Pentagon Creates Office to Monitor User and Insider Threats Following Leak
The Pentagon has announced it will improve how it monitors people who work with classified information, based on the results of a 45-day security study conducted after the leak of dozens of classified documents.
This change includes the creation of a new office to oversee user activity and improve “threat monitoring” (the Integrated Management Office for Insider Threat and Cyber Functions), the creation of a centralized tracking system for the department’s sensitive facilities, accountability and security enhancements. According to Secretary of Defense Lloyd Austin’s memo dated June 30, it is classified information.
“What we’re doing now is that kind of [user activity monitoring] He said the tool is being used appropriately within the department and that we have appropriately resourced the program given its intended use,” a senior defense official told reporters Wednesday.
The review was announced in April after a number of classified documents containing assessments of the Ukrainian war were posted on the Discord server. Airman 1st Class Jack Teixeira of the Massachusetts Air National Guard has been charged with keeping and distributing classified documents. he pleaded not guilty.
The review includes 50 questions to “self-assess the current state of personnel security, information protection and accountability, physical security, and education and training attitudes” for DoD organizations, according to the DoD factsheet. It included an investigation. These responses were analyzed by a team that “reviewed existing policy and guidance documents and identified areas for improvement and best practices across the Department of Defense.”
While the factsheet confirms that the “overwhelming majority” of people with access to classified information adhere to policies and procedures, the Department of Defense’s “security posture and accountability measures” have room for improvement. The factsheet states that it was found that
The review showed that the Department of Defense needs to reconsider how it uses technology to monitor users. For example, “print tracking, etc., to allow individuals to be more accountable when working in a sensitive environment or printing print.” It’s when new technologies come along that allow us to better understand what you’re doing, like what products you’re accessing,” the senior defense official said.
The memo called for “a step-by-step approach to increasing accountability, controlling access, and enhancing security for sensitive data by 28 August 2023” and added that “top secret appointment requirements should be We will soon issue guidance to strengthen accountability and control over top secret information, including: Controller. “
Austin also directed the Department of Defense to plan “appropriate electronic detection systems and mitigation measures” at all classified intelligence facilities (SCIF) and special access program facilities (SAPF) by the end of next September. . Reviewers have found that the technology is not used in the same way across the board.
“It helps alert people who do it simply by accident, it helps with detection, all that stuff,” the senior defense official said. “And I think in the survey, some people needed it, some people didn’t. And we also saw that there are best practices out there that we can look at next year.”
The Pentagon also wants the classified information policy to be more explicit because reviewers have found that ambiguity creates “disagreement as you go deeper into the department,” the senior defense official said. said. One example is the Chief Security Officer requirement.
“I believe our disclosure policy states they are voluntary, but if different classifications may require controllers,” the official said. “So when it comes to what is a reportable crime and to whom it must be reported, I think some of the local level security administrators who manage joint forces are also confused. For example: Who are you going to report to?