfers.

Giving the NSA more funding could probably fix it.


Original Submission

Links

  1. "Phoenix666" - https://soylentnews.org/~Phoenix666/
  2. "Second-rate opsec remained pervasive at the United States' National Security Agency" - https://www.theregister.co.uk/2017/06/20/nsa_dragged_feet_on_securing_its_systems_audit_found_in_2016/
  3. "cuff Reality Winner" - https://www.theregister.co.uk/2017/06/06/contractor_leaked_russians_hacking_election_systems/
  4. "obtained" - https://www.nytimes.com/2017/06/16/us/politics/nsa-data-edward-snowden.html
  5. "PDF" - https://assets.documentcloud.org/documents/3863426/Savage-NYT-FOIA-DOD-IG-Report-Post-Snowden-NSA.pdf
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=20858

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, NSA Had NFI About Opsec: 2016 Audit Found Laughably Bad Security on 2024-06-13 20:22:15