Who can be trusted in the Pentagon to access secrets?

The Pentagon had begun to implement a new “zero-trust policy” throughout the defence department which could have uncovered the leaker of hundreds of pages of classified documents. But the strategy was still four years away from being completed when the latest leaks drama broke. The policy which was grounded on the notion that no one could ever be 100 per cent trusted to keep secrets safe was in such an early stage that the relatively junior member of the Air National Guard intelligence branch accused of the leaks still had unrestrained access across a wide spectrum of highly classified material. Zero trust will not be fully implemented until 2027. The full scope of 21-year-old Jack Teixeira’s alleged document leaks has yet to be unravelled. But the FBI and US Justice Department have already found that the Massachusetts air national guardsman’s access to secrets was far wider than previously realised and that alleged leaks had been going on for at least a year. Many of the documents which appeared on the gaming website Discord came from the Pentagon’s joint staff intelligence directorate. But there were also classified documents from the CIA, the National Security Agency (NSA) involved in foreign signals intelligence interceptions, and the Defence Intelligence Agency (DIA). The abiding concern among the investigators is that many more documents may still appear on obscure websites. When Bradley (now Chelsea) Manning leaked more than 700,000 classified documents to WikiLeaks in 2010, it took months for all the secrets to be revealed in public. However, Manning leaked entire archives of classified documents. Despite the WikiLeaks exposures and the highly classified CIA and NSA documents leaked by Edward Snowden in 2013, it took until November last year for the Pentagon to announce a zero-trust strategy. “The whole point of zero trust is to never trust, always verify and assume a breach,” Don Yeske, the US Navy’s chief technology officer, told a conference on Wednesday. “You begin from the point of assuming your network has been compromised, and if it hasn’t been compromised that compromise is inevitable. Insider threats light up like a Christmas tree when that is your approach,” he said. Under the strategy, all users of classified material and their electronic devices have to be constantly evaluated. “That evaluation would have identified, I believe, a pattern of activity here where someone who’s a network administrator, someone who is an IT professional accessing this kind of information would have been questioned,” he said. The Pentagon is currently conducting a review of its document security policies. But accelerating the zero-trust strategy in which every person granted access to classified material is subject to regular checks and assessments would seem to be unavoidable.