ASPEN, Colo. — The National Security Agency is implementing new security measures because of the disclosures by former NSA-systems-analyst-turned-fugitive Edward Snowden, a top defense official said Thursday.
Deputy Defense Secretary Ashton Carter said systems administrators like Snowden must now work with a colleague when accessing sensitive, compartmented intelligence — the kind Snowden leaked to the media. The information revealed that the agency was gathering millions of U.S. phone records and intercepting some U.S. Internet traffic.
“This was a failure to defend our own networks,” Carter said.
“In an effort for those in the intelligence community to be able to share with each other, there was an enormous amount of information concentrated in one place. That’s a mistake,” he told attendees at the Aspen Security Forum in Colorado. “The loading of everything onto a server creates a risk.”
- Mount St. Helens, still steaming, holds the world’s newest glacier
- Whitest big county in the U.S.? It’s us
- Seattle sets heat record for July 4
- For escapee, prison now will mean 23 hours a day in a cell
- Sound Transit planning heats up for light-rail expansion and public vote
Most Read Stories
The NSA chief, Gen. Keith Alexander, has explained that Snowden accessed much of the information on a single internal site designed to share information.
Carter said they are working to limit that access, as well as implementing a “two-man rule” everywhere systems administrators have “elevated” clearance access to sensitive information.
He said they are also looking at how to better monitor individuals with access to that kind of information and suggested the Pentagon might monitor intelligence workers just as it monitors staff at nuclear installations.
“When it comes to nuclear weapons, you watch people’s behavior in a special way. We don’t let people all by themselves do anything,” he said. “There is always some aberrant individual and you’ve got to recognize that.”
Meanwhile, Carter said, the Pentagon is also close to launching a 4,000-person cybersquad of both offensive and defensive teams. He said the teams will both protect Defense Department systems and launch cyberattacks against enemy networks.