[ISN] NSA Tests IT Access Control Restrictions

http://www.informationweek.com/security/privacy/nsa-tests-it-access-control-restrictions/240156948 By Mathew J. Schwartz InformationWeek.com June 19, 2013 The National Security Agency (NSA) is studying new information security policies and technology to help the agency prevent future leaks. Testifying before the House Intelligence Committee Tuesday, NSA director Gen. Keith Alexander said that measures under consideration include requiring two people, with comparable levels of authority and experience, to be present before any highly sensitive data can be accessed, even if only for systems administration purposes. In his testimony, Alexander defended the agency’s surveillance programs — with names such as Mainway, for traffic analysis of cell phone calls; Prism, recording Internet-borne audio, email and video; Marina, for Internet traffic analysis; and Nucleon, for telephone content interception — in the wake of details of the programs being leaked earlier this month by Edward Snowden. While employed by Booz Allen Hamilton, Snowden worked as a contract NSA systems administrator. He wasn’t unique; the agency relies heavily on IT contractors who hold top-secret clearances, as Snowden did. In fact, Alexander told the committee that about 1,000 of the agency’s contract employees serve as systems administrators. Now, however, Alexander said the agency is investigating whether it can use technology to automate more systems administrator responsibilities. Another proposal the NSA is considering to safeguard agency secrets against rogue employees is to put in place the two-man rule, which would require at least two people to be present before systems containing sensitive data could be accessed. The technique is already used to safeguard nuclear launches — as portrayed in movies such as WarGames and The Hunt For Red October — as well as to physically secure access to some types of sensitive information or systems. But according to information security experts, it’s rarely used, because the technique slows down even routine tasks. […] _______________________________________________ ISN mailing list ISN@lists.infosecnews.org http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org