Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] NSA To Lay Off 90 Percent Of Its System Administrators (techweekeurope.co.uk)
114 points by tod222 on Aug 9, 2013 | hide | past | web | favorite | 77 comments

Dear worthless drone. In order to improve our national security, you have the honor being sacrificed for a greater cause. Remember that your experience with us is secret, and due to the necessities of the state we expect you will continue to do your protective duty in silence. As protocol dictates, we gratefully extend your $1432.67 severance for your 12 years, 5 months, and 3 days of effort. Thank you for your service. Goodbye.

Enough hyperbole. These people aren't being killed, they're being released back into the labor pool to either find new jobs, or make new jobs. Maybe some of these admins will start their own datacenters or consulting firms instead of working for someone else's.

I, for one, would be hesitant to hire a former NSA admin. There's a lot of things to consider:

Will they be approached at a later date by past acquaintances to circumvent normal mechanisms and allow access data?

Can they be coerced to circumvent normal mechanisms and allow access to data?

How much were they aware of about what the NSA was doing, and were they aware it may have/definitely did break the law? Should that even be considered?

I'm not saying it would prevent hiring, but it would sure be on my mind.

Why have such a narrow view? Have you considered that 99% of NSA employees might be just like you and me, have absolutely no malicious intent, and have absolutely no knowledge or understanding of the programs the NSA is reported to practice?

Look at the converse - these employees have already been through a thorough background investigation and have been entrusted with highly secure data. These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer - I can only imagine the counterintelligence nightmare that would exist if the clearance vetting process didn't try to weed out easily coerced individuals.

My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.

I don't know about you, but someone who works at the NSA and isn't at least aware of some of the crap they're doing (which has been reported from the mainstream media, mind, this isn't exactly suppressed news) is someone who I wouldn't consider aware of their surroundings, and therefore unsuited to the task.

So, these real people. One of them comes to you for a sysadmin job. NSA and a high-ish security clearance is on their resumé.

Are they ignorant, apathetic, or malicious? It's one of the three. They either don't know what their government is perpetrating (and aren't paying attention), they know and don't care (because the dollar overrides all morals), or they know, care, and are playing for the other team.

"They're real people" is just an emotional appeal that ignores a very real ethical dilemma. Real people actually suck sometimes.

> Are they ignorant, apathetic, or malicious?

Nice use of the 'false choice' rhetorical device.

I'm not sure why you think that every employee of a large organization is somehow ideologically synchronized, operationally involved, and morally responsible for every policy decision made by the organization.

That isn't even true in small organizations, never mind large need-to-know organizations.

It's not a false choice. This is the government, not a random factory somewhere making random widgets where the biggest ethical problem a person may face is whether to report their boss for embezzling. This is a lot bigger.

You needn't be ideologically synchronized or operationally involved to be complicit in oiling the machine responsible for the crimes that keep coming out recently.

Moral responsibility comes in when you decide to take money from these people instead of deciding to yourself "You know, maybe I don't want to be part, however small, of crimes against the public".

And that takes it right back to ignorance, apathy, or malice.

> Why have such a narrow view? Have you considered that 99% of NSA employees might be just like you and me, have absolutely no malicious intent, and have absolutely no knowledge or understanding of the programs the NSA is reported to practice?

How is it narrow? I said I would be hesitant, but it wouldn't immediately exclude them as a candidate. I don't believe ignoring this past employer would be appropriate the same way I don't believe ignoring a past employer who happened to be a main competitor. Just because it may be unlikely, doesn't mean it should be ignored.

> These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer

Depending on the attributes that make them hard to coerce (e.g. patriotism), what's a plus for government employment may be a negative in this specific assessment. A patriotic employee may be hard to coerce when working for the government, but depending on the line taken, the government may have a significantly easier time coercing them when they are working somewhere else ("but it's for national security!".

> My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.

The undercurrent of my comment, which may not have been clear, is that these admins may find it harder to find employment in the private sector after the recent NSA revelations. That's unfortunate because I'm sure most of them are completely innocent and great employees, making this layoff even worse than it sounds.

Edit: s/public sector/private sector/. Duh.

This is the problem with the Deep State. When a huge portion of what the government does is deception and subterfuge, it should not be a surprise that everyone becomes suspicious of government.

Stop looking for nonexistent hyperbole - There is nothing in the post which suggests people are being killed.

There is a bit of hyberbole about the "automation of tasks" and the "small severance/bureaucratic manner", both of which are (get this craziness): funny.

" released back into the labor pool " is a wonderfully sweet way of saying fired.

Thanks. I studied a lot of economics in college, and putting things in terms of bigger pictures this way keeps my perspectives in line.

So you see mass layoffs as a good thing generally speaking then?

I see them as a "thing".

Things merely are.

