NSA Outsourcing Memo Warned of Back‑Door Vulnerabilities; Contractors Hired Former Intelligence Leaders

168 Despite all the potential flaws in it, the outsourcing system, ii seemed to work until 2013. It even featured a revolving door through which Booz Allen, for example, hired retiring executives from the intelligence services, such as ex-NSA director Michael McConnell, R. James Woolsey, a former director of CIA, and Lieutenant General James Clapper (ret), who later served as Director of National Intelligence. The cozy relationship between the private firms and the NSA notwithstanding, the NSA leadership was unaware that outsourcing could create a security problem. As far back as 2005, Michael Hayden, then the departing head of the NSA, had been warned of one such vulnerability in a memorandum written by a counter-intelligence officer at the NSA. Like the earlier 1995 report by the threat officer, this memorandum noted the NSA had ceded responsibility for managing its secret systems to outsiders, and warned that the NSA’s reliance on them to manage its computers had opened a back-door into the NSA. In addition, it warned that once an outside contractor managed to slip in through this back door, he could easily jump from one outsourcer to another. This was what Snowden did when he moved from Dell to Booz Allen Hamilton in 2013. Despite its security flaws, outsourcing provided a number of advantages to the NSA. For one thing, it provided a means for circumventing the budget restrictions imposed by Congress on hiring new employees. In addition, since private companies had less-rigid hiring standards, it greatly expanded the pool of young system administrators by tapping into computer cultures that would be antagonistic to working directly for the government. Finally, it used less NSA resources. Since these information technologists were only temporary employees, they were not entitled to military pensions, medical leave and other benefits. It was a system which effectively replaced military careerists with free-lancers. The irony of the situation was that the NSA had surrounded its front doors with rings of barbwire, close-circuit cameras, and armed guards, but for reasons of economy, bureaucratic restrictions and convenience, it had left the back door of outsourcing opened to temporary employees of private companies. To be sure, it might take some time for them to gain entry to its inner sanctum. “It was not a question of if but when one of the contractors would go rogue,” the former NSA executive who wrote the memorandum told me. Snowden answered that question in 2013 by stealing a vast number of files while working for both Dell and Booz Allen. Even more extraordinary than the theft itself was the reaction to it by the NSA. It turned out that there was not cost of failure levied against the outside contractor, Booz Allen, which employed Snowden when he bypassed its security regime to steal the keys to the kingdom. Even though the counterintelligence investigation showed Snowden stole documents from compartments to which he did not have access, the NSA did not penalize his employer, Booz Allen, even though the NSA was set back for decades according even to Michael McConnell, the vice chairman of Booz Allen. Instead, its revenues and profits from government contracts markedly increase between 2013 and 2015. HOUSE_OVERSIGHT_020320