[nycbug-talk] (forw) FW: SANS NewsBites Vol. 15 Num. 064 : NSA Plans to Eliminate System Administrators for Improved Security; DHS Deputy Secretary Lute Takes On Global Leadership in Cybersecurity
Jim B.
jpb at jimby.name
Tue Aug 13 17:25:13 EDT 2013
>From SANs (which I have shamelessly copied) comes news of a new direction
for systems administrators - the unemployment line.
Also what, exactly, is an "automated cloud infrastructure"?
Thoughts?
Jim B.
**************************************************************************
SANS NewsBites August 9, 2013 Vol. 15, Num. 063
**************************************************************************
TOP OF THE NEWS
NSA Plans to Eliminate System Administrators
(August 9, 2013)
In an effort to reduce the risk of information leaks, the US National
Security Agency (NSA) plans to get rid of 90 percent of its contracted
system administrator positions. NSA Director General Keith Alexander
said that the agency plans to move to an automated cloud infrastructure.
Speaking on a panel along with FBI Director Robert Mueller at a security
conference in New York, Alexander referred to the recent revelations
about the scope of NSA surveillance, noting that "people make mistakes.
But ... no one has willfully or knowingly disobeyed the law or tried to
invade ... civil liberties or privacy."
http://www.nbcnews.com/technology/nsa-cut-system-administrators-90-percent-limit-data-access-6C10884390
http://arstechnica.com/information-technology/2013/08/nsa-directors-answer-to-security-first-lay-off-sysadmins/
http://www.theregister.co.uk/2013/08/09/snowden_nsa_to_sack_90_per_cent_sysadmins_keith_alexander/
[Editor's Note (Paller): A huge revelation to executives of the Snowden
affair is illuminated in this decision by NSA. System administrators
are powerful - too powerful. In the mainframe era, IBM and its
customers invested 15 years (1967-1982) building strong controls into
computers, specifically to constrain the power of the systems
programmers. System administrators are now as powerful as system
programmers were in the 60s and 70s, and are unconstrained. NSA is in
the vanguard of a major shift coming to every organization that cares
about security. The immediate implementation of the top 4 controls in
the 20 Critical Controls is a core survival task for IT security
organizations. See Raising the Bar for evidence
(http://csis.org/publication/raising-bar-cybersecurity). Organizations
failing to implement those quickly should anticipate an unstoppable
board-level push to outsource system administration and management to
the cloud providers.]
Cheers,
Jim B.
More information about the talk
mailing list