[LINK] No more human sysadmins??

Robert Brockway robert at timetraveller.org
Fri Aug 9 16:51:33 AEST 2013 

On Fri, 9 Aug 2013, Jan Whitaker wrote:

> [Is this even reasonable or possible? Or does this general just not
> know what a sysadmin does? Discuss.]

People occassionally forcast the end of system administration.  I think 
this comes from a fundamental misunderstanding of what a sysadmin does.

I've argued for a long time that system administration is precisely those 
activities necessary for the correct functioning of a computer system that 
the system cannot do for itself.  As a result of this the nature of system 
administration changes over time.

If they can replace people with machines then that must means they were 
using manual handling where automated processes would work.  Depending on 
what it was these staff were doing they may reduce one risk it may 
increase others.

My view is that most people don't get the information age.  We have built 
a network which has reduced the marginal cost of moving data to be 
practically zero (only very large datasets are costly to move and this is 
dropping all the time) and yet people are surprised when data moves 
around.  I feel that just about everyone is being really naive when it 
comes to securing information and that we are going to have to 
fundamentally rethink our approach to this problem in the very near 
future.

I've been telling people for a couple of decades now that most 
organisations give the keys to the castle to sysadmins without a second 
thought.  I would point out that a sysadmin is often (but not always) in a 
position to not only view, copy and alter data but to do so in a manner 
which is difficult or impossible to detect.  I've been a big advocate of 
encouraging professional ethics among sysadmins for this reason.  SAGE-AU, 
LISA & LOPSA all have codes of ethics for sysadmins (the latter two share 
a code of ethics).

I expect that the government will eventually impose some sort of 
registration on sysadmins and others who have privileged access to 
computer systems.  This is an approach that the government has used 
before for groups that can cause significant damage in abusing their 
professional privileges.  Someone found guilty of malpractice as a 
sysadmin might find their license revoked and themselves unable to legally 
work in the profession.  Imagine.

I have suggested to various sysadmin groups that we'd be better off trying 
to self regulate than having governments impose regulation on us from 
above.   I wouldn't be surprised if the government is talking about this 
sort of regulation in 10 or 20 years.

Cheers,

Rob

> NSA Chief: Solution To Stopping The Next Snowden Is Replacing His
> Former Job With A Machine
> Posted: 08/08/2013 4:16 pm EDT
> http://www.huffingtonpost.com/2013/08/08/nsa-snowden_n_3727668.html
>
> NEW YORK -- The director of the National Security Agency said
> Thursday that the agency has found a way to prevent further leaks
> about American surveillance by replacing nearly all its system
> administrators with machines.
>
> At a cybersecurity conference, Gen. Keith B. Alexander told the
> audience that intelligence agencies plan to reduce by 90 percent the
> number of people in the system administrator position. Edward Snowden
> worked as a system administrator as an NSA contractor before leaking
> secrets about the agency's controversial cyber-spying programs and
> then gaining refuge in Russia.
>
> The NSA employs or contracts with about 1,000 system administrators,
> Alexander has previously said.
>
> The general said Thursday that the NSA planned to replace system
> administrators with new technology that will make computer networks
> "more defensible and more secure."
>
> "We've put people in the loop of transferring data, securing networks
> and doing things that machines are probably better at doing,"
> Alexander said during a panel discussion with the heads of the FBI
> and CIA, which was attended by about 300 people.
>
> Alexander added, "The intent of what we're now doing is to come up
> with ways that limit what people can take, what data they have and
> how we monitor that."
>
> As another step, Alexander said intelligence agencies are now
> requiring system administrators to follow the so-called "two-man
> rule," or having someone with them when they access sensitive data.
>
> Alexander has previously said that the NSA would restrict the use of
> thumb drives by systems administrators in response to the Snowden leaks.
>
> Alexander did not mention Snowden by name, but said new technology --
> which he called a "thin virtual cloud structure" -- would replace
> employees, greatly reducing the agency's need to trust them with
> protecting government secrets.
>
> "We trust people with data," Alexander said at the conference. "At
> the end of the day it's all about trust. And people who have access
> to data as part of their missions, if they misuse that trust they can
> cause huge damage."
>
> Snowden has acknowledged that his former position gave him enormous
> access to sensitive information. He told the Guardian in June: "When
> you're in positions of privileged access, like a systems
> administrator for the sort of intelligence community agencies, you're
> exposed to a lot more information on a broader scale than the average
> employee. And because of that you see things that may be disturbing,
> but over the course of a normal person's career you'd only see one or
> two of these instances."
>
> The recent leaks by Snowden to the Guardian and Washington Post have
> renewed the debate within the intelligence community over how much
> access IT employees should have to government secrets.
>
> Prior to Snowden, perhaps the most famous case of an employee accused
> of causing trouble on his employer's network is that of Pfc. Bradley
> Manning, who was charged with providing thousands of government
> documents to WikiLeaks. The 25-year-old Army private first class was
> convicted last month on 19 counts for sending a massive trove of
> documents to the anti-secrecy group and faces up to 90 years in prison.
>
>
> Melbourne, Victoria, Australia
> jwhit at janwhitaker.com
> blog: http://janwhitaker.com/jansblog/
> business: http://www.janwhitaker.com
>
> Our truest response to the irrationality of the world is to paint or
> sing or write, for only in such response do we find truth.
> ~Madeline L'Engle, writer
>
> _ __________________ _
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>

-- 
Email: robert at timetraveller.org		Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.pracops.com
Director, Software in the Public Interest (http://spi-inc.org/)
Information is a gas

More information about the Link mailing list