Originally posted by Dreine
As for Snowden, he had VAST amounts of access due to his job responsibilities as a system administrator. He worked across numerous programs at
differing levels of security clearance, hence why he was allowed to have a thumbdrive and take it out of the building. As an analyst, I only had
access to the databases and systems that was needed for me to perform the mission.
I wonder: are Americans really THIS stupid - or are they just amazingly sloppy? Incompetent?
When I read about Snowden, and now while reading your post, it reminds me of 9/11. When I saw those towers fall, when I saw the 'strike' on the
Pentagon - I could not help but wonder: how can this be? I mean: America, for gawds sake - the most powerful country in the world, with billions and
billions of dollars to spend on defense, the country with he tightest air defense system. And yet, they manage to demonstrate utter incompetence. Even
when they were fully aware of being attacked, they still could not manage to prevent even ONE attack.
Now, the very same feeling strikes again: why on earth did Americans allow a sysadmin like Snowden access to that much classified data? He was a
rookie that had already changed his job multiple times during that short period. As a security manager I would not have allowed him to come anywhere
near a trusted system, given his track record. And no offence, but how come that you, presumably part of similar (American) intelligence programs find
it acceptable and believable that a sysadmin like Snowden should be allowed to take out data on a thumbdrive
? I shook my head in amazement when
I read that - even on moderately secure sites such behaviour is strictly forbidden.
Any even moderately secure systems are configured such that it is actually impossible for the sysadmin to see data he is not allowed to see. He may
have access to some confidential data, necessary to perform his duties, but that does NOT mean he can see ANY confidential data. Less secure systems
employ the concept of a 'superuser' and in such cases the sysadmin can pretty much do what he wants. But on secure systems
there is no such
thing as a 'superuser'. Access to data is strictly limited to only those with clearance, and any tasks that might endanger confidential data will
always need to be done by at least two administrators: one that does the task, the other to check and confirm what is done. Invariably a very strict
procedure is involved, and all is under very strict change control. In many cases, apart from the sysadmins, the responsible manager is also required
to log in and needs to grant permission first to perform the task - even if the sysadmins would conspire, they can't do anything without his
permission. Additionally, in secure enviroments it is fairly common to log each an every keystroke and to capture screen images of what is being done
and there are internal auditors to check these captures and screen captures.
If the NSA etc. really do use crappy computers and crappy operating systems, allow rookies to work on confidential data and even take it out on
thumbdrives for a walk, if they do not follow procedures and never check on each other at all, I don't know why they think they should be allowed to
be entitled to see our confidential data.
As a matter of fact, were I an American, I would complain loudly about the inherent incompetence of my Government. I would point out to Court that I
have demonstrably taken every possible precaution to keep my data sufficiently secure and confidential, but that due to secret legislation a bunch of
nincompoops now can demand access to my data too. They are demonstrably NOT able to take care of it. Hence, chances are that my enemies will have
access to my data and hence I demand that you forbid these morons access to our data, your honour
edit on 20-8-2013 by ForteanOrg because: (no reason given)