Sophos Cloud Optix
Nobody named names.
Didn’t suggest that the move was caused by one particularly problematic sysadmin and his habit of leaking classified data about surveillance programs like PRISM and XKeyscore.
The way chief spyguy General Keith Alexander, director of the US’s National Security Agency (NSA) told a cybersecurity conference in New York City on Thursday, the project has been in the works for some time.
The project being, namely, that the NSA plans to fire 90% of its sysadmins.
According to Reuters, Alexander told the security crowd that automating sysadmin work would improve security – the sooner, the better:
"What we're in the process of doing - not fast enough - is reducing our system administrators by about 90 percent."
The way it is now, the NSA relies on human analysts to use their carbon-based brains to transfer data, secure networks and do other things “that machines are probably better at doing,” Alexander said.
One of those life forms, Edward Snowden, used to be one of some 1,000 system administrators that did the work.
Taking people like Snowden out of the loop and instead automating the work would make the NSA’s networks “more defensible and more secure,” as well as faster, he said, without naming Snowden.
The automation efforts predate Snowden’s leaks, but post-Snowden, they’ve been accelerated.
Snowden, who leaked documents to The Guardian and the Washington Post about secret telephone and internet surveillance programs, has been granted temporary asylum in Russia but is still facing criminal charges.
Would organizations be better off without human sysadmins?
Undoubtedly, threats from insiders can’t be taken lightly. Snowden wasn’t the first sysadmin to prove that, by any means.
In April, for example, a former system administrator at the server hosting company Hostgator was arrested for hacking his former employer’s network, having gotten in through a backdoor Trojan he had planted before he got sacked.
Of course, human employees of pretty much any job title can be ticking time bombs.
Back in 2010, a Bank of America insider admitted to planting malware on ATMs.
In July 2012, a mom was arrested for hacking school computers and tweaking her kids’ grades.
Beyond taking humans out of the sysadmin role, Alexander has also previously talked about requiring at least two people to be present before certain data can be accessed.
Would automating system administration improve the NSA’s security profile, or that of any organization, for that matter?
Your thoughts are welcone in the comments section below.
All I know is that there are hundreds of sysadmins who are looking at unemployment – ironic timing, that, given how it follows so close on the heels of System Administrator Appreciation day.
What would we do if human sysadmins were to go extinct?
For one thing, we’d miss out on the rantings against System Administrator Appreciation Day brought to us by one extraordinarily talented sysadmin who can both watch old episodes of Star Trek stashed in a hidden P2P director on a laptop and also has more than a passing familiarity with cryogenics-related cuisine in the kitchen or server room.
More seriously, though, human sysadmins do serious lifting in the organization. As Sophos’ Anna Brading put it on Sysadmin Day, they keep our systems up, patched, secure, fast and safe.
Do we really want to take humans out of the picture? Is such a trade-off worth the security gain?
Image of unemployment and hacker courtesy of Shutterstock.
Cutting out 90% of sysadmins is a great idea. Then the next thing is get rid of all socially liberal people who work at the NSA. They ALWAYS are the ones who leak national secrets.
They already have
If sysadmin's work could be fully automated, lots of companies would have fired their sysadmins years ago.
Their duties go further than just install, patch or upgrade systems: they also install drivers for new hardware, compile programs that don't run by default, recover information when needed, etc. Those tasks can't, thanks God, be automated.
Its better to have automated systems you can trust to deal with than total idiots like Snowden who have zero regard for the safety of his country. When it comes to National Security, no compromise should be made as a leak of information could mean the difference between life and death. Also for the very limited people who work in critical roles, increased surveillance should be deployed and the people arrested at the first suspicion of any breach or change of mind. In certain cases, its better to shoot first and ask questions later.
Comments like Sammie's — where the blindly followed assumption is that dragnet invasive global data surveillance somehow equates to tighter national security, and the reduction of it would automatically mean every American is in more danger from whoever the current enemy of the state happens to be — are precisely why the US Government has gone down the road of assuming that all data on the Internet is fair game for it to poke through.
Surely these policies, which significantly decrease how well liked the US is by both its own people and the international community, can't have a detrimental effect on America by, say, making millions more people visibly angry with the US can it? The effect on the US Internet industry (Microsoft 365, Amazon Cloud services, Google etc…) are acceptable collateral damage, right?
