Pentagon to strengthen insider threat monitoring and vetting procedures following major intel leak
Views:
1970-01-01 08:00
A review undertaken by the Pentagon after a trove of classified documents were leaked online has recommended that the department establish a new office to monitor insider threats and improve access to vetting information from ongoing background checks to ensure individuals still meet security clearance requirements.

A review undertaken by the Pentagon after a trove of classified documents were leaked online has recommended that the department establish a new office to monitor insider threats and improve access to vetting information from ongoing background checks to ensure individuals still meet security clearance requirements.

"This review found that the overwhelming majority of DoD personnel with access to [classified national security information] are trustworthy, and that all DoD Components demonstrate a broad commitment to security," Defense Secretary Lloyd Austin said in a memo released Wednesday. "However, the review identified areas where we can and must improve accountability measures to prevent the compromise of C SI [classified national security information], to include addressing insider threats."

The review was launched in the wake of a leak of classified intelligence on a popular social media platform, allegedly by National Guard Airman 1st Class Jack Teixeira. Teixeira was indicted on six counts of willful retention and transmission of classified information related to national defense. He pleaded not guilty to the charges in June.

Speaking to reporters on Wednesday, a senior defense official said the review showed the department needed to "revalidate things like distribution lists" and ensure that the Pentagon had "modernized our requirements with the way technology can enable kind of print tracking, those types of things, so that we have better accountability."

CNN previously reported that the Pentagon began to limit who across the government received its highly classified daily intelligence briefs following the leak, as the Pentagon's Joint Staff moved to whittle down its distribution lists.

While Teixeira's job required him to be able to see the intelligence he allegedly shared, there were multiple instances before his arrest in which his leadership documented warnings and observations of him accessing intelligence he didn't need to access.

Austin ordered the 45-day review in April, directing the under secretary of defense for intelligence and security to review the Pentagon's security policies and procedures.

The review included a 50-question survey for DOD components to "self-assess the current state of their personnel security, information safeguarding and accountability, physical security, and education and training posture," a fact sheet released Wednesday said.

Next steps

While Austin's memo did not go into detail about what the review found, he outlined a series of next steps and deadlines for Defense Department officials, including ensuring that personnel are accounted for in security information technology systems and that personnel need to have a valid non-disclosure agreement that is included in their personnel files by September 30.

Defense Department compartment heads who are not a part of the intelligence community will also be required to "validate the continuing need" for their personnel to have access to sensitive compartmented information. And the Air Force will be required to complete a "pathfinder project" with DCSA see how continuous vetting information can "be made more easily and readily available to commanders and supervisors."

Austin also directed the under secretary of defense for intelligence and security to create a "phased approach" to increase accountability and security of classified data, and to work with DOD's chief information officer to establish a Joint Management Office for Insider Threat and Cyber Capabilities within 90 days, which will "oversee user activity monitoring and improve threat monitoring across all DOD networks."

The senior defense official said Wednesday that an example of that monitoring would be notifying security if "someone was doing something unusual on the system."

"[W]hat we're doing right now is to make sure that those types of tools are used appropriately within the department and that we've appropriately resourced that program," the official said.

Asked Wednesday if the recommended changes would impact the Pentagon's ability to share intelligence with other agencies, the senior defense official said those doing the review were "very mindful not to impede" the ability to do so

"I think that was a key concern going into this, was that we didn't like lock things down too much to then have to slowly reevaluate whether or not we had overdone anything," the official said.

Tags epus news intel epus politics procedures strengthen pentagon epus one leak