Members of Congress tried years ago to raise the alarm about the danger U.S. intelligence agencies faced from “insider threats” like National Security Agency leaker Edward Snowden, but officials dragged their feet in implementing mandatory security measures that might have stopped him.
The Intelligence Authorization Act for 2011, an annual policy law that enables Congress to set priorities for the nation’s spy agencies, ordered Director of National Intelligence James R. Clapper to set up “an effective automated insider threat detection program” for intelligence agencies to prevent people with access to classified systems from abusing it.
Mr. Clapper was given a deadline of Oct. 1, 2012, for the system to be installed and Oct. 1, 2013, for it to be fully operational. But in last year’s act, those deadlines were extended to October 2013 for an initial capacity and October 2014 for full operating capacity.
Mr. Snowden’s ability to download an unknown number of top-secret documents to a banned thumb drive and then flee to China is the result of that delay, according to one congressional aide who asked for anonymity to discuss intelligence matters.
“We extended the deadline so the government wouldn’t be in violation,” the aide said.
“Clearly they’re still not there yet,” the aide added, referring to the automated detection program.
Such software — designed to sniff out unauthorized access attempts or odd patterns of behavior by authorized users of a restricted computer system — is commercially available, but apparently was not installed on the computer systems to which Mr. Snowden had access.
A senior U.S. intelligence official told The Washington Times that intelligence agencies were “working toward full operating capacity” for the automated insider threat detection program “in compliance with” the amended deadlines set in the 2013 act. The official declined to give further details.
NSA Director Gen. Keith B. Alexander said last week that Mr. Snowden worked as a systems administrator — a technician with high-level access to computers networks. Such people are compared by intelligence veterans to the cipher clerks of old, who would decrypt encoded messages. They have a great deal of access for relatively junior or short-time personnel.
But even taking into account the technical role, “Snowden’s access was so broad and diverse that it seems far from the norm and completely untethered from any ‘need to know,’” said Steven Aftergood, a secrecy scholar at the Federation for American Scientists.
Mr. Snowden has leaked documents from several different top-secret programs, including one that collects records from nearly every telephone call made in the United States. Activities as highly classified as that are typically “compartmented,” meaning only people with a demonstrable “need to know” would be allowed to learn about them.
“Part of the explanation lies in his function as systems administrator, which apparently gave him cross-cutting access to multiple compartments,” said Mr. Aftergood. “And part of the explanation is that he deliberately sought out information for purposes of disclosure.”
Mr. Snowden told the South China Morning Post, in an interview published this week, that he sought work with U.S. intelligence contractor Booz Allen Hamilton at the NSA’s Hawaii Threat Operations Center to be in a position to steal data that would prove the extent of the agency’s offensive cyberspying operations.
“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked,” he told the newspaper. “That is why I accepted that position.”
Given that Mr. Snowden appeared to have sought to thwart the agency’s security measures and steal classified material, former officials defended the agency. They also expressed skepticism about the congressional fix of an automated detection system.