Edward J. Snowden, the former National Security Agency contractor who leaked details about American surveillance, personifies a debate at the heart of technology systems in government and industry, Christopher Drew and Somini Sengupta write in The New York Times on Monday: Can the I.T. staff be trusted?
As the N.S.A., some companies and the city of San Francisco have learned, information technology administrators, who are vital to keeping the system running and often have access to everything, are in the perfect position if they want to leak sensitive information or blackmail higher-level officials.
The director of the N.S.A., Gen. Keith B. Ale xander, acknowledged the problem in a television interview on Sunday and said his agency would institute “a two-man rule†that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system. The rule, which would require a second check on each attempt to access sensitive information, is already in place in some intelligence agencies. It is a concept borrowed from the field of cryptography, where, in effect, two sets of keys are required to unlock a safe.
For government agencies and corporate America, there is a renewed emphasis on thwarting the rogue I.T. employee. Such in-house breaches are relatively rare, but the N.S.A. leaks have prompted assessments of the best precautions businesses and government can take, from added checks and balances to increased scrutiny during hiring.
“The scariest threat is the systems administrator,†said Eric Chiu, president of Hytrust, a computer security company. “The s ystem administrator has godlike access to systems they manage.â€
