Last week, very quietly, the National Security Agency’s Office of the Inspector General released a report on the agency that should concern us all. In it, the IG finds that the NSA routinely fails to keep data safe. Just prior to the report’s publication, the world learned that Russian hackers infiltrated hundreds of power grids. “They got to the point they could have thrown switches,” a Homeland Security official told the Wall Street Journal.
This is not the time to be reckless with cybersecurity, but that’s exactly what the NSA is doing. The inspector general states, “We found that NSA’s records inventory database was not accurate; the vital records program needed improvement.” Government auditors also found that NSA employees often used flash drives without first scanning them for viruses.
An agency in charge of collecting information on others has failed to keep accurate records of its own data. Any claim from the NSA that is has not violated civil liberties must be automatically suspect, because the agency’s own records are inaccurate.
In addition, the IG finds that “the Records Management Division had not implemented controls to ensure NSA’s compliance with records management laws and regulations” and “NSA’s records storage facilities were not in compliance with federal regulations.” What does that Records Management Division do all day? They’re obviously not managing records. The report lays out, in plain English, that the NSA stores its data in unsafe facilities.
A threat to federal information security is a threat to our national security. The NSA has serious problems that undermine its very reason for existence. And yet, in another bureaucratic twist, the IG report says that none of the violations are serious enough to “require immediate reporting” to the head of the NSA or to Congress. In summary, the agency is failing at its basic responsibilities, but somehow that does not merit involving anyone in charge.
Either this is a desperate attempt to sweep major issues under the rug or the IG finds that the rule-breaking is tolerable. A rule that is not enforced is the same as a rule that does not exist. The IG made dozens of recommendations to the NSA, but that is no guarantee that the rules will be enforced from here on out.
The Russians have already infiltrated our electrical grids, and they have claimed “hundreds of victims.” It would be naive to think that they have no designs on the NSA as well. The NSA collects data on Americans, and for the Kremlin, that’s a treasure trove of information it can use to influence public opinion and sow chaos. (Well, additional chaos.)
NSA data is vulnerable to attack and theft. This is never good, but it’s especially problematic just months before the 2018 midterm elections. If President Trump wants to get serious about stopping Russian meddling, he’ll make fixing the NSA a top priority.
Angela Morabito (@AngelaLMorabito) writes about politics, media, ethics, and culture. She holds both a bachelor’s and master’s degree from Georgetown University.
