The NSA’s current organizational system, which was revamped in 2016 under the name NSA21, integrates offensive and defensive cyber operations. The NSA has also enabled communication between employees and the public about the agency’s mission and projects. However, leaks continued to occur after Snowden left the NSA.
The NSA has suffered from security leaks by employees Snowden and Harold Martin, which has forced the agency to focus more on what data is leaving Fort Meade. The NSA has also had to consider intimidating its trustworthy employees during the dip in morale following these security leaks.
“It’s about defeating the enemy and making sure we’re not doing anything to enable [them],” said Corin Stone, NSA executive director, in February.
Snowden and Martin, both NSA contractors, were charged with stealing classified government information. Stone said that monitoring the movement of information has become more difficult with the use of flash drives and other technology that makes data mobile.
A recently declassified report from the Department of Defense Inspector General shows that the NSA failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms. The agency also failed to significantly reduce the number of officials and contractors who had the ability to download and transfer data classified as top secret. The NSA also did not use software to monitor what those users were doing.
The NSA attempted to reduce the number of employees who had access to privileged material by requiring everyone to reapply for credentials after the Snowden incident in 2013. But the inspector general said that the process had not significantly reduced the overall number of people with the extraordinary authorities.
The post-Snowden initiative, which was meant to secure the NSA’s networks, had some successes, but it “did not fully meet the intent of decreasing the risk of insider threats to NSA operations and the ability of insiders to exfiltrate data,” according to the report.
This week, the NSA aimed to increase transparency about non-sensitive information by creating a GitHub account, which is used to share open source code.
The agency has shared 32 different projects under the NSA Technology Transfer Program (TTP). GitHub provides features to its users including bug tracking and task management.
The NSA could use this account as a way to recruit new talent and soften its image with the technology industry. The agency recently came under fire for the WannaCry ransomware attack, which exploited an old Microsoft vulnerability that the NSA knew about.
The NSA is working to increase transparency following leaks by encouraging employees to discuss its mission with the public to be less of a mystery, which helps with hostile audiences, according to Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson.
“If somebody is standing there and they’re talking like you, and they sound like you, and they’re just an ordinary person like you, it’s hard to hate them,” Baker said.