Dear worthless drone. In order to improve our national security, you have the honor being sacrificed for a greater cause. Remember that your experience with us is secret, and due to the necessities of the state we expect you will continue to do your protective duty in silence. As protocol dictates, we gratefully extend your $1432.67 severance for your 12 years, 5 months, and 3 days of effort. Thank you for your service. Goodbye.
Enough hyperbole. These people aren't being killed, they're being released back into the labor pool to either find new jobs, or make new jobs. Maybe some of these admins will start their own datacenters or consulting firms instead of working for someone else's.
I, for one, would be hesitant to hire a former NSA admin. There's a lot of things to consider:
Will they be approached at a later date by past acquaintances to circumvent normal mechanisms and allow access data?
Can they be coerced to circumvent normal mechanisms and allow access to data?
How much were they aware of about what the NSA was doing, and were they aware it may have/definitely did break the law? Should that even be considered?
I'm not saying it would prevent hiring, but it would sure be on my mind.
Why have such a narrow view? Have you considered that 99% of NSA employees might be just like you and me, have absolutely no malicious intent, and have absolutely no knowledge or understanding of the programs the NSA is reported to practice?
Look at the converse - these employees have already been through a thorough background investigation and have been entrusted with highly secure data. These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer - I can only imagine the counterintelligence nightmare that would exist if the clearance vetting process didn't try to weed out easily coerced individuals.
My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.
I don't know about you, but someone who works at the NSA and isn't at least aware of some of the crap they're doing (which has been reported from the mainstream media, mind, this isn't exactly suppressed news) is someone who I wouldn't consider aware of their surroundings, and therefore unsuited to the task.
So, these real people. One of them comes to you for a sysadmin job. NSA and a high-ish security clearance is on their resumé.
Are they ignorant, apathetic, or malicious? It's one of the three. They either don't know what their government is perpetrating (and aren't paying attention), they know and don't care (because the dollar overrides all morals), or they know, care, and are playing for the other team.
"They're real people" is just an emotional appeal that ignores a very real ethical dilemma. Real people actually suck sometimes.
I'm not sure why you think that every employee of a large organization is somehow ideologically synchronized, operationally involved, and morally responsible for every policy decision made by the organization.
That isn't even true in small organizations, never mind large need-to-know organizations.
It's not a false choice. This is the government, not a random factory somewhere making random widgets where the biggest ethical problem a person may face is whether to report their boss for embezzling. This is a lot bigger.
You needn't be ideologically synchronized or operationally involved to be complicit in oiling the machine responsible for the crimes that keep coming out recently.
Moral responsibility comes in when you decide to take money from these people instead of deciding to yourself "You know, maybe I don't want to be part, however small, of crimes against the public".
And that takes it right back to ignorance, apathy, or malice.
> Why have such a narrow view? Have you considered that 99% of NSA employees might be just like you and me, have absolutely no malicious intent, and have absolutely no knowledge or understanding of the programs the NSA is reported to practice?
How is it narrow? I said I would be hesitant, but it wouldn't immediately exclude them as a candidate. I don't believe ignoring this past employer would be appropriate the same way I don't believe ignoring a past employer who happened to be a main competitor. Just because it may be unlikely, doesn't mean it should be ignored.
> These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer
Depending on the attributes that make them hard to coerce (e.g. patriotism), what's a plus for government employment may be a negative in this specific assessment. A patriotic employee may be hard to coerce when working for the government, but depending on the line taken, the government may have a significantly easier time coercing them when they are working somewhere else ("but it's for national security!".
> My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.
The undercurrent of my comment, which may not have been clear, is that these admins may find it harder to find employment in the private sector after the recent NSA revelations. That's unfortunate because I'm sure most of them are completely innocent and great employees, making this layoff even worse than it sounds.
This is the problem with the Deep State. When a huge portion of what the government does is deception and subterfuge, it should not be a surprise that everyone becomes suspicious of government.
Stop looking for nonexistent hyperbole - There is nothing in the post which suggests people are being killed.
There is a bit of hyberbole about the "automation of tasks" and the "small severance/bureaucratic manner", both of which are (get this craziness): funny.
I don't want to prejudge them with loaded terms such as as "bad" or "good". Sometimes events which would appear to benefit an individual are harmful to that individual or other individuals, and sometimes events which seem harmful are beneficial.
Yes, it's unfortunate that those individuals will have to expend more effort to prove their value to other people, but this is something which we all must do.
This should be read as: "Government agency has been wasting taxpayer money by employing 900 people that they didn't need but didn't bother care to fix because the extra people justified their ballooning budget that they could use to spy more on said taxpayers."
Tomorrow's news today: "Chinese NSA break-in was caused by unpatched code, overwork and corner-cutting after staffing was reduced in the name of limiting access to secure data, sources say."
I wonder how much of this is related to virtualization -- one of my previous positions was obviated due to this.
Instead of having system admins maintain the software state and hardware state on a forest of servers, it's a lot simpler to have VMs that delete and reprovision themselves whenever they have a software issue.