Back to the topic: of course from any organization's perspective the fewer humans there are with access to sensitive material the easier it is to protect. I'm just floored that the NSA feels it is okay to collect the data it does while apparently not grasping that very simply concept itself until now. Wow.
People seem to have a very paranoid and cynical attitude. For all the security and invasive surveillance that goes on; does it really make the world a better place?
I can think of some infamous regimes (I really don't need to mention them – we know who they are) where surveillance has been used and indeed it has/had created an atmosphere of distrust and paranoia. It has also been proven as effective to 'control' the populous. But does it really make the world a better, safer place?
So if you want to treat a majority of the population of the 'free' world as suspects and criminals then all of this spying fine. It will certainly help us to be controlled as the 'subjects' that we are. What surprises me most is how willingly people accept that surveillance.
There is no hope for humanity. IMHO
sorry Sammie I don't agree with what you have said, I would rather the NSA spy only on criminals and terrorists not on the general public. How would you feel if you became a suspect and was shot first and questions asked later, in my book that is wrong…An experience in London proved you can't shoot first. the Menendez Incident which you may or may not remember. As for Snowden he did the right thing by the people of the USA and not the Government. Do you really want the government to know all your dirty secrets? Remember McCarthy.
I hope it never happens to you but this just leads to more control by government of the people who are supposed to be in the land of the free. For the rest of the world, they have their own laws on privacy, these all have to be accepted by the USA. After all we are meant to be allies. Allies don't spy on one another. So it's okay NSA to spy on known and unknown terrorists but think about what you do with information that belongs to ordinary people who have no intentions of causing mayhem damage and death for these are the people you are supposed to be protecting… not gathering information for the sake of gathering information. People are entitled to their private lives. 1984 + 30
I bet General Alexander doesn’t really understand what his sysadmins do. If he fires 1000 sysadmins today, he will have to hire 999 DMO’s (Data Mining Operatives) tomorrow. These make up the (regrettably) human interface between what he collects and what the myriad government organisations with an interest in security are screaming at him to deliver.
I suppose it depends how much you trust the automated systems. Were they developed and installed properly by people who code perfectly, always choose the correct settings, and have no hidden agenda? Can they accurately detect that their automation or the humans who are interacting with them are behaving properly? How easy is it to tamper with them and how easy is it to tell they've been tempered with? How interlocked are the systems and can you cascade trust and malice through them?
While you do get to place your trust in a smaller number of people when using automation, you're placing a lot more trust in them, and they can do a lot more damage. There were no signs ahead of time that Snowden was going to reveal their secrets. Firing people in huge rounds like this is more likely to provoke some scared, financially desperate admin with an existing chip on his/her shoulder to do something bad. Leave a parting gift of some sort for the robots that are replacing them. They do, after all, have a statistically significant chance of being one of the people getting fired, and people (and machines) do strange things under stress.
Humans have one thing machines don't: judgment…and in many cases that involves intuition. Not every problem in human society is a problem that machine logic can address, much less solve. And when I say “address” that includes "access" (the verb), meaning that machines can't wrap their feeble little linear brains around the non-linear, relational aspects of complex systems. They can’t “access” the relationships hidden in the data.
"Complex systems” are systems that exhibit *complexity*, which in turn means they can't be modeled or represented by finite algorithms. To one degree or another, such systems are recursively self-referential. And there is no system in the universe (as far as I know) that is more self-referential than humans and their matrix of societal interactions…which of course is precisely the subject of NSA's surveillance. Its machines can spin and sputter all they want, but they can't do the task the NSA wants them to do.
Sure, there’s a downside to having humans administering any system, but when the systems deal with humans, humans are the most qualified to administer them. If “national security” is so important, do we really want to entrust it to an increasingly mechanized, decreasingly humanized (or increasingly soulless…same thing) bureaucracy like the NSA?
Think it through. All of that data on all of those people, many of whom are dissidents who already are imperiled by authoritarian regimes…what if the next vulnerability in the NSA’s new sysadmin machine code ends up exposing everyone’s data? What if it’s YOUR data?
“I’ve done nothing wrong, so I have nothing to hide” is a specious argument — one that doesn’t justify the collection of the data in the first place. And now they’re going to hand over the task to machines. It won’t matter whether you think you’ve done nothing wrong. The only thing that will matter will be what the machine “decides”. Remember, it’s for the sake of the collective “national security”. The rights of the individual don’t matter in such a system. They matter even less to a machine.