Rather Than Not Spying On Everyone, NSA Is Getting Rid Of 90% Of Its Sysadmins

from the you're-doing-it-wrong dept

The latest NSA plan to stop the next Ed Snowden is to get rid of 90% of their sysadmins and automating many of their jobs. I would imagine that more than a few sysadmins might have an opinion or two about the ability of the NSA to really automate away their jobs, but that's an interesting move nonetheless. Here's NSA boss Keith Alexander:
"What we're in the process of doing - not fast enough - is reducing our system administrators by about 90 percent."
Considering that sophisticated techies aren't very interested in working for the NSA these days, perhaps it all works out for them. But, really, another option for avoiding an Ed Snowden like situation might be -- and I'm just tossing this out for suggestion -- is to not spy on everyone and then not lie to Congress and the American public about it. Just a little tiny suggestion.

Also, this more or less confirms what was fairly obvious (due to the NSA leaks by Snowden) that sysadmins have near universal access in the NSA's system, and the recent claims that "only 35 analysts" had access to key information was -- as James Clapper liked to say -- one of those "least untruthful" claims coming out of the intelligence community.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed snowden, nsa, nsa surveillance, sys admins


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    arcan, 9 Aug 2013 @ 11:23am

    watch, they outsource all their tech support to the chinese.

    link to this | view in chronology ]

    • icon
      Rikuo (profile), 9 Aug 2013 @ 11:26am

      Re:

      Ya mean like the UK did with their porn filters?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2013 @ 11:26am

      Re:

      They would never outsource tech support to the Chinese. They'll outsource it to India just like everyone else.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 9 Aug 2013 @ 12:01pm

        'In short, we pay ourselves to hose ourselves'.

        Who will then outsource it to china, who will outsource it to a company in the US.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Aug 2013 @ 12:42pm

          Re: 'In short, we pay ourselves to hose ourselves'.

          nah, nobody is outsourcing to US companies any more, can't trust 'em.

          link to this | view in chronology ]

          • icon
            That One Guy (profile), 9 Aug 2013 @ 7:15pm

            Re: Re: 'In short, we pay ourselves to hose ourselves'.

            Good point, though it does rather ruin the joke.

            link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 11:26am

    Not just them

    All large enterprises are moving this way, using new automated technologies combined with virtualization to eliminate admin and engineering positions. Its the next step in the technological revolution. The jobs they are able to replace with automation at this point are a step or two higher then the last 20 years. Cant wait to see what happens next.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 9 Aug 2013 @ 11:30am

      Re: Not just them

      Its the next step in the technological revolution


      Yeah, that's what the cloud providers keep telling us, but it's far from clear that it's actually true. We'll see.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2013 @ 1:16pm

      Re: Not just them

      I've been saying this for a long time, tools like Puppet https://puppetlabs.com/ and Chef http://www.opscode.com/chef/ WILL reduce the need for system administrators.

      Facebook uses chef, they have teams of 2-4 people that manage each cluster of ~10k servers. source: http://www.youtube.com/watch?v=SYZ2GzYAw_Q

      Now that we have tools that allow four people to manage 10k machines where will all the unneeded sysadmins work? I guess we will still need people working minimum wage to swap broken parts at the datacenter.

      Of course the NSA is automating, all large orgs and many small ones are doing the same thing. The sysadmins who do not learn these new automation technologies are the ones who will be looking for jobs.

      In response to John Fenderson these automation tools work just as good on physical servers as they do virtual servers in the "cloud"

      link to this | view in chronology ]

      • icon
        John Fenderson (profile), 9 Aug 2013 @ 1:31pm

        Re: Re: Not just them

        Yes, but the NSA says it is laying off sysadmins because they're moving to the cloud, not because they're using these tools in-house.

        link to this | view in chronology ]

  • icon
    John Fenderson (profile), 9 Aug 2013 @ 11:32am

    Scapegoats

    So, they're implying that the sysadmins are the problem? The sysadmins under their employ should take grave exception to this. Here's hoping against hope that they'll leave the NSA en mass.

    link to this | view in chronology ]

    • icon
      LivingInNavarre (profile), 9 Aug 2013 @ 1:10pm

      Re: Scapegoats

      It was my thought that there's a 90% chance that more info will be leaked. Nothing like having a soon to be terminated sysop looking for revenge. My guess is every one of them are loading up thumb drives as we speak.

      link to this | view in chronology ]

  • icon
    Chris-Mouse (profile), 9 Aug 2013 @ 11:35am

    So at the same time as they are building up the world's biggest database of private information, they are also pissing off hackers around the world, and getting rid of 90% of the people who maintain their computer security. What could possibly go wrong with that.

    link to this | view in chronology ]

    • identicon
      CK20XX, 9 Aug 2013 @ 12:58pm

      Re:

      “We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” –Carl Sagan

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 11:49am

    The end is on the horizon...

