They often complain about being undervalued, underpaid and overworked. They are the system administrators — those technical workers who toil in small rooms filled with multiple glowing computer monitors and keyboards, managing a constant flow of problem reports when computers aren’t working the way they should be.
But system administrators inside and outside the government may also be too powerful, according to a former NSA official and other intelligence experts. Edward Snowden, the former NSA contractor who leaked thousands of classified documents detailing classified intelligence surveillance programs, should probably never have been granted a top-secret security clearance and operated without the checks and balances other employees at NSA are subject to.
Snowden was “a low-level geek who has turned out to be probably the most consequential spy in American history,” said Joel Brenner, former senior counsel at NSA and a former head of U.S. counterintelligence in the Office of the Director of National Intelligence.
According to Brenner, who spoke Oct. 9 at the Akamai Edge Conference in Washington, D.C., system administrators have become too powerful and often operate under the radar — avoiding detection by data loss prevention tools.
Part of the problem has to do “with the privileged position of system administrators,” Brenner said. “We’ve basically allowed sys admins to destroy compartmentalization,” he said, referring to the process of controlling access to highly sensitive intelligence information to only those who have a need-to-know the information.
NSA Director Gen. Keith Alexander has announced changes to the agency’s policies governing system administrators, including plans to reduce the number of system administrators by automating a large portion of their responsibilities.
But that may not be enough to stop the next Snowden, Brenner said. The other challenge is for agencies and companies to do a better job of vetting their system administrators before granting them access.
“The security clearance process in my view is broken,” Brenner said. “The security clearance process has been farmed out. And the company to which [Snowden’s] clearance was farmed out was derelict.”
Snowden, Brenner said, “is a self-described penetration agent.” A penetration agent is a spy who deliberately infiltrates an organization with the long-term goal of gaining access to and stealing sensitive or classified information.
Espionage has changed dramatically since 9/11, Brenner said. “It’s gone from a retail business to a wholesale business,” he said. And with our dependence on information technology “maybe you don’t need a human spy. Maybe it’s somebody in the CIO’s operation. Maybe’s it’s Snowden,” Brenner said.
“We had this guy in there who I think shouldn’t have been cleared,” he added.
Brenner “has it exactly right,” said Ronald Marks, a senior fellow at The George Washington University Homeland Security Policy Institute and a former CIA officer. NSA had acted upon the so-called “need to share,” but it didn’t deploy adequate controls and monitoring of “the guardians at the gate,” said Marks, referring to Snowden and his job to search for and remove highly classified documents that were being posted on an internal file-sharing site.
“They are the modern version of code clerks,” Marks said. “Yet, they were not treated that way and had access or could have access to way too much on their own without a double check on them.”