Booz Allen, Snowden's old firm, looking to help US government with 'insider threats'

Are defense and intelligence contractors the best choice to manage a threat they've contributed to?

Edward Snowden told a writer for The New Yorker in an "interview conducted by encrypted means" that he had no assistance from Russia, any other country, or any other person or entity when he stole (by his count) over a million secret documents from his former employer, the National Security Agency (NSA).

Well, he would say that whether it was true or not. His point that senior members of the House and Senate intelligence committees had no evidence for their charges that he "could" or "might" have been working for the Russians is reasonable. House Republican Mike Rogers (Mich.) and Senate Democrat Dianne Feinstein (Calif.) are the chairs of the respective intelligence committees, and their positions both lend greater weight to their statements and greater requirements for care and specificity.

Just as Snowden would deny these allegations, the bias of Mr. Rogers and Ms. Feinstein, both great defenders of NSA programs, would be to assume the worst of Snowden, evidence or no.

One thing that is under the direct authority of their two committees is how the US intelligence community has evolved and greatly expanded since Sept. 11, 2001, an expansion that led to a reliance on poorly vetted outside contractors to manage US secrets – and made Snowden's long-term plan possible. In hindsight, there were plenty of red flags to indicate Snowden was a security risk. And in his own words he took the job as a Booz Allen Hamilton contractor for the NSA with the intent of stealing and distributing NSA secrets.

Whether you're a spy agency or training Afghan policemen, your biggest worry is "insider threats," since people who you bring into your circle of trust have the capacity to do the greatest damage if they betray you.

Yet, despite the serious security failure exposed by Snowden's hire, Booz Allen Hamilton continues to chug along, something I was reminded of by a friend on Twitter this morning. He pointed me to a job listing on the Booz Allen Hamilton careers page advertising employment for an "insider threat analyst." The defense and intelligence contractor writes:

Key Role:
Work with government and commercial organizations to develop and implement insider threat program solutions. Apply knowledge of Cyber, counterintelligence, security, and information assurance to support baseline functional standards to facilitate the development and refinement of insider threat programs at the enterprise-level. Develop and use assessment methodologies to identify risks and recommend insider threat countermeasures. Leverage appropriate IT tools, analytic methodologies, and tradecraft to assess anomalous events and make recommendations to appropriate authorities. Develop conclusions and recommendations, write reports, and assist with client presentations. Support implementation activities and interact with client personnel and senior leadership to accomplish project objectives and achieve sustainable results. Build competencies in the areas of basic consulting, assignment performance, and organization strategy.
Qualifications
Basic Qualifications:-5+ years of experience with insider threat issues, counterintelligence, information assurance, security, network engineering, or data science-Experience with Microsoft Word, Excel, and PowerPoint-Ability to translate information, develop insights, and work alongside clients at client sites-Ability to be a self-starter and thrive in a fast-paced environment-TS/SCI clearance with a polygraph-CI or CISSP Certification.

The job posting goes on to imply that there will be a greater level of vetting for this job than is usual. But the US government has also outsourced many of its vetting procedures for security clearances to for-profit companies, something that has also had its host of problems. It turns out the profit motive can lead to fast and shoddy work.

The scope of outsourced intelligence work in the US is staggering. As I wrote last June:

But to the casual observer of intelligence affairs (that is, me), it was surprising that private contractors, including 29-year-old employees, had so much access to the US government's most jealously guarded secrets. I always imagined the NSA - jokingly called for years "No Such Agency" - was the "men in black-est" of them all, with layers of protection limiting the scope of their work to a handful of insiders.

The reality is something else again, as we're all learning. In the years since 9/11, tens of billions of dollars have flowed to private contractors in the intelligence and digital security businesses, and Booz Allen it turns out is just one of them. And the sheer number of people working either inside the government or on outside contracts is staggering.

On Page 3 of Booz Allen Hamilton's 2012 annual report, the company says it has approximately 25,000 employees, 76 percent of whom have a US government security clearance and 49 percent of whom have security clearances at the level of "top secret or higher." That's 12,250 employees at Booz Allen alone who have "top secret" clearance. How much of the company's work is for the US government? Almost all of it. In each of the past three years, 98 percent or more of its income came from government contracts... Recent years have been very good to the company. In 2012, sales rose 5 percent to $5.8 billion and profits more than doubled to $240 million from $85 million. In 2008, the company had $2.6 billion in sales and in 2001 it had $1.2 billion.

Senator Feinstein and Representative Rogers may want to turn their attention to the effects of outsourcing on the US government's ability to keep secrets.