ASPEN, Colo. – The National Security Agency is implementing new security measures because of the disclosures by former NSA-systems-analyst-turned-fugitive Edward Snowden, a top defense official said Thursday.
NSA chief Keith Alexander said his agency had implemented a “two-man rule,” under which any system administrator like Snowden could only access or move key information with another administrator present. With some 15,000 sites to fix, Alexander said, it would take time to spread across the whole agency.
“Some of your sites are small … and you only have one system administrator, so you’ve got to address all of those, and we are working our way through it,” he said after speaking to an audience at the Aspen Security Forum in Colorado.
Alexander said server rooms where such data is stored are now locked and require a two-man team to access them – safeguards that he said would be implemented at the Pentagon and intelligence agencies after a pilot at the NSA.
Snowden leaked to the media information revealing that the NSA was gathering millions of U.S. phone records and intercepting some U.S. Internet traffic.
“This was a failure to defend our own networks,” Deputy Defense Secretary Ashton Carter said at the forum.
“In an effort for those in the intelligence community to be able to share with each other, there was an enormous amount of information concentrated in one place. That’s a mistake,” Carter said. “The loading of everything onto a server creates a risk.”
Carter said they are also looking at how to better monitor individuals with access to that kind of information and suggested the Pentagon might monitor intelligence workers just as it monitors staff at nuclear installations.
“When it comes to nuclear weapons, you watch people’s behavior in a special way. We don’t let people all by themselves do anything,” he said. “There is always some aberrant individual and you’ve got to recognize that.”