The Defense Department inspector general is initiating an investigation into measures by the National Security Agency to control computer users with access to sensitive information.
“Specifically, we will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity,” the Pentagon’s assistant inspector general for readiness and cyber operations Carol Gorman wrote in a January 6 letter, addressed to agency higher-ups.
The decision to launch the audit is thought to have been triggered by Snowden’s leaks. After intelligence contractor Edward Snowden leaked to the media details of extensive Internet and phone surveillance by American intelligence agencies, the NSA has stepped up the monitoring of users who have high security clearance. One notable measure, as of 2013, is a so-called “two-man” policy, requiring the presence of two people during operations with sensitive data.
The insider-threat detection method, intended to protect the NSA network and infrastructure, is scheduled to begin sometime this month. The new regime will test the organization’s security measures and determine whether they have actually improved the safety of the agency’s “systems, data and personnel activities,” Gorman said.
The new audit will occur at agency offices around the country. Congress mandated the measure with a provision in the “classified annex” to the intelligence community’s 2016 budget.