

NSA To Lay Off 90 Percent Of Its System Administrators - tod222
http://www.techweekeurope.co.uk/news/nsa-to-lay-off-90-percent-of-its-system-administrators-124357

======
binarymax
Dear worthless drone. In order to improve our national security, you have the
honor being sacrificed for a greater cause. Remember that your experience with
us is secret, and due to the necessities of the state we expect you will
continue to do your protective duty in silence. As protocol dictates, we
gratefully extend your $1432.67 severance for your 12 years, 5 months, and 3
days of effort. Thank you for your service. Goodbye.

~~~
stephengillie
Enough hyperbole. These people aren't being killed, they're being released
back into the labor pool to either find new jobs, or make new jobs. Maybe some
of these admins will start their own datacenters or consulting firms instead
of working for someone else's.

~~~
kbenson
I, for one, would be hesitant to hire a former NSA admin. There's a lot of
things to consider:

Will they be approached at a later date by past acquaintances to circumvent
normal mechanisms and allow access data?

Can they be coerced to circumvent normal mechanisms and allow access to data?

How much were they aware of about what the NSA was doing, and were they aware
it may have/definitely did break the law? Should that even be considered?

I'm not saying it would _prevent_ hiring, but it would sure be on my mind.

~~~
hox
Why have such a narrow view? Have you considered that 99% of NSA employees
might be just like you and me, have absolutely no malicious intent, and have
absolutely no knowledge or understanding of the programs the NSA is reported
to practice?

Look at the converse - these employees have already been through a thorough
background investigation and have been entrusted with highly secure data.
These employees probably also have a higher (or at least average) tolerance
against "being coerced" as you say into circumventing security mechanisms
enforced by their employer - I can only imagine the counterintelligence
nightmare that would exist if the clearance vetting process didn't try to weed
out easily coerced individuals.

My point being: try not to focus on the negatives of the news, and remember
that these are real people, many incredibly talented and trustworthy.

~~~
Karunamon
I don't know about you, but someone who works at the NSA and isn't at least
aware of _some_ of the crap they're doing (which has been reported from the
mainstream media, mind, this isn't exactly suppressed news) is someone who I
wouldn't consider aware of their surroundings, and therefore unsuited to the
task.

So, these real people. One of them comes to you for a sysadmin job. NSA and a
high-ish security clearance is on their resumé.

Are they ignorant, apathetic, or malicious? It's one of the three. They either
don't know what their government is perpetrating (and aren't paying
attention), they know and don't care (because the dollar overrides all
morals), or they know, care, and are playing for the other team.

"They're real people" is just an emotional appeal that ignores a very real
ethical dilemma. Real people actually suck sometimes.

~~~
gwright
> Are they ignorant, apathetic, or malicious?

Nice use of the 'false choice' rhetorical device.

I'm not sure why you think that every employee of a large organization is
somehow ideologically synchronized, operationally involved, and morally
responsible for every policy decision made by the organization.

That isn't even true in small organizations, never mind large need-to-know
organizations.

~~~
Karunamon
It's not a false choice. This is the _government_ , not a random factory
somewhere making random widgets where the biggest ethical problem a person may
face is whether to report their boss for embezzling. This is a lot bigger.

You needn't be ideologically synchronized or operationally involved to be
complicit in oiling the machine responsible for the crimes that keep coming
out recently.

Moral responsibility comes in when you decide to take money from these people
instead of deciding to yourself "You know, maybe I _don 't_ want to be part,
however small, of crimes against the public".

And that takes it right back to ignorance, apathy, or malice.

