Slashdot Mirror
Inspector General Says NSA Still Hasn't Implemented Its Post-Snowden Internal Security Measures (techdirt.com)
An anonymous reader quotes a report form Techdirt: In the immediate aftermath of an NSA contractor springing numerous leaks back in 2013, the NSA vowed this would never happen again. It has happened again and it hasn't just been documents. It's also been software exploits, which contributed to a worldwide plague of ransomware. The NSA was going to make sure no one could just walk out of work with thousands of sensitive documents. It laid out a plan to exercise greater control over access and fail safe procedures meant to keep free-spirited Snowdens in check. The NSA is the world's most powerful surveillance agency. It is also a sizable bureaucracy. Over the past half-decade, the NSA has talked tough about tighter internal controls. But talk is cheap -- at least labor-wise. Actual implementation takes dedication and commitment. The NSA just doesn't have that in it, according to a recent Inspector General's report: "The nation's cyber spy agency is suffering from substantial cyber vulnerabilities, according to a first-of-its-kind unclassified audit overview from the agency's inspector general released Wednesday. Those vulnerabilities include computer system security plans that are inaccurate or incomplete, removable media that aren't properly scanned for viruses, and an inadequate process for tracking the job duties of National Security Agency cyber defenders to ensure they're qualified for the highest-level work they do, according to the overview."
NSA continues to spy on the rest of the world, with the help of 5 eyes countries. 5 Eyes countries are protected by 'agreements'. Agreements like 'trade-agreements', are not enforceable when dealing with a bad-actor. If he won't abide by trade-agreements, why would him and his boss in Moscow abide by no-spy agreements?
https://www.usatoday.com/story/news/2017/01/26/report-arrested-russian-intel-officer-allegedly-spied-us/97094696/
This is what happened to US spies, 6 days after Trump got to power, and got access to the unredacted names of the spies mentioned in the pee pee memos, he passed the names over to Putin as revenge:
"A senior Russian intelligence officer and cybersecurity investigator arrested last month on treason charges allegedly was passing information to U.S. intelligence services, according to Russian media outlets. Sergei Mikhailov, who worked for the FSB, the successor to the KGB, was arrested in December, along with Ruslan Stoyanov, a top manager for Russia's largest cybersecurity firm, according to the economic newspaper Kommersant. Stoyanov was also charged with suspicion of treason. In addition, two other people, including Major Dmitry Dokuchaev, also an FSB officer, were arrested in connection with the case, according to Russia's REN-TV. The fourth person was not identified."
Once you start stripped away the privacy protections and replace checks and balances with faith and trust, it only takes one bad actor in the right position to undermine the whole system. One foreign puppet and that's all it takes to flip a nation. Because the nation already did the work needed, and they'll always be people who'll sell out their country in pursuit of their party flag. Fox News (Hannity-Cohen payments), One America News (old man Robert Herring invited to Russia, married a hot sexy Russian woman and turned his news network into a pro-Russia fluff cable network) etc, etc,.
You let NSA spy on everyone on a promise not to look at some of the data, and then you put someone above them who always lies, has dodgy foreign friends, and never keeps promises.
Seeing what I have seen in regards to security vulnerabilities reported to institutions and the general paralysis that ensues when anyone brings up real security in just about any organization...none of this surprises me...at all. In fact, I would have predicted nothing would be done, especially given the tell where the institution focuses on a single perpetrator or incident when in fact that is not at all the problem. When their security sucks, and they don't get it and can't fix it because they suck, they spin the focus on Snowden or whatever evil hacker dujour.
I object to power without constructive purpose. --Spock
“The nation's cyber spy agency is suffering from substantial cyber vulnerabilities .. removable media that aren't properly scanned for viruses”
:]
Jesus tapdancing Christ on rollerskates, the FSB must be laughing into their soup
The NSA and other gov agencies just don't pay enough for your laundry list. Working for "God and country" doesn't fit with the US capitalism idea very well. They are on the low end of almost all salary ranges; and that is BEFORE you eliminate about 95% of the potential people with your list.
What does "politics" or "faith group" even mean in your post? Many would point to a good chunk of our currently elected lawmakers in the Federal government who are associated with Dominion theology, "end timers", and other now-deeply ingrained ideals. Are you wanting non-political persons only? According to the Eastern Orthodox church, every Christian religious group that is associated with the Baptists is considered a "heretical cult". One third of the current US population doesn't believe anything the US intelligence agencies say about foreign politics and blindly believes anything Trump says, another third think his actions are nearly treasonous, so the idea of a "political litmus test" is a very tricky barrier; and is probably illegal anyway (there are Supreme Court cases around this). We currently have POTUS staff who are potentially (I say this because there has yet to be hearings, trials, or such) in violation the Hatch Act, so even the very top of this food chain is contaminated.
If you define a "criminal past" as the FBI does, that only eliminates around 29% of the US population. If you take it further, and cull out anyone with any negative relations with law enforcement, including non-felonies, then it's more like half of black males and almost 40 percent of white males. Combined with the low pay, and one ends up in the position we are currently in: not enough people to do the job.
While I understand what your getting at, your idea would require a huge, non-partisan overhaul of the underlying "security form" system. We can't even manage to approve money to have a plan to secure our elections in any meaningful way, and your idea goes directly against the ideals of the current administration and many elected officials. They want people who believe in the scourge of the "Deep State", not people who are willing to go work for the Deep State...by which I define "deep state" as the unelected bureaucratic apparatus that keeps the government functional in it's day-to-day workings. Many of the appointed Cabinet heads have publicly said they want to dismantle the bulk of the Federal government, so good luck finding anyone that fits your list who is willing to take home 80% of the average wage for their position.
Given that low level people can access info beyond their pay grade, I'd assume spies are everywhere within the system.
If Snowden exposed anything - it's how poor the security is and that people could easily steal data and give it to foreign governments. Should the person desire to do that of course.