Security protocols should focus on root causes, not just volume.
[Editor’s note: In the wake of the latest national security breach, in which classified Pentagon documents related to the war in Ukraine were disseminated online, Liberty Nation’s National Security Correspondent Dave Patterson digs into how America’s most sensitive materials are handled. Part two of this series can be read here.]
The information classification system expects people to follow protocols. That’s the system’s glaring and irrefutable flaw. It may seem like stating the obvious, but the weakness in the system designed to protect America’s sensitive information is that people can mess it up, as was demonstrated by US Air National Guard Airman First Class Jack Teixeira’s abrogation of his signed oath to keep Department of Defense’s secrets safe.
Stringent Guidelines Fail to Stop Leaks
As Liberty Nation reported, Defense Department Press Secretary Air Force Brigadier General Pat Ryder made the point repeatedly in a briefing that “the DOD has ‘stringent’ guidelines in place and that the unauthorized release of the classified documents was a criminal act where the perpetrator purposefully violated those guidelines and regulations.” That is precisely the point. Despite protocols, processes, regulations, individual training of all security clearance holders, service members, and contractors, and policies to prevent unauthorized, criminal disclosures, people still disclose classified information.
Teixeira’s job was cyber transport systems journeyman, commonly referred to as information technology (IT) specialist. He had a top-secret, sensitive compartmented information (TS-SCI) clearance. He worked the night shift for the 102nd Intelligence Wing at Joint Base Cape Cod, Massachusetts. “There, he had broad access to a secure facility where he could access a global network of classified material from the military and 17 other American intelligence agencies,” The New York Times reported. However, Teixeira’s position neither required nor authorized his accessing that network.
Nonetheless, Teixeira looked at highly classified data, took notes, downloaded, removed from his workplace, photographed, and posted the classified material to a private server on a gaming chat service called Discord. None of his supervisors or co-workers had reported anything unusual. Was there a night supervisor managing Teixeira’s work schedule and assigning tasks? Where was the unit leadership? Seldom have there been intentional, unlawful disclosures of national security information without some suspicious indicators.
Training Is Required to Stop Leaks
Chelsea Manning (Photo by Diego Donamaria/Getty Images for SXSW)
Every person with a security clearance working for the US government is required to attend Insider Threat Awareness training. An essential part of the curriculum is how to spot key indicators that a co-worker or colleague may be a security threat. A recent famous example is Army Private First Class Bradley (AKA Chelsea) Manning, a soldier struggling with gender dysphoria while posted to a remote Iraqi Forward Operating Base Hammer “where morale was rock bottom and security slipshod. Increasingly disillusioned with the US mission, [Manning exhibited deteriorating behavior], culminating in his punching a female officer in the face,” The Guardian reported. His actions indicated the presence of a potential security threat. Processes were in place but not followed. People failed. Supervision failed. Leadership failed.
Not as infamous is the case of US Navy Petty Officer 2nd Class Bryan Martin, who attempted to sell classified information to an individual he thought to be a Chinese intelligence officer. Martin was in deep financial trouble because of his uncontrollable gambling and habit of hiring prostitutes, problems known to his co-workers. According to official government records, he was arrested when he attempted to sell “packets of documents containing Secret and Top Secret information about current naval operations and intelligence assessments” to an undercover FBI agent. Tried and found guilty, Martin was sentenced to 34 years in prison. In this case, recognizing and reporting indicators of insider threats worked. The processes, procedures, and protocols are in place, but they are effective only if people take responsibility and follow them appropriately.
The knee-jerk reaction in any bureaucracy, when people behave in a way that puts the organization in jeopardy, is to “fix” the processes or procedures if there is something systematically wrong. But most of the time, despite efforts to eliminate perceived process flaws, if people are motivated to break the law, they will break the law. Military members of all ranks are responsible for recognizing changes in the behavior of co-workers and colleagues. Family problems, financial pressures, and sudden expressions of eccentric ideological points of view may be signs of a security threat in the making.
Issuing security clearances is no trivial matter. In the wake of the latest national security breach, in which classified Pentagon documents related to the war in Ukraine were disseminated online, Liberty Nation’s National Security Correspondent Dave Patterson digs into how America’s most sensitive materials are handled.
Some national security pundits feel there are too many high-level security clearances issued. Others argue Air National Guard Airman First Class Jack Teixeira – the young man who allegedly leaked some of the United States’ most closely kept secrets – was too young to have such clearance. In any case, the matter of security clearances has come front and center to the minds of Americans.
The first point, of course, raises the question of just how many high-level security clearances there should be. To give some context, the total number of government and contractor employees with security clearances, both with access currently and those eligible to get access, is approximately 2,500,000, according to the Fiscal Year 2019 Annual Report on Security Clearance Determinations, the latest report provided to Congress.
The applications for security clearance are continuous. The Director for National Intelligence keeps statistics on those security clearance requests pending and those completed. “Despite the challenges posed by the pandemic, D/A (Executive Branch departments and agencies) work continued, and the three quarters’ average of pending and completed adjudications was relatively stable with an average of approximately 179,000 pending cases and an average of approximately 171,000 cases completed,” the February 2022 report for Fiscal Year 2020 stated.
Trump’s Management of Security Clearances
The backlog number has improved considerably since the Office of Personnel Management (OPM) was responsible for background checks and awarding security clearances. Following the breach of OPM security controls and the release to the public of sensitive clearance request paperwork for approximately two million clearance holders during the Obama administration, President Trump signed Executive Order 13467, moving the background investigations to the Defense Counterintelligence and Security Agency. Around the time of initiating the transfer in April 2018, the backlog of unfinished background investigations was 725,000 compared to the backlog of less than 180,000 today.
Donald Trump (Photo by Scott Olson/Getty Images)
The second opinion, that clearances are awarded to members of the US Armed Forces and contractors who are too young, misses the fact most individuals found guilty of leaking defense secrets were considerably older. Furthermore, we entrust combat using lethal weapons to the young, trusting them to acquit themselves effectively and honorably. Most do; very few don’t. Year over year, the number of Americans who violate the trust the US government has in them is small compared to how many holders of security clearances there are.
After the Teixeira incident, the Department of Defense (DOD) wasted no time taking bureaucratic action in a process-rich bureaucracy. “More immediately, though, the Pentagon is combing through distribution lists of people able to access and print classified material to determine if they should have that level of access,” Breaking Defense reported. It is easy to understand that with hundreds of thousands of individuals with access to classified information, those people no longer needing access could be overlooked.
Procedures Are in Place
However, the Office of the Director of National Intelligence has “formalized requirements to enroll the eligible national security population in continuous evaluation (CE), but has not assessed program performance. CE entails enrolling employees in IT (information technology) systems that conduct automated record checks on a frequent basis,” the Government Accountability Office explained. Despite the inclination to be hyper-critical of the security clearance process, the number of people and agencies involved is immense. “The Federal Register indicates there are over 430 departments, agencies, and sub-agencies in the federal government,” Senator Chuck Grassley (R-IA) opined in a written statement before the Senate Judiciary Committee in 2015.
Consequently, when pundits and commentators ask why there are so many people with security clearances or question whether Airman First Class Teixeira should have had access to classified because he was only 21 years old, those questions expose a misunderstanding of the magnitude of the security clearance system. The security clearance domain is large and varied. The issue is not why unauthorized releases of classified information happen as frequently as they do. Instead, it is remarkable there aren’t more such breaches.
All opinions expressed are those of the author and do not necessarily represent those of Liberty Nation.
No comments:
Post a Comment