The National Security Operations Center at NSA, photographed in 2012—the nerve center of the NSA’s “signals intelligence” monitoring.
National Security Agency
In the days after the attacks on September 11, 2001, the National Security Agency underwent a transformation from an organization that operated on a “need to know” basis to a “need to share” culture.
In the process, the agency threw out many of the procedures and controls that might have stopped Edward Snowden from walking out the door with thousands of secret documents.
But after the WikiLeaks scandal, the NSA began trying to ratchet back on its internal promiscuity with information classified at the highest level—Top Secret/Sensitive Compartmented Information (TS/SCI). Ironically, it was part of this effort that allowed then-contractor systems administrator Snowden to download thousands of documents from the agency’s highly classified internal Web servers—documents that were openly available to him because of his security clearance and duties assigned. Most of Snowden’s scripting skills were used not to hack into systems within the NSA but to simply manage bulk transfers of data between systems.
“He didn’t need to be a sysadmin to get to [the data],” NSA Director of Technology Lonny Anderson said in an interview with Benjamin Wittes and Robert Chesney of the Brookings Institute. “He just needed a TS/SCI clearance. Where I think we were negligent—if we were negligent—is that we allowed him some form of anonymity. So the lesson learned for us is that you’ve got to remove anonymity from the network.”