I don't want to prejudge them with loaded terms such as as "bad" or "good". Sometimes events which would appear to benefit an individual are harmful to that individual or other individuals, and sometimes events which seem harmful are beneficial.

Yes, it's unfortunate that those individuals will have to expend more effort to prove their value to other people, but this is something which we all must do.

I mean it quite literally when I say that I think your viewpoint is inhuman.

You're suggesting that phenomena have no intrinsic right and wrong?

From the perspective of the universe-at-large you are quite correct.

But not from the human perspective.

Sure it's important to see the big picture. But it's also important to give a shit about the little picture.

No humour allowed!

This should be read as: "Government agency has been wasting taxpayer money by employing 900 people that they didn't need but didn't bother care to fix because the extra people justified their ballooning budget that they could use to spy more on said taxpayers."

That only applies if you're spying on the taxpayers, though, or possibly threatening to kick their doors in looking for drugs.

If you're teaching taxpayers or helping them in any other way then most of your department got the axe a decade ago.

Let's wait to see if the whole system crashes now before we conclude that.

Not that we'll ever know.

Not really. More like:

"Government agency hires army of contractors to automate jobs of 900 people"

They're building a layer of abstraction to separate the running of the systems from the data.

Talk about sensationalized headlines...

Tomorrow's news today: "Chinese NSA break-in was caused by unpatched code, overwork and corner-cutting after staffing was reduced in the name of limiting access to secure data, sources say."

I wonder how much of this is related to virtualization -- one of my previous positions was obviated due to this.

Instead of having system admins maintain the software state and hardware state on a forest of servers, it's a lot simpler to have VMs that delete and reprovision themselves whenever they have a software issue.

When you add in virtual HDDs or UNC paths for data locations, then the system is completely abstracted from the underlying hardware. If one of these physical hypervisor host systems has a hardware problem, the virtual servers on it can usually be live-migrated to other hosts, and the hardware can be repaired/replaced by a low-level hardware-only tech. When the hypervisor OS has an issue, it can be automatically reimaged as well.

Changes like this have made Office365 much more efficient than BPOS, and are likely at play in AWS and other datacenters as well as the NSA's.

Virtualization solves a lot of these problems, but a lot of my milspec friends have been expressing concerns about APTs that jailbreak the virtual environment to attack the underlying physical host.

It will be interesting to see how the human element of networks evolves over time.

(APT = advanced persistent threat?)

I'm thinking back to the HDD firmware hack[1] that was on HN earlier this week -- if a HDD was exposed directly to a VM, that would definitely be a plausible attack vector.

[1] http://news.ycombinator.com/item?id=6148347

Yes, you're correct on the definition. I don't wanna go look it up but there's a good one about an embedded attack hidden in an internal PCI board's on board memory.

If someone with $100M wants to get you, they're probably gonna find a way.

They haven't even opened their data center in Utah, which they paid close to 2 billion dollars for, and is their largest single facility by far.

I would say that the timing suggests that it's more to do with leaks than it does infrastructure.

"I've been feeling guilty about my job at tricking the people as a systems admin for the NSA, but the money is great, so i keep my mouth shut... wait... i'm fired?... ctrl+a, ctrl+c.. ctrl+v.... send"

"ctrl+a, ctrl+c.. ctrl+v.... send myself to prison for 90 years"

People take disproportionate risks out of anger all the time.

Furthermore, a lot of people in these types of positions (sysadmin work etc; and I say that as someone who does this type of work myself, though not at a three letter agency) get a feeling that they're good enough to get away with it - whether or not it's actually true.

Making an announcement like that just seems exceptionally stupid.

Indeed they do. And not all of them have the benefit of being able to justify themselves with "I leaked this for the good of the country".

It's not all that rare to see sysadmins that get fired or even just perceive mistreatment by coworkers or employers to jump the shark and mess up the systems they're meant to take care of.

Originally reported and published by Reuters: http://www.reuters.com/article/2013/08/09/us-usa-security-ns...

Whose bright idea was this? Piss off 90% of your sys admins? This is a hilariously bad move.

Well on the bright side, at least they don't have to worry about their ex-sysadmins becoming whistleblowers.

I don't get it. Their newly ex-sysadmins might well be motivated to blow whistles. There's still a 'Snowden is overstating the case' contingent out there.

that's the joke

Well, it's probably the 10% they didn't fire that they have to worry about now.

No I doubt that, these are sys admins? Unless they wipe everything and start over?

I mean worry about more than the 90% who have been fired and (presumably) don't have access to NSA computers anymore. Also, I don't think leaking NSA secrets is the main problem. I think their main problem will be finding and retaining talent. Why would you go work a government job like this if you don't even have job security. It's not like there's a shortage of demand for sysadmins in the private sector.

