The US government has not learnt the lessons that Snowden so bitterly taught it according to a newly declassified report from the inspector general of US Department of Defense (DoD).
The August 2016 report was released to New York Times reporter, Charlie Savage after a Freedom of Information request. The 60-page report, much of which is redacted, details several security failures that could leave the National Security Agency open to another insider compromise.
The Snowden leaks uncovered the US' international and domestic surveillance operations, revealing to the world the innermost secrets of one of the largest global espionage organisations. In the wake of the leak, the NSA attempted to implement various ‘Secure-the-Net' initiatives to increase the security of the agency and prevent another Snowden from appearing.
The Inspector General's report finds that the agency failed to implement several of these security initiatives.
The agency did not secure sensitive equipment in its data centres and machine rooms, contravening requirements. Nor did it implement “two factor authentication controls for high-risk users.”
Perhaps most damning, and germane to the Snowden leaks, is that NSA officials did not properly put in place technology that might oversee privileged user activities or reduce the number of those users.
The report recommends an overhaul of the NSA's system administration models including two-stage authentication for system administration and two-person access controls over data centres.