Around Town

DeLong: NSA security reforms predate Snowden

John DeLong

Compliance Director John DeLong also says explaining what NSA does is becoming a greater part of the agency's culture.

The National Security Agency had a series of security reforms underway before Edward Snowden surfaced, according to compliance director John DeLong.

When the leaks by Snowden, a former agency contractor, became front-page news last year, the urgency certainly increased, DeLong said. "For those who have lived it, either externally or internally, it feels more like a flood sometimes, not so much a leak," he quipped. But the move to thin client solutions, efforts to reduce data exposure, a risk-based approach to systems administrators, and a switch to two-person controls for access to the most sensitive information were all in the works.

DeLong took over compliance at NSA in 2009, and since that time his shop has grown three- or four-fold, he said, to about 300 workers. Much of the growth has been in IT compliance, DeLong said. While the core mission of training staff to comply with existing law, Foreign Intelligence Surveillance Court rulings, and directives from the Justice Department has been longstanding, there are now efforts to bake compliance into the technology itself.

"Compliance is everyone's responsibility at NSA but mine first and foremost, to make sure people are set up for success: So that rules are consumable, trainable, testable, that machines can incorporate them directly into people's workflows, that we have spot checks, etc.," DeLong said.

While DeLong, who spoke at an Aug. 21 industry event hosted by FedScoop, did not dive into details, he did note that his staff is able to move quickly to respond to new policy. For instance, after President Barack Obama ordered changes to the domestic collection of bulk telephone metadata records, DeLong's team was able to put those changes into effect, in terms of training and technology.

One unanticipated benefit to the Snowden leaks, DeLong said, is that the NSA is now getting more comfortable with having a public face -- going out and explaining what it does, and what laws and orders authorize its activities. "We need to make sure we can describe what we're doing to the public," he said. "That's much more becoming part of the culture, part of trying to minimize surprise."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group