The National Security Agency is implementing new security measures because of the disclosures by former NSA-systems-analyst-turned-fugitive Edward Snowden, a top defense official said on Thursday.
Deputy Defense Secretary Ashton Carter said systems administrators like Snowden must now work with a colleague when accessing sensitive, compartmented intelligence - the kind Snowden leaked to the media. The information revealed that the agency was gathering millions of US phone records and intercepting some US Internet traffic.
"This was a failure to defend our own networks," Carter said.
"In an effort for those in the intelligence community to be able to share with each other, there was an enormous amount of information concentrated in once place. That's a mistake," he told attendees at the Aspen Security Forum. "The loading of everything onto a server creates a risk."
Matthew Olsen, the director of the National Counterterrorism Center, said during the forum that al-Qaida and related groups are seeking to change how they communicate to avoid US detection and surveillance because of Snowden's leaks. Previously, US officials have said anonymously that Snowden's leaks to the media have been damaging and are prompting terrorists to change their ways.
NSA chief, Gen. Keith Alexander, has explained that Snowden accessed much of the information on a single internal site designed to share information.
Carter said they are working to limit that access, as well as implementing a "two-man rule" everywhere systems administrators have "elevated" clearance access to sensitive information.
He said they are also looking at how to better monitor individuals with access to that kind of information and suggested the Pentagon might monitor intelligence workers just as it monitors staff at nuclear installations.
"When it comes to nuclear weapons, you watch people's behavior in a special way. We don't let people all by themselves do anything," he said. "There is always some aberrant individual and you've got to recognize that."
Meanwhile, Carter said the Pentagon is also close to launching a 4,000-person cybersquad of both offensive and defensive teams. He said the teams will both protect Defense Department systems and launch cyberattacks against enemy networks.