NSA to implement 'two-man rule' in wake of Snowden leak

The access that IT staff has to confidential information – including third parties who work on contract, like Snowden – presents a previously unconsidered security risk, security experts said. Right now, “the scariest threat is the systems administrator, [who] has godlike access to systems they manage,” said expert Eric Chiu, president and founder of HyTrust, speaking to the New York Times.

To combat the issue, considering that eliminating system administrators is impossible, the NSA will begin requiring that a second person approves any attempt to access sensitive information. The Times characterizes it as the equivalent of requiring two sets of keys to unlock a safe.

According to the director of the NSA, Gen. Keith Alexander, the agency has 1,000 system administrators who will no longer have unchecked access to the entire system.

Many applauded the move. “There are all kinds of things in life that have two-man rules,” said Dale W. Meyerrose, a former chief information officer for the director of national intelligence, the Times reported. “We’ve had a two-man rule ever since we had nuclear weapons. And when somebody repairs an airplane, an engineer has to check it.”

Others, though, stressed that thorough vetting of staff should remain the primary goal. “Wouldn’t it be easier to scrub all your I.T.’s for security issues,” said John R. Schindler, a former NSA counterintelligence officer, “and see if there is another Snowden?”

The plan comes as the fate of Snowden remains uncertain. Russian President Vladimir Putin confirmed Tuesday that the leaker had arrived in the country from Hong Kong, and is ensconced in the transit zone of Sheremetyevo International Airport. Putin also said that Russia has no plans to hand Snowden over – much to the frustration of US officials. Snowden, he added, is a “free man” who has the right to come and go as he pleases.

IT-related government leaks are in the spotlight at the moment: Pfc. Bradley Manning is entering week four of his court martial trial, for releasing more than 700,000 classified government documents to the WikiLeaks site. He faces a range of offenses, such as communicating national defense information to an unauthorized source, and aiding the enemy, a capital offense. Prosecutors said they would instead pursue a lifetime sentence for the latter.

In 2009 and 2010, Manning smuggled out several SD disks with reams of classified information, including contents of Significant Actions files, or SigActs, which detailed military actions on the ground in both Iraq and Afghanistan. It is the single largest breach of classified information to date.

What’s hot on Infosecurity Magazine?