
As mentioned in that post, Snowden used a USB flash drive (also often referred to as thumb drive) to download top secret information about U.S. surveillance programs. For basic network users, USB flash drives are prohibited. However, Snowden was able to by pass that security feature since he had elevated access permissions as a system administrator. Lucky him!
The simplest approach to a security vulnerability is implementing a procedural change, and that is what the NSA did. It's rather ironic that the high tech agency would use a low tech approach. The new NSA procedure requires two system administrators to work simultaneously when they access highly classified networks. They call this the two-man rule, or two-person integrity (TPI), which is a common security practice often used around highly sensitive material. This simple procedure makes sense considering:
- The top secret classification on the material Snowden removed means the information was determined to cause exceptionally grave damage to national security. This definition is in accordance with Executive Order 13525, Classified National Security Information; the primary U.S. Executive Branch classification system document.
- The system administrators' elevated permissions permit them to bypass the security features for typical network users.
You don't need overly complicated processes and gizmos to be effective. The NSA Director, General Keith Alexander stated at the Aspen Security Forum that the new rule will likely make their jobs more difficult. Granted this procedure takes the convenient factor out, but security is not about convenience, and I doubt this would have significant impact on their overall mission. Additionally, "he described future plans to keep the most sensitive data in a highly encrypted form, sharply limiting the number of system administrators - like Mr. Snowden - who can move data throughout the nation's intelligence agencies and the Department of Defense." (Sanger and Schmitt, 2013)
An interesting note from the New York Times article covering this event, "Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the leak of highly classified data partly on decisions made after the investigations into the intelligence failures surrounding the September 11, 2001 terrorist attacks....the pressure to recompartmentalize information is bound to raise questions about whether the government is restoring a system that ultimately, was blamed for many of the failure to 'connect the dots' before the 2001 attacks." (Sanger and Schmitt, 2013)
Within the 500 page plus 9/11 Commission Report, there are numerous intelligence failings mentioned, but it primarily faulted the pre-September 11th stove-pipe mentality that prevented intelligences agencies from collaborating information.
References:
Dilanian, K. (2013 June 13). Officials: Edward Snowden took NSA secrets on thumb drive. L.A. Times. Retrieved from http://www.latimes.com/news/politics/la-pn-snowden-nsa-secrets-thumb-drive-20130613,0,791040.story
Franceschi-bicchierai, L. (2013 June14). Snowden stole secret NSA documents with a flash drive. Mashable. Retrieved from http://mashable.com/2013/06/13/snowden-nsa-thumb-drive/
Sanger, D. and Schmitt, E. (2013 July 18) N.S.A. imposes rules to protect secret data stored on its networks. New York Times. Retrieved from http://www.nytimes.com/2013/07/19/us/military-to-deploy-units-devoted-to-cyber-operations.html?src=recg&_r=0