Declassified report: NSA didn't learn Snowden lessons - open to insiders

News by Max Metzger

A declassified report has slammed the NSA for not fully implementing the recommendations given to the agency after the Snowden leaks.

The US government has not learnt the lessons that Snowden so bitterly taught it according to a newly declassified report from the inspector general of US Department of Defense (DoD).

 The August 2016 report was released to New York Times reporter, Charlie Savage after a Freedom of Information request. The 60-page report, much of which is redacted, details several security failures that could leave the National Security Agency open to another insider compromise.

 The Snowden leaks uncovered the US' international and domestic surveillance operations, revealing to the world the innermost secrets of one of the largest global espionage organisations. In the wake of the leak, the NSA attempted to implement various ‘Secure-the-Net' initiatives to increase the security of the agency and prevent another Snowden from appearing.

The Inspector General's report finds that the agency failed to implement several of these security initiatives.

The agency did not secure sensitive equipment in its data centres and machine rooms, contravening requirements. Nor did it implement “two factor authentication controls for high-risk users.”

Perhaps most damning, and germane to the Snowden leaks, is that NSA officials did not properly put in place technology that might oversee privileged user activities or reduce the number of those users.

The report recommends an overhaul of the NSA's system administration models including two-stage authentication for system administration and two-person access controls over data centres.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews