Former NSA leader talks Snowden and the future of infosec

Chris Inglis was Deputy Director of the US's National Security Agency

John ‘Chris’ Inglis, the former Deputy Director of the US’s National Security Agency (NSA), remains a busy man. When not fielding never-ending questions from the media and others about Edward Snowden (who copied and leaked confidential documents when Inglis was at the NSA) he is often called on to talk about incidents such as the Hal Martin data exfiltration (which occurred after his watch) and more generally about cybersecurity.

Inglis’s employment at the NSA followed service in the US Air Force and the US Air National Guard. Today, having retired from the NSA in in 2014, he works on various projects including pro bono work, chairing groups, acting as a managing director at investment firm Paladin Capital Group and as an advisor to seven-year-old digital security company Securonix which hosted an event where he spoke this week at London’s British Museum.

At the event, Inglis spoke fluently and often with good humour as he fielded media questions, many of them revolving around the Snowden case (“I’ll answer if you ask me … I won’t be coy”, he promised at the outset). The following is an edited summary with selected quoting of his comments on various themes.


On security analytics

“What we’ve learned is that the use of analytics is not a nice-to-have it’s a must-have. You need to defend that data in real time. You can no longer [just] patrol the perimeters because [attackers] can do a lot more damage much faster [than ever before]. The goal is not to react well or even track well but to anticipate.”

“Is there a role for defensive perimeters or firewalls? Absolutely. You can say ‘I know that to be bad I won’t let that through’. But that can’t be the whole.” [If you rely on] “moats and castle walls … you’ll find your heart has been broken.”

The key is to “determine an anomaly” with context and balance security with user freedom to do their jobs and feel trusted.


On insider threats

“We have very likely understated … the problem of an insider. People have the opportunity to do much greater harm than they previously did. [There is an] almost existential [threat].”


On Edward Snowden

When it was put to Inglis that Snowden might be viewed as a whistle-blower acting with the intent to take a stand on the right of citizens to data privacy, Inglis said:

“I don’t think he thought that. Whistle-blowers should be formally supported and within the US system they are. You have the right and authority to take [your concerns] to some other places … Snowden did none of that – he made no complaints to anyone ... [He] recklessly released information that had nothing to do with the protection of privacy.”

Snowden helped to “fill the vacuum of information [about how the NSA works],” he said, and “a lot of the cost was a vilification of the NSA”.

Snowden had privileged access but “everything he touched was appropriate” to his role as a Microsoft Sharepoint administrator helping analysts to understand how the NSA, collects, stores and queries data but what the NSA didn’t catch was the illicit copying of data. Snowden operated “low and slow underneath” NSA rules to achieve “breath-taking” results.

“The US is pretty clear about how it feels about Edward Snowden and it will treat him as innocent until such time as he is proven guilty.”


On the need for the NSA to have more transparency

When asked about the right of employees to know more about the NSA, Inglis said:

“Transparency knows no particular boundaries. The internal population has as much right to know as the external population. They’re deserving of respect even if they don’t get it.”

“[There should be] sufficient transparency so people have [the information] to opt in or opt out. You don’t have to work for NSA … I don’t mean to be glib. If you say ‘I can’t work in a place like that’ … that’s what it means to live in a democratic society.”

“My bet is that 50 years from now historians … will conclude that we had the alignment of security about right. What we didn’t get right is we weren’t sufficiently transparent that people understood that.”

“We don’t need to burn the house down to rid ourselves of a problem in the back room.”

“The NSA has access to more data than in 2013 [when the Snowden leaks were made public] but it has more constraints upon it.”


On Julian Assange losing internet connectivity following emails relating to the US election

“He may have lost his bearings. It’s clear that Ecuador has parted company [with him or] at least [issued him] with a time-out.”


On the new Oliver Stone movie, Snowden

Inglis mocked the idea that the movie was in any sense a dramatisation of real events. In the movie the (unnamed) Deputy Director of the NSA meets Snowden on a duck shoot and sends him on a mission. Inglis argued that in this Stone had made Snowden out to be a more senior figure than he had in fact been. In fact, Inglis said, he had never met Snowden during the latter’s time at the NSA.


On the need for balance

“When I extend trust that comes with a concomitant level of security. It’s not the search for perfection, it’s the search for alignment.”

In our pursuit of the one we can’t abuse the 99.9 per cent; we have to keep both equities in mind [for staff to do their] best, inspired work.”

“If we expect perfection we’re not going to get it. But you can narrow it down so the box of risk is the smallest possible box.”