The Pentagon Leaks Highlight the Urgency of Maintaining a Reliable Workforce
The recent leak of classified Pentagon documents through the popular messaging platform Discord has raised concerns about how the government handles national secrets in a post-9/11 world. The debate surrounding the incident has focused on access control and the need to maintain a trusted workforce to mitigate insider risk. While some argue that the leaker, National Guard Airman Jack Teixeira, had too much access in his “low-ranking” role, others point out that he was authorized and cleared, and any question about his age misses the point.
A Breakdown of Trust
The cases of Teixeira, Edward Snowden, and Chelsea Manning all involve a breakdown of loyalty to their employer. When loyalty is broken, trust is also broken, and harm is a natural byproduct. Teixeira’s leak has played right into foreign actors’ hands, making it even more crucial to tackle the issue head-on. The complexity of people means that there is no silver bullet to gaining trust, but addressing questions about the lead-up to the leak can help government entities detect and deter insider risk.
Preserving Insider Trust in the Military
The Defense Counterintelligence and Security Agency (DCSA) has been implementing changes under the Trusted Workforce 2.0 strategy, a whole-of-government approach to reform the personnel security process. The strategy aims to establish and maintain a relationship of trust with an individual throughout their affiliation with the government, shifting from periodic background checks to continuous vetting systems, which use personal vetting to detect potentially suspicious activity in real-time. This would enable the Department of Defense to proactively deter insider risk by addressing it before a security incident occurs.
Preventing Insider Threats: Actionable Data at the Right Time
The Pentagon leaks confirm that the Trusted Workforce 2.0 strategy and the continuous vetting system are on the right track, but it’s unfortunate that so many risk indicators were not detected in this case. To address this issue, the government must capture and correlate the right data at the right time, which includes data sets covering cyber, human, organizational, and physical terrain. Going forward, collaboration across government and industry will be necessary to fill gaps in expertise and knowledge.
Editorial
The leak of classified Pentagon documents is a reminder that insider risk is a significant threat to national security. While the government has taken steps to mitigate this risk, more needs to be done. As this incident shows, the continuous vetting system is not foolproof, and the government must continue to improve its methods of detecting and deterring insider threats.
Advice
Companies and governments must prioritize employee trust and loyalty as a fundamental factor in managing insider risk. Continuous vetting systems that leverage personal vetting must be put in place. To ensure that insider risk is detected and deterred, companies and governments must make sure to capture and correlate the right data at the right time, collaborate across government and industry, and handle suspicious activity in a way that is responsible and maintains transparency and privacy.
<< photo by Ono Kosuki >>
You might want to read !
- How China’s Satellite-Attacking Technology is Advancing Rapidly: An Insight into the Pentagon Leaks
- Exploring the Impact of the Critical OAuth Vulnerability in the Expo Framework on Account Security: A Commentary.
- The Evolution of Buhti Ransomware Gang: Analyzing the Utilization of Leaked LockBit and Babuk Code
- Uncovering the Secrets: Linking Mysterious Malware to Russia’s Industrial Cyber Espionage