------
swang
This should be read as: "Government agency has been wasting taxpayer money by
employing 900 people that they didn't need but didn't bother care to fix
because the extra people justified their ballooning budget that they could use
to spy more on said taxpayers."

~~~
jbooth
That only applies if you're spying on the taxpayers, though, or possibly
threatening to kick their doors in looking for drugs.

If you're teaching taxpayers or helping them in any other way then most of
your department got the axe a decade ago.

------
JulianMorrison
Tomorrow's news today: "Chinese NSA break-in was caused by unpatched code,
overwork and corner-cutting after staffing was reduced in the name of limiting
access to secure data, sources say."

------
stephengillie
I wonder how much of this is related to virtualization -- one of my previous
positions was obviated due to this.

Instead of having system admins maintain the software state and hardware state
on a forest of servers, it's a lot simpler to have VMs that delete and
reprovision themselves whenever they have a software issue.

When you add in virtual HDDs or UNC paths for data locations, then the system
is completely abstracted from the underlying hardware. If one of these
physical hypervisor host systems has a hardware problem, the virtual servers
on it can usually be live-migrated to other hosts, and the hardware can be
repaired/replaced by a low-level hardware-only tech. When the hypervisor OS
has an issue, it can be automatically reimaged as well.

Changes like this have made Office365 much more efficient than BPOS, and are
likely at play in AWS and other datacenters as well as the NSA's.

~~~
josh2600
Virtualization solves a lot of these problems, but a lot of my milspec friends
have been expressing concerns about APTs that jailbreak the virtual
environment to attack the underlying physical host.

It will be interesting to see how the human element of networks evolves over
time.

~~~
stephengillie
(APT = advanced persistent threat?)

I'm thinking back to the HDD firmware hack[1] that was on HN earlier this week
-- if a HDD was exposed directly to a VM, that would definitely be a plausible
attack vector.

[1]
[http://news.ycombinator.com/item?id=6148347](http://news.ycombinator.com/item?id=6148347)

~~~
josh2600
Yes, you're correct on the definition. I don't wanna go look it up but there's
a good one about an embedded attack hidden in an internal PCI board's on board
memory.

If someone with $100M wants to get you, they're probably gonna find a way.

------
mrt0mat0
"I've been feeling guilty about my job at tricking the people as a systems
admin for the NSA, but the money is great, so i keep my mouth shut... wait...
i'm fired?... ctrl+a, ctrl+c.. ctrl+v.... send"

~~~
hochiwa
"ctrl+a, ctrl+c.. ctrl+v.... send myself to prison for 90 years"

~~~
vidarh
People take disproportionate risks out of anger all the time.

Furthermore, a lot of people in these types of positions (sysadmin work etc;
and I say that as someone who does this type of work myself, though not at a
three letter agency) get a feeling that they're good enough to get away with
it - whether or not it's actually true.

Making an announcement like that just seems exceptionally stupid.

~~~
Cryptex
Indeed they do. And not all of them have the benefit of being able to justify
themselves with "I leaked this for the good of the country".

It's not all that rare to see sysadmins that get fired or even just perceive
mistreatment by coworkers or employers to jump the shark and mess up the
systems they're meant to take care of.

------
amitparikh
Originally reported and published by Reuters:
[http://www.reuters.com/article/2013/08/09/us-usa-security-
ns...](http://www.reuters.com/article/2013/08/09/us-usa-security-nsa-leaks-
idUSBRE97801020130809)

------
eliasmacpherson
Whose bright idea was this? Piss off 90% of your sys admins? This is a
hilariously bad move.

~~~
stasmo
Well on the bright side, at least they don't have to worry about their ex-
sysadmins becoming whistleblowers.

~~~
eliasmacpherson
I don't get it. Their newly ex-sysadmins might well be motivated to blow
whistles. There's still a 'Snowden is overstating the case' contingent out
there.

~~~
pyrocat
that's the joke

------
kbenson
I have to wonder what they had the sysadmins doing. One of the primary
functions of the job is usually automating common tasks. Had they already done
this and they just never downsized the department? If not, I doubt they can
cut 90% quickly, that's a lot of automation that needs to be put in place.
Guess whose job that is?