    Automation is fine and all but who's going to fix the automation when it screws up? I think we are witnessing beginnings of the actual end to the NSA's programs. It will eventually eat itself and no one will be around that can fix it when it does.

    link to this | view in chronology ]

    • identicon
      DCX2, 9 Aug 2013 @ 11:52am

      Re: The end is on the horizon...

      Correction - the people who can fix it will have been laid off. Whether they would take their old job back once it became apparent that they are necessary is a good question.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Aug 2013 @ 11:57am

        Re: Re: The end is on the horizon...

        That is exactly what I meant. Furthermore, they will have effectively alienated 90% of the pool of new talent that they can hire from to replace them when they realize they need them again.

        link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 9 Aug 2013 @ 11:52am

    More propaganda that NSA is supposedly changing,

    hurt, and disgraced. But IF anyone read the original -- instead of the intended take as Mike parrots it -- then it's plausibly planned long before. -- Oh, and surveillance is NOT being reduced, just turned over to more computers. Happy day, indeed.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2013 @ 12:02pm

      Re: More propaganda that NSA is supposedly changing,

      What are you even responding to? Can you even be called a troll at this point?

      I know senile grandparents that sound like you.

      link to this | view in chronology ]

      • identicon
        Alt0, 9 Aug 2013 @ 12:20pm

        Re: Re: I know senile grandparents that sound like you.

        **Touches nose with finger**

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 11:53am

    This is another admission that the NSA lied

    If they don't -- which is what the NSA has repeatedly claimed -- there is no increase in security by laying off 90% of them.

    link to this | view in chronology ]

  • identicon
    Michael, 9 Aug 2013 @ 11:56am

    Admin automation

    Either:

    1) The NSA has thrown out a percentage of a certain type of job they would like to automate with very little plan

    or

    2) They have been employing people in positions with a great deal of information access that they did not have to have and they are just now deciding that it would be a good idea to stop doing that

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 12:00pm

    So, the NSA is announcing it's going to blame 90% of the people with the same job as Edward Snowden for what Snowden did by firing them for Snowden's actions.

    Well, what could POSSIBLY go wrong there? Surely none of those 90% will get pissed off enough to say, leak more documents. And surely none of the 10% will decide to do so either when they see the NSA decide punishing 90% of the people with the same job wasn't good enough.

    link to this | view in chronology ]

    • identicon
      Michael, 9 Aug 2013 @ 12:08pm

      Re:

      This has nothing to do with stopping additional leaks.

      The actions by the NSA and the executive branch right now are about making enough noise to distract the people from removing Obama from office and forcing a change to the laws that are allowing them to continue these programs.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 12:09pm

    i would have thought an even better option would have been to get rid of 100% of the sysadmins, after getting rid of everyone else in the NSA starting from the top and working down. after all, if we started at the bottom and worked up, we might be lied to and told that the top brass have gone when they are really still there, hidden behind a false FISC report or a 'secret interpretation of a spying law'!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 12:13pm

    Moving to the cloud

    In the ArsTechnica article, they said they could do this because they're going to "move everything to the cloud."

    I think someone should tell this uninformed douche-canoe that the "cloud" ALSO consists of servers (that likely have sysadmins; at least one would think).

    For fuck's sake...is there ANYONE in that agency who has something of a clue?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 9 Aug 2013 @ 12:24pm

      Re: Moving to the cloud

      Sure, the cloudy servers has sysadmins -- but those aren't sysadmins the NSA has to hire. The entire point of going to the cloud is to save cash by being able to get rid of your in-house IT staff.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Aug 2013 @ 12:29pm

        Re: Re: Moving to the cloud

        That makes PERFECT sense, then!

        Per the Ars article:
        http://arstechnica.com/information-technology/2013/08/nsa-directors-answer-to-security-fir st-lay-off-sysadmins/

        "Moving to an automated cloud provisioning system, he explained, would cut the number of hands that touch the NSA's internal systems and address vulnerabilities—such as a sysadmin loading data onto a thumb drive and walking out with it."

        So now instead of NSA sysadmins having the ability to walk away with vital data, you've now outsourced that responsibility to a cloud provider!

        MUCH, MUCH safer.

        I think I've answered my original question about anyone there having a clue. It's clearly "no."

        link to this | view in chronology ]

      • icon
        Wally (profile), 10 Aug 2013 @ 10:48am

        Re: Re: Moving to the cloud

        Given that...I am beginning to wonder what sort of damage the Smith-Amash Amendment would have done considering part of it was shaving the NSA's budget.

