Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Military Will Soon Begin Testing NSA's New, Post-Snowden Security Measures (dailydot.com)

Posted by samzenpus on from the knocking-on-the-wall dept.

Patrick O'Neill writes: The U.S. military will closely review the NSA's security measures as concerns mount that foreign adversaries and independent hackers are targeting the American government in cyberspace. "We will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity," Carol Gorman, the Pentagon's assistant inspector general, wrote in the letter.

10 of 72 comments (clear)

  1. Post-Snowden NSA by DrYak · · Score: 5, Insightful

    Indeed, if a lone consultant like E. Snowden could pull such a leak, one can imagine what entities with far more resources and know-how (like the Russian FSB / former KGB) have been doing for years.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Post-Snowden NSA by Anonymous Coward · · Score: 3, Interesting

      No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need. You have to create an environment of professionalism where people don't share passwords. You monitor access logs. You know, the things that competent corporate IT usually does already.

      To stop someone like Snowden you just have to have adopted best practices (like the Real World) uses instead of a cowboy attitude towards security (like the NSA).

    2. Re:Post-Snowden NSA by shawn2772 · · Score: 5, Insightful

      No, to stop someone like Snowden you don't need an absolute dictatorship. You need to restrict access to systems so that employees only have access to the things they need.

      That won't work if you're doing things that are morally outrageous, because employees that need access do need access, and if one of them develops a conscience there's no way you can stop them from sharing the information. With draconian measures you can make it hard for them to extract solid proof, but that's all you can do, and that's very hard.

      You know, the things that competent corporate IT usually does already.

      LOL. In 20 years in the business, what I've seen is that almost no corporate IT departments are competent to secure their own data.

    3. Re:Post-Snowden NSA by penguinoid · · Score: 4, Insightful

      Personally, I'm totally Snowden-proof, and I don't have a fraction of the resources of the NSA. To stop someone like Snowden, all you need to do is stop committing tons and tons of crimes.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    4. Re:Post-Snowden NSA by vux984 · · Score: 3, Informative

      Whoosh.

      You missed his point entirely.

      a) His point is Snowden wouldn't compromise his trust in the first place, because he's not committing and concealing tons of crimes.

      b) His point is that even if Snowden did compromise him, and leaked his activities... well ... it would be an uninteresting list that practically nobody would care about it.

      As he said, he is *SNOWDEN* proof. He is not *hacker proof*.

    5. Re:Post-Snowden NSA by nine-times · · Score: 2

      It's easier for someone without those "resources" to do such a thing because they can't be picked out from the crowd. Snowden didn't have any red flags in his life to be singled out...

      Right, Snowden didn't have any huge red flags indicating that he was a security concern. Whereas Russia always makes sure their spies are very clearly spies and have tons of red flags indicating that.

      ... making any to match him would mean not trusting anyone. To stop someone like him you'd have to live in an absolute dictatorship with censored media and summary executions.

      Here's the interesting thing, though: you're talking about a security agency that taps our phone calls and reads our emails because they don't trust anyone. So what are they doing trusting people? How did some random independent contractor have so much access and so little oversight that he could pull all of this information without raising red flags? And if they aren't able to secure all this information, they maybe they shouldn't be creating and consolidating it all into a single easy-to-search system.

      The most ironic part of your post is the suggestion that there needs to be an oppressive regime in order to stop Snowden, but Snowden did what he did in response to what he considered to be dangerous, corrupt, and potentially oppressive behavior by the government. You don't need a dictatorship to stop Snowden, but you need an open and free society to prevent Snowden from becoming a thing. To stop him, you just need to stop giving random people full admin access to your super-secret nefarious surveillance systems.

  2. As Mr. Franklin said... by olsmeister · · Score: 5, Insightful

    Three people can keep a secret... if two of them are dead.

  3. Re:Errr...thanks? by gtall · · Score: 2

    Yep, coming up with new security controls, testing them internally for coverage, re-engineering them for holes should take...what...about an afternoon for you?

  4. No it was a Black Hoodie by laurencetux · · Score: 2, Funny

    he normally wore a Black hoodie with a parody NSA logo done by the EFF

    and kept a copy of the constitution ON HIS DESK

    and nobody thought to check if this guy was going "Off The Rez"??

  5. Re:Errr...thanks? by internerdj · · Score: 3, Insightful

    Welcome to the US. When something needs to be done politically then today is too late. Doing it correctly is never as important as doing something now. If we go through the proper process, the voters won't remember why it was a political success.