N.S.A. Leak Puts Focus on System Administrators

[InfoSec News <alerts () infosecnews org>]

http://www.nytimes.com/2013/06/24/technology/nsa-leak-puts-focus-on-system-administrators.html

By Christopher Drew and Somini Sengupta
The New York Times
June 23, 2013

Edward J. Snowden, the former National Security Agency contractor who 
leaked details about American surveillance, personifies a debate at the 
heart of technology systems in government and industry: can the I.T. staff 
be trusted?

As the N.S.A., some companies and the city of San Francisco have learned, 
information technology administrators, who are vital to keeping the system 
running and often have access to everything, are in the perfect position 
if they want to leak sensitive information or blackmail higher-level 
officials.

“The difficulty comes in an environment where computer networks need to 
work all the time,” said Christopher P. Simkins, a former Justice 
Department lawyer whose firm advises companies, including military 
contractors, on insider threats.

The director of the N.S.A., Gen. Keith B. Alexander, acknowledged the 
problem in a television interview on Sunday and said his agency would 
institute “a two-man rule” that would limit the ability of each of its 
1,000 system administrators to gain unfettered access to the entire 
system. The rule, which would require a second check on each attempt to 
access sensitive information, is already in place in some intelligence 
agencies. It is a concept borrowed from the field of cryptography, where, 
in effect, two sets of keys are required to unlock a safe.

[...]

_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org