Nobody named names.
The way chief spyguy General Keith Alexander, director of the US’s National Security Agency (NSA) told a cybersecurity conference in New York City on Thursday, the project has been in the works for some time.
The project being, namely, that the NSA plans to fire 90% of its sysadmins.
According to Reuters, Alexander told the security crowd that automating sysadmin work would improve security – the sooner, the better:
"What we're in the process of doing - not fast enough - is reducing our system administrators by about 90 percent."
The way it is now, the NSA relies on human analysts to use their carbon-based brains to transfer data, secure networks and do other things “that machines are probably better at doing,” Alexander said.
One of those life forms, Edward Snowden, used to be one of some 1,000 system administrators that did the work.
Taking people like Snowden out of the loop and instead automating the work would make the NSA’s networks “more defensible and more secure,” as well as faster, he said, without naming Snowden.
The automation efforts predate Snowden’s leaks, but post-Snowden, they’ve been accelerated.
Snowden, who leaked documents to The Guardian and the Washington Post about secret telephone and internet surveillance programs, has been granted temporary asylum in Russia but is still facing criminal charges.
Would organizations be better off without human sysadmins?
Undoubtedly, threats from insiders can’t be taken lightly. Snowden wasn’t the first sysadmin to prove that, by any means.
In April, for example, a former system administrator at the server hosting company Hostgator was arrested for hacking his former employer’s network, having gotten in through a backdoor Trojan he had planted before he got sacked.
Of course, human employees of pretty much any job title can be ticking time bombs.
Back in 2010, a Bank of America insider admitted to planting malware on ATMs.
In July 2012, a mom was arrested for hacking school computers and tweaking her kids’ grades.
Beyond taking humans out of the sysadmin role, Alexander has also previously talked about requiring at least two people to be present before certain data can be accessed.
Would automating system administration improve the NSA’s security profile, or that of any organization, for that matter?
Your thoughts are welcone in the comments section below.
All I know is that there are hundreds of sysadmins who are looking at unemployment – ironic timing, that, given how it follows so close on the heels of System Administrator Appreciation day.
What would we do if human sysadmins were to go extinct?
For one thing, we’d miss out on the rantings against System Administrator Appreciation Day brought to us by one extraordinarily talented sysadmin who can both watch old episodes of Star Trek stashed in a hidden P2P director on a laptop and also has more than a passing familiarity with cryogenics-related cuisine in the kitchen or server room.
More seriously, though, human sysadmins do serious lifting in the organization. As Sophos’ Anna Brading put it on Sysadmin Day, they keep our systems up, patched, secure, fast and safe.
Do we really want to take humans out of the picture? Is such a trade-off worth the security gain?Follow @NakedSecurity