Reporters at one British newspaper are convinced Russia is behind the CIA’s loss of control over its super-sensitive hacking and surveillance code. And that the U.K. intelligence apparatus will be next.
Perhaps, but in the U.S., unnamed officials are telling several news outlets that disgruntled contractor personnel are likely behind the loss. Over the weekend, the Wall Street Journal reported an investigation was “rapidly unfolding,” implying imminent arrests. Reuters quoted Sen. Diane Feinstein (D-Calif.), a member of the Intelligence Committee, as urging colleagues to examine the “contractor portion of the employee workforce.” Her prose may be garbled but you understand what she’s getting at.
Edward Snowden was working for Booz Allen Hamilton at the NSA when he downloaded and released to WikiLeaks documents about NSA surveillance activities. Ditto for data hoarder Harold Martin when he was discovered and arrested. Booz Allen was only Martin’s latest employer under which he took documents he wasn’t supposed to. Six other companies employed him before that, according to the Justice Department.
If contractors were in fact behind the CIA breach, that would be three high-profile data exfiltrations in a row committed by contractors.
Those who are suspicious of contractors and their deep involvement in federal operations will react predictably. Two counter-arguments to that: One, plenty of trusted federal employees have gone wrong. Do the names Aldrich Ames and Robert Hanssen ring a bell? Two, in a practical sense contractors are so deeply embedded in federal agency day-to-day processes that you can’t extricate them.
When the “who” in this latest breach comes to light, the next question will concern how the cybersecurity setup at the CIA could let it happen. Parallel “how could it” questions confronted the FBI after the 2001 arrest of Hanssen. His 15-year history of double agency was so treacherous his big-time D.C. defense attorney’s main job was to keep him off the lethal injection table. Several articles published at the time quoted then-FBI director Louis Freeh frankly at a loss for how to prevent a recurrence. Yet, thanks to a series of blown undercover national security operations, the FBI had known for years that someone wasn’t kosher. Hanssen outed Russian agents working for the U.S. Russia later executed them.
Most people in national security, whatever their particular job, believe in the mission and follow the rules. Every program will house a few bad apples. In national security, the rotten ones have a lot more potential to do damage than they might in, say, the Agriculture or Education departments. This is why national security people get less comprehensive protection for whistleblowing and why they regularly submit to polygraph tests.
Unlike the earlier spy cases, these recent document losses occurred entirely online. No hidden trash bags or hollow pumpkins. The motivation doesn’t seem to be money but rather some sort of disgruntlement or feelings of moral superiority. That leaves the CIA with the need to answer several questions. On the technical side:
What sort of digital rights management is in place — or totally lacking — that lets even top-security cleared people amass thousands of documents?
What log analysis tools flag downloads and by what criteria?
Who checks the logs, what anomalies and outliers did they find, and what did they do with the information? Or did they miss it entirely?
Is the encryption architecture sufficient to protect such highly sensitive code?
On the staffing-human capital side:
Where is the oversight not just of contractors but of anyone with rights to view and, apparently, copy digital crown jewels?
Where, if anywhere, do the privileges of security-cleared contracts end and employees are required for certain things?
For deeply embedded contractors, what procedures are in place to openly communicate about further work prospects and assignments? When agency staff deliver unpleasant news — for example, about terminated assignments and jobs — do affected people get any extra observation or are their access rights curtailed?
Whatever is going on in the opaque CIA, I’m betting they’re asking these and a lot more questions.