Around Town

DeLong: NSA security reforms predate Snowden

John DeLong

Compliance Director John DeLong also says explaining what NSA does is becoming a greater part of the agency's culture.

The National Security Agency had a series of security reforms underway before Edward Snowden surfaced, according to compliance director John DeLong.

When the leaks by Snowden, a former agency contractor, became front-page news last year, the urgency certainly increased, DeLong said. "For those who have lived it, either externally or internally, it feels more like a flood sometimes, not so much a leak," he quipped. But the move to thin client solutions, efforts to reduce data exposure, a risk-based approach to systems administrators, and a switch to two-person controls for access to the most sensitive information were all in the works.

DeLong took over compliance at NSA in 2009, and since that time his shop has grown three- or four-fold, he said, to about 300 workers. Much of the growth has been in IT compliance, DeLong said. While the core mission of training staff to comply with existing law, Foreign Intelligence Surveillance Court rulings, and directives from the Justice Department has been longstanding, there are now efforts to bake compliance into the technology itself.

"Compliance is everyone's responsibility at NSA but mine first and foremost, to make sure people are set up for success: So that rules are consumable, trainable, testable, that machines can incorporate them directly into people's workflows, that we have spot checks, etc.," DeLong said.

While DeLong, who spoke at an Aug. 21 industry event hosted by FedScoop, did not dive into details, he did note that his staff is able to move quickly to respond to new policy. For instance, after President Barack Obama ordered changes to the domestic collection of bulk telephone metadata records, DeLong's team was able to put those changes into effect, in terms of training and technology.

One unanticipated benefit to the Snowden leaks, DeLong said, is that the NSA is now getting more comfortable with having a public face -- going out and explaining what it does, and what laws and orders authorize its activities. "We need to make sure we can describe what we're doing to the public," he said. "That's much more becoming part of the culture, part of trying to minimize surprise."

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group