The National Security Agency is getting into the risk management business.
The NSA, still reeling from the Edward Snowden leaks, named Anne Neuberger, former director of the agency”s so-called commercial solutions center and an aide to NSA director Admiral Michael S. Rogers, to head up the agency’s newly created position of ‘chief risk officer’ — the agency’s first.
“Enterprise risk management is considered a best practice in many fields and amplifies an organization’s ability to recognize, integrate, and assess the risk-reward value from multiple perspectives to make more informed, timely, and defensible decisions,” Rogers said in a posting on the agency’s website.
According to the agency:
“Ms. Neuberger will work closely alongside all senior leaders at the Agency. In her first year, she will focus on creating and maturing a methodology and processes to assess the various risks across different missions and work toward meeting specific objectives assigned by the director.”
Obama, in light of the Snowden debacle, ordered the NSA in June to release its first ever transparency report in an attempt to show the American public that the agency wasn’t spying on innocent Americans en masse. The Director of National Intelligence (DNI), James Clapper, released the document, which showed the feds had issued 20,000 national security letters in 2013.
Some said the report was a yawner. It was short on specifics, but it did disclose that 90,601 intelligence targets were affected by the secret FISA court orders that enable the NSA to collect intelligence by various means. According to a release at the time, the DNI pointed out that it had declassified “thousands of pages” of documents, and would be releasing more every year.
In the new release heralding her appointment, NSA director Rogers said that it was absolutely crucial the agency took a big-picture view of its mission as an important vanguard in sensitive intelligence missions to protect the country.
Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation who studies the NSA closely, said Neuberger’s appointment bears watching. But he added that’s its way too early to tell if she’ll be an empty suit — or if she’ll have the power to provide meaningful oversight.
“It’s encouraging to see the NSA finally have positions like the newly created Risk Officer and the newly created Privacy Office, but this is contingent on these offices being far more open and transparent with the American public than the NSA has been previously,” Jaycox told VentureBeat Thursday.
Jaycox has been a steadfast critic of the agency, and said that even attempting to appease a skeptical American public with the some kind of oversight was a move in the right direction. But more needs to be done, he said.
“NSA wants to show us that they are making strides towards more privacy protections and a greater self-consciousness of their actions. NSA must do more than create and hire for these positions,” Jaycox said.
Others were more skeptical.
NSA insiders said that Neuberger’s appointment might be little more than window dressing.
“It’s like James Clapper, the director of national intelligence. He ostensibly has oversight of the entire U.S. intelligence community. But he’s really a talking head with no authority,” a former NSA official told VentureBeat.
“The NSA must empower the positions, the positions must increase transparency by releasing more records to the public, and the positions must have an active voice within NSA to change some of the egregious policies and practices we’ve seen so far,” the EFF’s Jaycox said.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here