http://www.informationweek.com/security/privacy/nsa-tests-it-access-control-restrictions/240156948
By Mathew J. Schwartz
InformationWeek.com
June 19, 2013
The National Security Agency (NSA) is studying new information security
policies and technology to help the agency prevent future leaks.
Testifying before the House Intelligence Committee Tuesday, NSA director Gen.
Keith Alexander said that measures under consideration include requiring two
people, with comparable levels of authority and experience, to be present
before any highly sensitive data can be accessed, even if only for systems
administration purposes.
In his testimony, Alexander defended the agency's surveillance programs -- with
names such as Mainway, for traffic analysis of cell phone calls; Prism,
recording Internet-borne audio, email and video; Marina, for Internet traffic
analysis; and Nucleon, for telephone content interception -- in the wake of
details of the programs being leaked earlier this month by Edward Snowden.
While employed by Booz Allen Hamilton, Snowden worked as a contract NSA systems
administrator. He wasn't unique; the agency relies heavily on IT contractors
who hold top-secret clearances, as Snowden did. In fact, Alexander told the
committee that about 1,000 of the agency's contract employees serve as systems
administrators.
Now, however, Alexander said the agency is investigating whether it can use
technology to automate more systems administrator responsibilities. Another
proposal the NSA is considering to safeguard agency secrets against rogue
employees is to put in place the two-man rule, which would require at least two
people to be present before systems containing sensitive data could be
accessed. The technique is already used to safeguard nuclear launches -- as
portrayed in movies such as WarGames and The Hunt For Red October -- as well as
to physically secure access to some types of sensitive information or systems.
But according to information security experts, it's rarely used, because the
technique slows down even routine tasks.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
