NSA talking Snowden, insider threats

Six months have passed since former National Security Agency contractor Edward Snowden leaked an untold number of the agency’s classified secrets to journalists, and the NSA still isn’t sure how much information he made off with.

That was evidenced over the past week as the NSA began the equivalent of a public relations tour to rebuild its reputation – even as leaks continue to make headlines – when top NSA officials told CBS they are considering amnesty for Snowden in exchange for the trove of documents he took.

Richard Ledgett, the NSA official charged with assessing the damage of Snowden’s leaks, said such a move would be controversial within NSA headquarters at Fort Meade, but might be the only way the agency ever figures out exactly what information left their private networks.

“My personal view is, yes, it’s worth having a conversation about,” Ledgett said in an interview that aired Dec. 15 on 60 Minutes. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”

The State Department is not on board with the idea, and Snowden – now living under asylum in Russia – faces espionage charges filed by the Justice Department should he return to U.S. soil. NSA Director Gen. Keith Alexander said he opposed an amnesty, but Alexander is set to retire come spring.  Ledgett is among a select group of candidates to succeed him.

That NSA officials have even broached the possibility of a Snowden amnesty illustrates how much power low-to-mid-level IT employees can potentially wield inside tech-dependent organizations like the NSA.

That power and the global fallout over data privacy also likely played a part in Alexander telling the Senate Judiciary Committee on Dec. 11 that the NSA has undertaken 41 actions to prevent future insider leaks. Few of the actions were detailed, but he included the so-called two-person rule, which requires two system administrators – the position Snowden held within NSA – to approve access to systems and files.

Alexander would say only that the other initiatives included “compartmentalizing and encrypting data.”

The Pentagon is also looking at shoring up its internal security threat program, soliciting industry responses for innovative methods to “identify and refer threats to the appropriate entities,” among other requirements.