The story of Edward Snowden continues to provide fodder for news pundits, the blogosphere, and security professionals alike. As Mr. Snowden's exploits continue to play out, I'd like offer some random thoughts and opinions for your consideration. Fair warning: it is highly likely that some of what I say will end up annoying and/or upsetting someone at some level. Remember, these are my opinions only; they are designed to spark conversation and dialogue. Feel free to disagree and to (courteously) provide comment to this entry. Here goes...
- Edward Snowden is not a genius. Mr. Snowden's résumé has yet to be released publically, but a recent New York Times article briefly described his four-year ascension from supervising computer system upgrades to "cyberstrategist." Many of us have seen this sort of thing before, and more so in recent years. Information Security remains a hot commodity with a low unemployment rating (well less than 3% despite the economic downturn). Many highly talented and highly skilled individuals noticed this trend in the late 2000s and began to re-tool their resumes toward information security. Mr. Snowden, like many of his ilk, quickly parlayed a little knowledge into an opportunity; he then continued to take advantage of those opportunities for professional gain. This does not make Mr. Snowden a sophisticated "hacker;" indeed, there is little evidence to date to suggest that Mr. Snowden did little more than take advantages of elevated privileges to access information that was poorly compartmentalized and/or poorly secured within NSA's network. This is less a statement of genius than it is of opportunism (which seems to be Mr. Snowden's guiding force).
- Edward Snowden is not a martyr nor a hero. Let me be clear: I have genuine and far-reaching concerns about the PRISM program and the data collection activities of our government. As I have stated in recent posts, I believe that we as a nation surrendered too much power and authority to the federal government in a post 9/11 world...and our government has taken/is taking full advantage of that. Even if we give Mr. Snowden the benefit of doubt re: (a) naiveté when he went to work for the military industrial complex and/or (b) conscience when we saw what was occurring, my problem with Mr. Snowden is that he ran. Martyrs don't run; they suffer for their beliefs. Heroes don't run either; they stand in the gap and willingly face the slings and arrows of those who would disagree with their actions. The fact that Mr. Snowden ran to foreign soil to escape prosecution for his crime -- and by violating the oaths and agreements he signed in order to receive high clearance he did commit a crime -- labels him as neither martyr nor hero but as criminal and coward. Worse, it casts doubt upon his motives and leads one to question whether there are other more malevolent motives at play here...or am I the only one who can see the possible hostile intelligence storyline here? :)
- Edward Snowden isn't the problem. While focusing on Mr. Snowden makes for good copy, there are a whole list of other issues/questions that are being overlooked here. Top of head:
- How did Mr. Snowden get the information out of NSA? Most likely, this was via USB device...which means that USB devices were enabled on sensitive computing devices and usage was not being monitored/tracked.
- Where is the supervision/oversight of the contracting entities and their personnel? Regardless of duty description (even if said duties included white hat penetration of systems), appropriate oversight and process would have easily raised appropriate flags early on in Mr. Snowden's exploits
- What were Booz Allen Hamilton's screening and qualification criteria for its employees? Were they too lax in their zeal to put faces in spaces and keep lucrative contracts?
- What are the government's screening criteria for clearances these days? The sad reality of the situation is that there has been a heightened demand for cleared workers since 9/11; has the government backed off on its clearance requirements in order to keep up the increasing demand for cleared technical workers?
- Where is the civilian oversight? The very public face of this scandal for the government has been GEN Keith Alexander, Director of the NSA and head of the US Cyber Command. While GEN Alexander's testimonies before Congress are appropriate given his posting, there remains this concept of civilian oversight of the military. Where, then are the various civilian leaders during this scandal? Other than to call Mr. Snowden a traitor, their presence has been notable by their absence in the hearings and in speaking to the media on PRISM. (Note: kudos to a colleague and peer of mine for first pointing this out; I admit freely that I missed this one out the chute)
My two cents...
No comments:
Post a Comment