What Snowden’s Boss Learned From the NSA Breach


Steven Bay, a network intelligence analyst at Booz Allen Hamilton, was Edward Snowden’s boss when the latter was working as a contractor for the NSA. During a talk at the Rock Stars of Cybersecurity conference on September 13, Bay explained that he hired Snowden based on his impressive resume and deft understanding of information-security issues. (Coincidentally, Snowden, the subject of this weekend’s Oliver Stone film, has just drummed up a campaign for his pardon.)

As with many rogue employees, signs started to surface, but Bay didn’t see them. Within weeks of starting his job, Snowden began to show up late. He then claimed he was epileptic and that doctor appointments would require him to be away from the office periodically. On a few occasions, he also asked for privileged-data access, for which he never gained clearance. And in the weeks leading up to his flight from the U.S., Snowden explained to his supervisor that he’d need time off work, but curiously declined to take advantage of paid short-term disability.

Bay clarifies that Snowden, not having any significant clearance, “simply grabbed some PowerPoints” and leaked them. Still, this was damaging enough to create a national-security crisis. Hindsight is 20/20, and Bay believes there are a number of things every company must learn from this alarming breach.

"Companies should 'protect themselves from both your average employee with no ill-intent as well as your malicious insider.'"

Here are five important takeaways from Bay’s speech at the Rock Stars of Cybersecurity event. (And it’s telling that all of the below are accounted for in an advanced security-analytics platform, which could’ve stopped Snowden in his tracks.)

  1. Invest in a more powerful identity and access management solution. In this case, Snowden was able to leverage credentials from another NSA worker.
  2. Find a tool that classifies data and monitors movement of that data around, or outside of, the network.
  3. Proactively prevent the use of USB drives, which Snowden used to exfiltrate data.
  4. Block access to file-sharing services, unless specifically authorized by the company.
  5. Train your employees to spot phishing attacks via email and websites.

In an interview with The Cipher Brief, Bay reiterated that it’s time for employers to take insider threats seriously. Companies should “protect themselves from both your average employee with no ill-intent as well as your malicious insider,” he said to the publication. “The insider threat is real,” and an employee can do “far more damage” than an outside hacker.