I saw an article this past week posted on the LinkedIn Enterprise Architecture Forum(https://www.linkedin.com/groups/36248/36248-6189836445927100419) asking if Enterprise Architecture could have been used to prevent the latest incident of classified data being removed from the NSA.
I’d argue that in the aftermath of the Edward Snowden disclosures and the director of the NSA grilling before the Senate Judiciary Committee last December, I would say they already have. The Snowden disclosures changed the procedures for handling classified data by both the intelligence and defense communities as well as their contractors. Rules that were implemented were the “Two Person Rule”, which required two people to perform a critical operation such as downloading files. Additionally, the use of encryption has been increased. For example, users can encrypt their home directories, which even when backed up to a server would prevent a systems administrator (Snowden) from viewing their files.
The IC and DoD communities have also instituted physical access controls such as disabling USB ports, DVD drives, and other removable media. Software has been installed on servers, workstations, and VM’s to determine the movement of files by users across file systems and media.
In short, security has been increased across the both government and contractors to increase accountability and provide security at a highly granular level. In the article on LinkedIn, the author links to an article in Federal Computer Week (https://fcw.com/articles/2016/10/05/fbi-booz-contractor-arrest.aspx) that gives brief details of the arrest of a contractor for taking classified data from the NSA. If you carefully read the article there is no mention of a timeline, so it could have happened prior to the NSA’s implementation of the “Two person” rule. In addition, the article mentions that some of the data taken was in hard copy (paper) form, which is extremely difficult to protect against.