DeLong: NSA security reforms predate Snowden
- By Adam Mazmanian
- Aug 22, 2014
Compliance Director John DeLong also says explaining what NSA does is becoming a greater part of the agency's culture.
The National Security Agency had a series of security reforms underway before Edward Snowden surfaced, according to compliance director John DeLong.
When the leaks by Snowden, a former agency contractor, became front-page news last year, the urgency certainly increased, DeLong said. "For those who have lived it, either externally or internally, it feels more like a flood sometimes, not so much a leak," he quipped. But the move to thin client solutions, efforts to reduce data exposure, a risk-based approach to systems administrators, and a switch to two-person controls for access to the most sensitive information were all in the works.
DeLong took over compliance at NSA in 2009, and since that time his shop has grown three- or four-fold, he said, to about 300 workers. Much of the growth has been in IT compliance, DeLong said. While the core mission of training staff to comply with existing law, Foreign Intelligence Surveillance Court rulings, and directives from the Justice Department has been longstanding, there are now efforts to bake compliance into the technology itself.
"Compliance is everyone's responsibility at NSA but mine first and foremost, to make sure people are set up for success: So that rules are consumable, trainable, testable, that machines can incorporate them directly into people's workflows, that we have spot checks, etc.," DeLong said.
While DeLong, who spoke at an Aug. 21 industry event hosted by FedScoop, did not dive into details, he did note that his staff is able to move quickly to respond to new policy. For instance, after President Barack Obama ordered changes to the domestic collection of bulk telephone metadata records, DeLong's team was able to put those changes into effect, in terms of training and technology.
One unanticipated benefit to the Snowden leaks, DeLong said, is that the NSA is now getting more comfortable with having a public face -- going out and explaining what it does, and what laws and orders authorize its activities. "We need to make sure we can describe what we're doing to the public," he said. "That's much more becoming part of the culture, part of trying to minimize surprise."
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.