US official: Security controls ‘working’ despite NSA theft
WASHINGTON (AP) — The top U.S. counterintelligence official says secret government data is vulnerable to thieves, such as the National Security Agency insider accused of working undetected for 20 years to steal a large trove of classified material, even as he defends the security controls put in place after the Edward Snowden theft.
“I believe the reforms are working very well. I think we’ve done an amazing job in the intelligence community and across the government in executing our reforms,” said Bill Evanina, the chief counterintelligence and security adviser to the national intelligence director. “However, I will say that if someone wakes up tomorrow and they make a decision that they’re going to steal data from the government, they will be successful at it.”
Evanina told The Associated Press in a recent interview that no matter how good security controls are, they will never catch every insider or hacker — and they must be continually improved because of technological advances. His remarks were the most extensive comments he’s made since former NSA contractor Harold Thomas Martin III, 51, of Glen Burnie, Maryland, was arrested by the FBI in August.
Federal prosecutors say Martin illegally removed highly classified information, storing it in an unlocked shed and in his car and home. Court documents say investigators seized, conservatively, 50 terabytes of information, or enough to fill roughly 200 laptops.
Evanina said that since the Snowden breach in 2013, enhanced efforts to counter insider threats in the nation’s spy shops have not only uncovered improper activity and situations ripe for possible breaches, but have identified employees who might need help. He would not detail the activity uncovered.
Yet there are indications the government missed red flags in Martin’s personal life. Prosecutors have alleged that he had a binge-drinking habit — court records show a 2006 drunken-driving arrest involving someone of the same name — and concealed firearms from his wife. Defense lawyers say Martin, who like Snowden had worked as a Booz Allen Hamilton contractor, had mental health issues that contributed to him being a “compulsive hoarder” over two decades.
National security breaches have changed in recent years from unearthing moles working for foreign governments to stopping intelligence workers before they leak or share documents with journalists, Evanina said.
Things changed with Chelsea Manning, a former intelligence analyst in Iraq, who was sentenced to 35 years at the military prison in Leavenworth, Kansas, for leaking more than 700,000 secret military and State Department documents to Wikileaks.
“It was a leak,” he said. “It was a big sea change for us.”
After Manning, President Barack Obama issued an executive order setting up a National Insider Threat Task Force and requiring federal agencies that handle classified material to seek out possible double-agents or prospective leakers.
Then came Snowden, a man Evanina likens to a “shop vac.”
“Snowden raised the bar and provided a new level of vulnerability of big IT (information technology) systems,” Evanina said. “Again, it was leaking.”
Most of the technological reforms came after Snowden, but others have been in place for several years.
Evanina said agencies are continuously monitoring key indicators like a slowed career, divorce or bankruptcy that could signal a stressed or disgruntled employee on the brink of installing malware, sneaking out with classified material or showing up at work with a weapon.
He shuns requiring body or package searches that would damage trust built with some 4 million Americans who hold security clearances, including 1.3 million vetted to handle top-secret materials.
“We have to weigh how do we garner trust without being ‘A Clockwork Orange’ or ‘Big Brother,’” Evanina said, referring to a futuristic movie about behavioral modification and George Orwell’s novel “1984″ where every citizen is under surveillance.
V. Miller Newton, chief executive officer of PKWARE, cited a Government Accountability Office report that said the number of security incidents at federal agencies rose from 5,503 to 77,183 between fiscal 2006 and fiscal 2015. That’s a 1,303 percent increase.
“The fact that this is not the centerpiece of these (presidential debates) is really disturbing to me,” he said.
James Lewis, an internationally recognized expert on cybersecurity, said Martin should not have been able to get the material out of the building where he worked.
“Part of what the expanded monitoring would have done is notified NSA that someone was downloading material,” he said. “It might have worked. Maybe it notified them. We don’t know. I kind of doubt it, but that would be the happy face story.”