When you add in virtual HDDs or UNC paths for data locations, then the system is completely abstracted from the underlying hardware. If one of these physical hypervisor host systems has a hardware problem, the virtual servers on it can usually be live-migrated to other hosts, and the hardware can be repaired/replaced by a low-level hardware-only tech. When the hypervisor OS has an issue, it can be automatically reimaged as well.
Changes like this have made Office365 much more efficient than BPOS, and are likely at play in AWS and other datacenters as well as the NSA's.
Virtualization solves a lot of these problems, but a lot of my milspec friends have been expressing concerns about APTs that jailbreak the virtual environment to attack the underlying physical host.
It will be interesting to see how the human element of networks evolves over time.
I'm thinking back to the HDD firmware hack[1] that was on HN earlier this week -- if a HDD was exposed directly to a VM, that would definitely be a plausible attack vector.
Yes, you're correct on the definition. I don't wanna go look it up but there's a good one about an embedded attack hidden in an internal PCI board's on board memory.
If someone with $100M wants to get you, they're probably gonna find a way.
"I've been feeling guilty about my job at tricking the people as a systems admin for the NSA, but the money is great, so i keep my mouth shut... wait... i'm fired?... ctrl+a, ctrl+c.. ctrl+v.... send"
People take disproportionate risks out of anger all the time.
Furthermore, a lot of people in these types of positions (sysadmin work etc; and I say that as someone who does this type of work myself, though not at a three letter agency) get a feeling that they're good enough to get away with it - whether or not it's actually true.
Making an announcement like that just seems exceptionally stupid.
Indeed they do. And not all of them have the benefit of being able to justify themselves with "I leaked this for the good of the country".
It's not all that rare to see sysadmins that get fired or even just perceive mistreatment by coworkers or employers to jump the shark and mess up the systems they're meant to take care of.
I don't get it. Their newly ex-sysadmins might well be motivated to blow whistles. There's still a 'Snowden is overstating the case' contingent out there.
I mean worry about more than the 90% who have been fired and (presumably) don't have access to NSA computers anymore. Also, I don't think leaking NSA secrets is the main problem. I think their main problem will be finding and retaining talent. Why would you go work a government job like this if you don't even have job security. It's not like there's a shortage of demand for sysadmins in the private sector.
Recall that the CIA really likes to hire Mormons for their loyalty [1]. I'd be REALLY interested in knowing what % of the remaining sys ads are Mormon.
I have to wonder what they had the sysadmins doing. One of the primary functions of the job is usually automating common tasks. Had they already done this and they just never downsized the department? If not, I doubt they can cut 90% quickly, that's a lot of automation that needs to be put in place. Guess whose job that is?
It's never good when so many people lose their jobs but I can't stop thinking that if so many people can be replaced by automation, something must have gone awfully, awfully wrong in the process of wisely spending taxpayers money. Why were they using people in the first place to perform tasks best left to machines?
I don't think these changes are about expense, but about security. I suspect there will be little cost savings, at least not immediately. Instead, you're just shifting the workload from (manual) system administration to automating the system administration.
To use an example - now a human swaps out a backup tape and has physical access to it. By replacing this with a tape robot, you've taken the insecure part - that person - out of the loop.
I don't see how disgruntled ex-employees would be a risk if the correct policies are put into place like, you know, the whole confidentiality and nondisclosure agreements.
You just did describe a new problem and process. If you have someone on staff you can watch him closely. On the other hand "exit day" brings complications ... especially for sys-admins.
Edit: and so it wouldn't surprise me if a government department with huge budget tended to accrue employees over time. The "easy" path is retention.
The title of the article seems to imply immediacy. the article itself though says that they plan on automating 90% of the employees out of a job. So I suspect a lot of people will work really hard in hopes that they remain part of the 10% and the smart ones are working on their resumes. Though the whole layoff itself is probably at least a year away.
If these sysadmins are a security risk, giving them notice of redundancy can hardly improve security (in the short term). Especially for an organisation with such recent history of trouble with disgruntled ex-employees.
I wonder how many are agents to help further NSA penetration of civilian systems and networks. That's a lot of talent going on the labour market but I don't think I'd be prepared to knowingly hire anyone with this kind of experience and connections.
In the short term, they'll probably be replaced by a legion of contractors who will be tasked with automating the work formerly performed by the sysadmins. It's not like a NSA contractor has ever leaked sensitive material before though...
For all of those who are commenting about sysadmins grabbing as much data as they go out, I highly suspect that all of the newly unemployed sysadmins were or have been escorted by armed guards.
This could be great news - I'd imagine there are a whole bunch of sysadmins at the NSA right now thinking about what variety of backdoors and "I accidentally the data" bugs they can work in before they're kicked out.
Have you ever worked for a government in IT? If it's anything like the government job I used to have, they have all the equipment and policies in place to prevent breaches and data leaks, but it's poorly maintained or implemented... if it's even implemented at all. Yet, for the right people, it passes audit every year. It's all about looking good and following procedure, not being good.
