Advertisements
The Latest:

Clueless in Washington: NSA had no data on number of employees with access to download top secret data prior to Snowden leak

(National SentinelEspionage: As technologically advanced as our intelligence community is, a new report has found that our preeminent foreign surveillance wing had no data on how many of its employees and contractors had sufficient clearance to download our nation’s most sensitive secrets prior to the biggest compromise of data in recent history

As reported by the Washington Free Beacon, before former National Security Agency contractor Edward Snowden’s historic breach, a recent declassified August report from the Department of Defense’s Office of Inspector General also found that the NSA was unable to meaningfully slash the number of officials with “privileged” access its most sensitive databases.

The report, which was heavily redacted, was obtained via a Freedom of Information Act lawsuit by The New York Times.

The Free Beacon noted further:

The agency struggled to achieve the mandated reductions because it had no idea how many employees or contractors were designated data transfer agents or privileged access users prior to the leaks.

NSA officials told the inspector general they lost a “manually kept spreadsheet” that tracked the number of privileged users after receiving multiple requests from the inspector general to provide documents identifying the initial number. The lapse made it impossible for the agency to determine its baseline of privileged users from which reductions would be made.

The report said the NSA then “arbitrarily removed” privileged access from users, who were told to reapply for the authorization. While this enabled the agency to determine how many personnel were granted special access, the NSA still had no way of measuring how many privileged users had lost the clearance.

The inspector general said the NSA should have used this new baseline as a “starting point” to reduce privileged users instead of using the number to declare a reduction in those personnel.

In the case of data transfer agents, the NSA’s “manually kept list” tracking the number of officials authorized to use removable devices, such as thumb drives, to transfer data to and from the agency’s servers was “corrupted” in the months leading up to the Snowden leaks, the report said.

Without a baseline to measure potential reductions, the NSA then mandated data transfer agents to reapply for the authorization. Again, though this allowed the agency to determine how many personnel were given the authority, the NSA still had no way of gauging how many reductions were made, if any.

This isn’t the first government report that puts the NSA in a negative light over Snowden and access to sensitive files. In December, NationalSecurity.news reported that both the NSA and the Central Intelligence Agency. Citing a declassified congressional study, the report further noted that Snowden’s theft and disclosure of some 1.5 million documents most definitely harmed U.S. national security.

What all of this shows more than anything is that the intelligence community has grown so large and so autonomous that neither internal or external oversight (the latter via Congress) is sufficient enough to check and prevent the loss of huge amounts of highly sensitive data.

When you’re the nation’s foremost foreign intelligence agency and you have no idea how many people have access to your most sensitive information, that’s a big, fat red flag warning that data loss will happen again.

You know, like it did just recently with Reality Leigh Winner’s breach.

Advertisements

Have something to say?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: