In the infamous Edward Snowden incident, a top “infrastructure analyst” working for an NSA contractor with top clearance leaked extra sensitive information regarding the USA’s eavesdropping and surveillance capabilities and targets. This incident gives us a rare and well publicized account of the dangers of “Disgruntled Privileged IT Employees”. In this case, as in many others of this sort, the organization where he worked was not monitoring the possibility of a leak by this employee. To more extent, in this case Snowden was vetted and went through the long classification process needed for this type of job.
This incident emphasizes the need for better HR procedures and attention to needs and stresses of employees as well as better Segregation of Duties (2-person rule) for access to classified information. Moreover, Snowden was able not only to leave his station and talk to journalists but also to take with him a massive amount of sensitive information, supposedly on thumb-drives and/or laptops. Well implemented removable media controls and data leakage prevention, as well as Behavior Anomaly Detection and Authorization controls, perhaps could have potentially prevented, minimized or detected this leak before it occurred. The same controls could have helped prevent or minimize the previous major leak, done by Bradley Manning in Iraq (WikiLeaks).