Sysadmins in the Spotlight

LISA '13

You don't need to tell anyone at USENIX or LISA about the power sysadmins wield, but suddenly, thanks to Edward J. Snowden leaking details about PRISM, an NSA electronic surveillance program, everyone else knows it, too. On June 23, 2013, the New York Times ran an article called N.S.A. Leak Puts Focus on System Administrators. In the article, Eric Chiu, president of Hytrust (a computer security company) says that the scariest threat to security breaches is the system administrator. "The system administrator has godlike access to systems they manage," he says.

The article explains that N.S.A. director Gen. Keith B. Alexander says the agency will institute "a two-man rule" (although, I'm assuming he means "two-person," because lots of admins are women) " ... that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system." The article explains, "The rule, which would require a second check on each attempt to access sensitive information, is already in place in some intelligence agencies."

Before you assume that sysadmins are going rogue on systems all over the place, the article clarifies that these kinds of in-house breaches are relatively rare. And it's not like the security experts are being pitted agains sysadmins to keep them under control. In fact, at the 2009 LISA conference (a sysadmin-focused event), Shaya Potter, Steven M. Bellovin, and Jason Nieh presented their paper, Two-Person Control Administration: Preventing Administation Faults through Duplication. Their paper introduces ISE-T (I See Everything Twice), which is a system that applies the two-person control rule to system administration.

In their paper abstract, the Columbia University researchers explained, "ISE-T requires two separate system administrators to perform each administration task. ISE-T then compares the results of the two administrators’ actions for equivalence. ISE-T only applies the results of the actions to the real system if they are equivalent. This provides a higher level of assurance that administration tasks are completed in a manner that will not introduce faults into the system. While the two-person control model is expensive, it is a natural fit for many financial, government, and military systems that require higher levels of assurance."

Because USENIX supports open access to research, you can read the research paper (PDF) on our site or watch the video presentation of the paper, which was recorded at LISA '09.

Last week, ITWorld ran an article I wrote (also inspired by the Snowden story) about the humble sysadmin and how to stay on their good side: 9 reasons sys admins hate you. Readers chimed in with dozens of comments (or hundreds, if you're looking at the Slashdot version), and the discussion got pretty darn interesting.

Has this new attention on the power sysadmins wield changed the processes where you work? Share your thoughts in the comments.