Defense IG to audit NSA’s post-Snowden security measures
The Pentagon inspector general will audit a series of network and personnel security measures put into place by the National Security Agency following the mega-leak of top-secret documents by contractor Edward Snowden, according to an announcement Monday.
“Our objective is to determine whether initiatives implemented by the National Security Agency are effective to improve security over its systems, data, and personnel activities,” the inspector general’s office says in a memo.
The audit will zero in on measures put in place to prevent the kind of abuse of system administrator privileges that allowed Snowden in 2013 to scrape hundreds of thousands of the NSA’s most secret documents from its servers and smuggle them out of the Hawaii facility where he worked on a thumb drive.
“Specifically,” the memo continues, “we will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity.”
The memo states that the classified annex accompanying the 2016 Intelligence Authorization Act “contained a Department of Defense Inspector General classified reporting requirement,” and adds that “[t]his audit is the first in a series.”
Contact the reporter on this story via email at Shaun.Waterman@FedScoop.com. Follow him on Twitter at @WatermanReports.