Now the ass-covering begins.  Formally and bureaucratically, it’s known as the damage assessment.  How much damage to the national defense and security has actually been done by the disclosures of former Booz|Allen|Hamilton employee Edward Snowden?

The lead paragraph in the Washington Post’s article headlined  Investigators looking into how Snowden gained access at NSA frames it accurately.  “Counterintelligence investigators are scrutinizing how a 29-year-old contractor who said he leaked top-secret National Security Agency documents was able to gain access to what should be highly compartmentalized information…”

It’s the right question to ask Snowden’s former employer and the NSA.  Here is Booz Allen’s official response.

The questions for both Booz Allen and NSA will not get easier.  At least, they shouldn’t.

How did an employee with less than 3 months on the job with politically well-connected contractor Booz Allen and working in an office in Hawaii get placement and access to that particular classified, sensitive compartmented information?

To exactly what  information, at what level and in what compartments did Snowden need to have authorized access in order to perform his assigned duties?   What information has been compromised so far?    Which, if any, of that known compromised information was or should have been unauthorized for him to access?  How did he get unauthorized access?

Of the information to which Snowden had either authorized or unauthorized access, how much has not (yet) been compromised?  How sure is Booz Hamilton and NSA of that?

How timely was the compromised information?   How does it fit into the larger information collection process?  With the information known to have been compromised so far, what can hostile intelligence analysts reasonably deduce beyond the obvious?  How much does this compromise reveal about current information collection capabilities?  How much does it reveal about future information collection capabilities?  What vulnerabilities (holes) in our information collection capabilities are revealed by Snowden’s disclosures?

Who was responsible for supervising Snowden?

Was Snowden working alone or did he have associates?  Were the associates witting or unwitting about his activities?

What safeguards, if any, failed or were intentionally compromised to allow Snowden to gain unauthorized access?  What safeguards should have been in place to prevent Snowden from being able to compromise the documents?

The damage assessment will likely be classified and compartmented at least at the level of the material compromised.  While that could make it easier to assess and correct the problem, it will also make it easier for the White House and the Intelligence Community to cover Booz Allen’s institutional public ass.