Chris Inglis Reflects on NSA Failures 13 Years After Snowden Leaks

Chris Inglis, who served as NSA Deputy Director from 2011 to 2014 under Director Keith Alexander, has broken his silence on the agency's missteps during the Edward Snowden affair, offering candid reflections on the most significant intelligence breach in American history. In interviews marking the 13th anniversary of Snowden's disclosure of approximately 1.7 million classified documents, Inglis acknowledged that the NSA failed to implement adequate insider threat detection mechanisms and over-relied on system access rather than comprehensive monitoring. 'We built a castle with moats but forgot to watch who was already inside the walls,' Inglis stated, referencing the Pratt & Whitney contractor status that allowed Snowden, then a systems administrator at the NSA's Hawaii facility, to exfiltrate data through removable media and civilian network access.

The former NSA official, who now serves as a professor at the United States Naval Academy, detailed specific technical failures that enabled the breach. Snowden exploited gaps between the agency's Secret Internet Protocol Router Network (SIPRNET) and its Joint Worldwide Intelligence Communication System (JWICS), using his elevated privileges as a systems administrator to access approximately 200,000 classified documents without triggering the agency's audit controls. Inglis emphasized that the NSA's compartmentalized approach to access management created blind spots where a single compromised credential could access multiple classification levels. 'The principle of least privilege was theoretically sound but operationally incomplete—we trusted credentials more than we verified their usage patterns,' Inglis noted.

For today's Chief Information Security Officers, Inglis offered prescriptive guidance on identifying potential insider threats through behavioral analytics rather than purely access-based controls. He recommended implementing user behavior analytics (UBA) that baseline normal network activity patterns and flag anomalies such as unusual data access times, abnormal query volumes, or unauthorized external connections. 'The question isn't whether someone has clearance—it's whether their behavior matches their role,' Inglis advised. He also called for CISOs to establish robust separation of duties, ensuring that no single employee can both request and approve high-value data transfers. The former NSA deputy director emphasized that these lessons extend beyond government agencies to private sector organizations handling sensitive intellectual property or customer data.

Looking forward, Inglis addressed the regulatory landscape and the ongoing tension between surveillance capabilities and civil liberties that his agency continues to navigate. He praised the post-Snowden reforms including Executive Order 12333 amendments and the USA FREEDOM Act's transparency requirements, while acknowledging that technological evolution—particularly cloud infrastructure and encrypted communications platforms—has fundamentally altered the surveillance challenge. 'When we talk about lawful intercept in 2026, we're operating in an entirely different threat environment than 2013,' Inglis observed, suggesting that CISOs should prepare for regulatory scrutiny of their own data handling practices as governments worldwide implement stricter breach notification and data localization requirements.