------
cliveowen
It's never good when so many people lose their jobs but I can't stop thinking
that if so many people can be replaced by automation, something must have gone
awfully, awfully wrong in the process of wisely spending taxpayers money. Why
were they using people in the first place to perform tasks best left to
machines?

~~~
jjindev
If you had unlimited budget, and disgruntled ex-employees were a greater risk
than current employees, what is your short term strategy?

~~~
cliveowen
I don't see how disgruntled ex-employees would be a risk if the correct
policies are put into place like, you know, the whole confidentiality and
nondisclosure agreements.

~~~
jjindev
You just did describe a new problem and process. If you have someone on staff
you can watch him closely. On the other hand "exit day" brings complications
... especially for sys-admins.

Edit: and so it wouldn't surprise me if a government department with huge
budget tended to accrue employees over time. The "easy" path is retention.

------
kapitalx
The title of the article seems to imply immediacy. the article itself though
says that they plan on automating 90% of the employees out of a job. So I
suspect a lot of people will work really hard in hopes that they remain part
of the 10% and the smart ones are working on their resumes. Though the whole
layoff itself is probably at least a year away.

------
kinnth
Honestly what is going on in America any more you guys are all crazy?

~~~
wavefunction
A good portion of the populace is indeed crazy. And unfortunately they are the
ones that get all the press.

However, there are a lot of people that are normal and decent but they don't
get much play in the media.

~~~
Ziomislaw
So it is the same as everywhere ;)

------
grossvogel
Huh... I figured they'd need twice as many sysadmins with the new "two-man
rule."

[http://www.cbsnews.com/8301-250_162-57594486/officials-
say-n...](http://www.cbsnews.com/8301-250_162-57594486/officials-say-new-anti-
leak-measures-set-at-nsa/)

------
7952
If these sysadmins are a security risk, giving them notice of redundancy can
hardly improve security (in the short term). Especially for an organisation
with such recent history of trouble with disgruntled ex-employees.

~~~
walshemj
nah the work is getting outsourced to booze allen and of course outsourcing
national security work always works

------
diakritikal
I wonder how many are agents to help further NSA penetration of civilian
systems and networks. That's a lot of talent going on the labour market but I
don't think I'd be prepared to knowingly hire anyone with this kind of
experience and connections.

~~~
louwrentius
These people could be seen as Trojan horses secretly collecting some extra
dough while working at some big cloud service.

------
john_b
In the short term, they'll probably be replaced by a legion of contractors who
will be tasked with automating the work formerly performed by the sysadmins.
It's not like a NSA contractor has ever leaked sensitive material before
though...

------
muyuu
Well, we know that a lot of the work has been automated, as they have on-
demand access to the likes of Google, Facebook, Microsoft, Yahoo, etc.

Once this setup work has been done, they can make do with fewer admins.

------
cavilling_elite
For all of those who are commenting about sysadmins grabbing as much data as
they go out, I highly suspect that all of the newly unemployed sysadmins were
or have been escorted by armed guards.

------
nfoz
So close! Try for 100% next time!

------
jivatmanx
The primary qualification is now ideological purity.

~~~
pekk
Do you have any evidence for this?

~~~
dogfed
They've built a data centre in Salt lake city, Utah. A city with a large
population of mormons...

------
calpaterson
"To be replaced with simple bash script"

------
madaxe
This could be great news - I'd imagine there are a whole bunch of sysadmins at
the NSA right now thinking about what variety of backdoors and "I accidentally
the data" bugs they can work in before they're kicked out.

~~~
cliveowen
I highly doubt the NSA has such loose policies regarding code reviews so as to
make that even possible. Give the guys some credit.

~~~
alexqgb
This is a place where all the windows are embedded with a very fine copper
mesh to block unwanted RF (coming or going).

~~~
karlkatzke
Have you ever worked for a government in IT? If it's anything like the
government job I used to have, they have all the equipment and policies in
place to prevent breaches and data leaks, but it's poorly maintained or
implemented... if it's even implemented at all. Yet, for the right people, it
passes audit every year. It's all about looking good and following procedure,
not being good.

