The Pentagon will tighten existing security controls on access to classified information in the wake of the arrest of Jack Teixeira for allegedly being behind the Discord leak of classified documents.
The Massachusetts Air National Guardsman had a top secret clearance because of his job as an IT technician at Otis Air National Guard Base, but he was found to be accessing documents that contained information that he did not need to know, prompting a 45-day review ordered by Defense Secretary Lloyd Austin to see whether the department had systemic issues in issuing security clearances. Teixeira pleaded not guilty to six counts of willful retention and transmission of national defense information last month.
The findings, released Wednesday, revealed that "there wasn't a single point of failure," according to a senior defense official.
"The way to think about it is there are contributing factors to any security incident. And so this was an opportunity while the other work that goes on with the Air Force and the law enforcement investigation to make sure that we looked at this as quickly as possible to make sure that we made the improvements as quickly," the official said.
"What we see here is we have a growing ecosystem of classified facilities and that the local level managers have the best picture and that we are training our workforce in an understandable way for the information that they are working," the official explained.
The overwhelming majority of DOD personnel were following security procedures for accessing top secret documents, the review found, but the official said it also found "areas where the Department should improve its security posture and accountability measures" including improving accountability for accessing classified documents.
Last week, Austin approved the recommendations made by an internal DOD team. Recommendations called for setting up "Top Secret Control Officers" for units, the establishment of a new office for insider threats, and plans for a real-time detection collection system about who is having access in top secret work areas
Pressed about whether the DOD is looking to restrict the number of people who have access to classified documents, the official responded, "No."
"We're looking to ensure that we have the right need to know procedures to ensure that the information that is available on classified networks is accessed by those with access," the official added.
"This is about making sure we're validating need to know, not necessarily turning off access," emphasized the official.
And the official said that in the near term, DOD is looking at how that ecosystem for classified information works and referenced a "kind of digital passport validating need to know when we understand what folks are able to access."
As part of the recommendations, DOD is going to re-emphasize existing security controls and clarifying overlapping policies that may have confused officials in some parts of the department. For example, having top secret control officers was already allowed under existing policy as an optional practice, but now they will be required.
"I think in looking at this, without focusing into the specifics of this exact case, I think those ambiguities are the types of things that we are looking at over these coming months to make sure it is as clear as possible and reflective of today's security environment," said the official.
The official did not express surprise that these kinds of ambiguities had developed in such a large department as these policies have "layered on top of each other as this has grown and as this complex classified information environment has grown" and "that there is a need to make sure that we are looking at them from a stand-back distance to make sure they're understandable and that our workforce can use them."