        The company my mother works for (the one that audits hospital Medicare and Medicaid insurance forms and bills) recently cut all the nursing staff under her that manually do the systematic reviews of the audits...this was done in favor of saving money and automation. In her line of work, the states that contract the company and this contract require human eyes to do the review work sent over to the auditor's database by law for a specific reason...in an automated systems environment for auditing, there is no way to tell if someone accessed the information to alter what to look for. The main issue is that humans are not as calculated and are better suited towards handing statistical anomalies.. We don't crash.

        link to this | view in chronology ]

    • identicon
      Chris Brand, 9 Aug 2013 @ 12:31pm

      Re: Moving to the cloud

      The good news is that the cloud providers have plenty of spare capacity now that the NSA has driven all their non-US customers away.

      link to this | view in chronology ]

  • icon
    kenichi tanaka (profile), 9 Aug 2013 @ 12:26pm

    The NSA isn't all that bright. By automating those jobs they leave themselves wide open to renegade hackers and other potential problems. At the end of the day, you need actual people monitoring those systems not to mention the rabid fervor that this is going to cause with American voters.

    link to this | view in chronology ]

  • icon
    Rikuo (profile), 9 Aug 2013 @ 12:30pm

    Oh god no. Anyone with even the slightest hint of intelligence in a managerial position knows that you NEVER piss off the guys maintaining your computer systems. NEVER!!! How long until one of the guys being laid off "accidentally" fucks up the entire system?

    link to this | view in chronology ]

  • icon
    assemblerhead (profile), 9 Aug 2013 @ 12:36pm

    What could go wrong?

    ( Warning : Sarcasm Alert! )

    Anyone think about those wonderful DMCA takedown systems used by ( MPAA / RIAA ) to name a few?

    Do they ever get anything wrong?
    Never a false accusation, right?
    Always target the right person, correct?
    Never once have ID'd content wrong, have they?
    So perfect that Error Correction was never implemented or needed.

    What could possibly go wrong?

    link to this | view in chronology ]

  • identicon
    TDR, 9 Aug 2013 @ 1:31pm

    What those sysops could do, aside from leaking more data, is to wipe out the whole database before they leave and put in some code to make the system unable to be restored. In other words, cause a complete system failure. And craft the code so it can spread to all the backups and wipe them out too.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2013 @ 1:41pm

      Re:

      1) That'd be a great way to get arrested on a variety of charges, and you'd actually be guilty of them, and have little moral high ground to work with.

      2) Proper disaster recovery and back up procedures should preclude anything resembling "spread to all the backups". Worst case they lose like a week of data, tops.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 9 Aug 2013 @ 1:54pm

      Re:

      It's really hard to imagine sysops that would be willing to do such a thing aside from the single wacko here and there. It goes against the grain of what it means to be a sysop -- a bit like expecting a doctor to intentionally kill a patient because the patient is a bad guy.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 1:36pm

    Crazy but to me this sounds like an evolution of the thinking.. "if we just get rid of those evil protocols..."

    You can make improvements in sysadmin load, but you can't fix stupid.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 2:23pm

    PRAGMA writable_schema = 1;
    delete from USDatabase where type = 'table';
    PRAGMA writable_schema = 0;
    VACUUM;
    PRAGMA INTEGRITY_CHECK;

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 2:40pm

    Crackers start your Engines

    That is the exact opposite of security. Wouldn't leaving less sys-admins mean that is easier to exploit your way in with far less eyes watching things? That's not even getting into the whole anonymous tips from disgruntled ex-sysadmins of "The IP address is vvv.xxx.yyy.zzz and the access is based on foo version a.b port number is cccc, good luck". Suddenly a world record breaking in traffic and size torrent is out there to everyone.

    link to this | view in chronology ]

  • icon
    Wally (profile), 9 Aug 2013 @ 2:49pm

    The ability of automation...

    "The latest NSA plan to stop the next Ed Snowden is to get rid of 90% of their sysadmins and automating many of their jobs. I would imagine that more than a few sysadmins might have an opinion or two about the ability of the NSA to really automate away their jobs, but that's an interesting move nonetheless."

    The most disturbing part of this is not whether they are capable of it...but the simple fact they are doing it. To quote Denis Nedry...

    "You think that this type of automation is easy to come by? Or Cheap? Because if you can find a cheaper guy than me John, I would like to see you try..I really would"

    Jurassic Park automation is easily muddied up and clogged.

    I'm also reminded of the methods used by the IRS to target Conservative groups filing for non-profit status....using key word searches...imagine that type of targeting on all US citizens...then automate it!

    When this system is finally in place I'm half tempted to repeatedly copy and paste the word "bomb" to see what happens to it as a comment to one of these threads.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2013 @ 5:05pm

    I work on a team of 20 sysadmins at a govt agency, and we were discussing this and just started laughing. So if they cut 90% of our staff they would be left with 2 sysadmins. We wondered how anything would get done at all, I mean from the daily putting out "fires", to the patching and remediation of systems to all the other bs that comes up regularly, not to mention projects, upgrades, testing etc etc. We figured whoever the 2 left were would quit within a week.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Aug 2013 @ 6:32am

    Another Possible Interpretation

    They gave a lot of people sysadmin privileges, so they've decided to look at who really should be a sysadmin. In this version, the whole automation thing is a red herring to avoid admitting their system security is lax.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.