The Defense Department is moving to improve oversight of personnel with access to classified information, appoint “top secret control officers” and establish a joint office for insider threats after a junior Air National Guardsman allegedly leaked troves of highly classified data on the Discord website.
The new actions are laid out in a June 30 memo signed by Defense Secretary Lloyd Austin. They are based on a 45-day review Austin ordered in April after 21-year-old Jack Teixeira was arrested for being the alleged perpetrator of the leaks.
Teixeira is accused of sharing military secrets with Discord users, including by posting photographs of files that bear both SECRET and TOP SECRET markings. He pleaded not guilty to federal felony charges last month.
DoD did not release the 45-day review itself. But in a fact sheet summarizing its findings, the department notes it “relies on a culture of trust and accountability for those who are granted access” to classified national security information.
“This review found that the overwhelming majority of DoD personnel with access to CNSI are trustworthy, and that all DoD components demonstrate a broad commitment to security,” Austin wrote in his memo. “However, the review identified areas where we can and must improve accountability measures to prevent the compromise of CNSI to include addressing insider threats.”
Austin directs all DoD component heads to issue a plan of action and milestones “that ensures all DoD personnel are included and accounted for in designated security information technology systems” by Aug. 31. DoD components should also have a plan to assign all DoD personnel to a security management office by Aug. 31.
Non-intelligence community portions of DoD will also need to “validate the continuing need” for personnel to access to Sensitive Compartmented Information (SCI), while also ensuring personnel with SCI access have signed a non-disclosure agreement.
The Pentagon is also centralizing oversight of specialized classified facilities. Austin directs the Under Secretary of Defense for Intelligence and Security to set up a centralized tracking systems for DoD Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs).
And Austin directs DoD offices to ensure they are budgeting for the technologies to ensure they have “appropriate electronic device detection systems and mitigation measures” in all sensitive facilities.
DoD’s chief information officer will work with the I&S office to “immediately enhance accountability and control of TOP SERET information,” Austin’s memo continues, including “a requirement to appoint Top Secret Control Officers.”
Austin also directs DoD officials to come up with a plan within 90 days to establish a “Joint Management Office for Insider Threat and Cyber Capabilities.” The organization would oversee user activity monitoring and “improve threat monitoring across all DoD networks.”
The Pentagon is also looking to improve oversight of security clearance holders and how defense components share information gleaned from “continuous vetting” checks of the cleared population.
The Defense Counterintelligence and Security Agency, which conducts most clearance investigations, is being tasked with setting up a “pathfinder project” with the Air Force “to examine or improve how personnel security continuous vetting information can be made more easily and readily available to commanders and supervisors in all military departments,” Austin’s memo continues.
And Austin also directs the I&S office to ensure DCSA “optimizes security information technology systems for information sharing and informed access decisions in a manner that is supported by data reporting and analysis in Advana or other system of record.”
Advana is a DoD system that pulls data from multiple business systems.
While the Pentagon is taking steps to tighten access to classified information, DoD acknowledges concerns that it could overreact to the Discord leaks.
“The department is mindful of the need to balance information security with requirements to get the right information to the right people at the right time to enhance our national security,” the 45-day review fact sheet states. “As DoD implements the recommendations and associated actions from this review, careful consideration will be given to guard against any ‘overcorrection’ which may impede progress on information sharing and operating models that better enable DoD to execute the National Defense Strategy and its overall mission.”