This is where all those psychological profiles they did at the interview stage pay off. At least, that's what they are banking on.

Recall that the CIA really likes to hire Mormons for their loyalty [1]. I'd be REALLY interested in knowing what % of the remaining sys ads are Mormon.

[1]: http://www.businessinsider.com/11-surprising-things-you-didn...

If that is so and the last 10% are as you suggest, surely that's discrimination for nonconfmormance?

I have to wonder what they had the sysadmins doing. One of the primary functions of the job is usually automating common tasks. Had they already done this and they just never downsized the department? If not, I doubt they can cut 90% quickly, that's a lot of automation that needs to be put in place. Guess whose job that is?

It's never good when so many people lose their jobs but I can't stop thinking that if so many people can be replaced by automation, something must have gone awfully, awfully wrong in the process of wisely spending taxpayers money. Why were they using people in the first place to perform tasks best left to machines?

I don't think these changes are about expense, but about security. I suspect there will be little cost savings, at least not immediately. Instead, you're just shifting the workload from (manual) system administration to automating the system administration.

To use an example - now a human swaps out a backup tape and has physical access to it. By replacing this with a tape robot, you've taken the insecure part - that person - out of the loop.

Because at one point they were necessary. Welcome to government provisioning. Optimization comes only when someone's political career is on the line.

Big business works similarly.

If you had unlimited budget, and disgruntled ex-employees were a greater risk than current employees, what is your short term strategy?

I don't see how disgruntled ex-employees would be a risk if the correct policies are put into place like, you know, the whole confidentiality and nondisclosure agreements.

You just did describe a new problem and process. If you have someone on staff you can watch him closely. On the other hand "exit day" brings complications ... especially for sys-admins.

Edit: and so it wouldn't surprise me if a government department with huge budget tended to accrue employees over time. The "easy" path is retention.

Find something else for them to do, lower risk, and let a few of them go here and there over the next decade.

The tech may not have been there at the time.

The title of the article seems to imply immediacy. the article itself though says that they plan on automating 90% of the employees out of a job. So I suspect a lot of people will work really hard in hopes that they remain part of the 10% and the smart ones are working on their resumes. Though the whole layoff itself is probably at least a year away.

Honestly what is going on in America any more you guys are all crazy?

A good portion of the populace is indeed crazy. And unfortunately they are the ones that get all the press.

However, there are a lot of people that are normal and decent but they don't get much play in the media.

So it is the same as everywhere ;)

Sysadmins never get laid off in Europe?

Huh... I figured they'd need twice as many sysadmins with the new "two-man rule."


If these sysadmins are a security risk, giving them notice of redundancy can hardly improve security (in the short term). Especially for an organisation with such recent history of trouble with disgruntled ex-employees.

nah the work is getting outsourced to booze allen and of course outsourcing national security work always works

I wonder how many are agents to help further NSA penetration of civilian systems and networks. That's a lot of talent going on the labour market but I don't think I'd be prepared to knowingly hire anyone with this kind of experience and connections.

These people could be seen as Trojan horses secretly collecting some extra dough while working at some big cloud service.

In the short term, they'll probably be replaced by a legion of contractors who will be tasked with automating the work formerly performed by the sysadmins. It's not like a NSA contractor has ever leaked sensitive material before though...

Well, we know that a lot of the work has been automated, as they have on-demand access to the likes of Google, Facebook, Microsoft, Yahoo, etc.

Once this setup work has been done, they can make do with fewer admins.

For all of those who are commenting about sysadmins grabbing as much data as they go out, I highly suspect that all of the newly unemployed sysadmins were or have been escorted by armed guards.

So close! Try for 100% next time!

The primary qualification is now ideological purity.

Do you have any evidence for this?

They've built a data centre in Salt lake city, Utah. A city with a large population of mormons...

"To be replaced with simple bash script"

This could be great news - I'd imagine there are a whole bunch of sysadmins at the NSA right now thinking about what variety of backdoors and "I accidentally the data" bugs they can work in before they're kicked out.

And/or downloading a whole bunch of something to pastebin somewhere...

I highly doubt the NSA has such loose policies regarding code reviews so as to make that even possible. Give the guys some credit.

This is a place where all the windows are embedded with a very fine copper mesh to block unwanted RF (coming or going).

Have you ever worked for a government in IT? If it's anything like the government job I used to have, they have all the equipment and policies in place to prevent breaches and data leaks, but it's poorly maintained or implemented... if it's even implemented at all. Yet, for the right people, it passes audit every year. It's all about looking good and following procedure, not being good.

You can sneak very nasty yet innocuous things past reviews - you just have to make it out of sane looking parts, and in unrelated commits.

Maybe they can contact the companies they compromised and offer to help remove the backdoors?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact