The National Security Agency leak is only the latest in a series of events in which "super-users" have caused significant damage to a company or organization. What, if anything, can be done to prevent such rogue behavior?
On a recent television interview, National Security Agency director Gen. Keith B. Alexander said that, in response to the recent leak of classified information by contractor Edward Snowden, the organization planned to institute a “two-man rule” requiring a second person to authorize access to sensitive data. The rule, which is already in place in other intelligence agencies, “limit[s] the ability of each of its 1,000 system administrators to gain unfettered access to the entire system.” One expert, Dale Meyerrose, says it makes sense: “We’ve had a two-man rule ever since we had nuclear weapons.”
What’s the Big Idea?
The two-man rule is one approach being examined by companies to prevent or thwart potential rogue behavior by system administrators and other “super-users” who often have just enough information about a company’s systems and/or data to do serious damage. Many IT professionals working in intelligence are private contractors, leading some to wonder if making them government employees might allow for a little more control. Ultimately, according to former Justice Department lawyer Christopher P. Simkins, “[T]here’s no way to stop an insider if the insider is intent on doing something wrong.”