The Next Intel Leak May Not Resemble the Most Recent One, Expert Warns

As the Department of Defense begins a review of its policies and practices for handling classified information in the wake of a massive intelligence leak, a national security expert cautions that the next intel leak may not resemble the one that just happened—and so officials must try to be proactive in considering next steps.

“You don’t protect against just the last threat,” Sina Beaghley, a senior international and defense policy researcher at RAND, said in an interview with Air & Space Forces Magazine. “You have to address that, you have to close the gaps. But you also have to think about where technology, culture, all of those things are leading and then posture the government to be able to react to it, both in the recruiting world and in terms of trust, vetting, and mitigation.”

The question of how the military handles security clearances and classified information has been hotly debated ever since a trove of classified information on the war in Ukraine, the Indo-Pacific and Middle East military theaters, and other sensitive subjects were leaked in an online group chat. Airman 1st Class Jack Teixeira was arrested April 13 in connection with the leak, and, in the days since, Defense Secretary Lloyd Austin III and Air Force Secretary Frank Kendall directed separate reviews of their departments’ security practices.

On the Air Force side, the corrective action includes a review of the Massachusetts Air National Guard’s 102nd Intelligence Wing, Teixeira’s unit; a headquarters-level appraisal of Air Force policies; and a stand-down within the next 30 days for all Air Force and Space Force units to review their security practices and conduct training as necessary.

Approximately 700,000 people in the Department of the Air Force have security clearances, an Air Force spokesperson told Air & Space Forces Magazine. While the Defense Counterintelligence and Security Agency does not break down the average timelines to obtain a security clearance by military branch, it takes an average of 57 days to secure an initial secret clearance and 51 days to undergo a secret periodic reinvestigation. It takes an average of 94 days to obtain an initial top secret clearance and 115 days to undergo a top secret periodic reinvestigation.

At a Senate Appropriations defense subcommittee hearing and in a memo sent to the entire department, Kendall, Air Force Chief of Staff Gen. Charles Q. Brown Jr., and Chief of Space Operations B. Chance Saltzman stressed the importance of setting and following standards for who “needs to know” certain sensitive information.

“Enforcing the need-to-know requirement is a chain of command responsibility—these are important, conscious choices leaders must make at every level,” the three officials wrote.

But enforcing “need-to-know” may be easier said than done.

“Who makes that judgment?” Beaghley asked. “Need-to-know is partly a self-policed activity: I shouldn’t be searching something totally beyond what my mission is. But who knows exactly what my mission is? How do you determine what my permissions should be? Especially when job functions and tasks can be fluid in a national security environment.”

The U.S. government began sharing classified information more widely among authorized individuals after the Sept. 11, 2001 terror attacks, after criticism that national security agencies did not share information and coordination enough. Even now, officials call for even more info-sharing and cooperation across organizations.

The challenge in placing limits on that sharing would be deciding what information individuals need to do their job within the complex national security bureaucracy.

Access is one of several areas where the military and the government as a whole has to strike a balance between trusting individuals and protecting sensitive information.

Starting in 2018, the government launched Trusted Workforce 2.0, a multiyear effort intended to make the vetting process faster by implementing a single system. Instead of reviewing individuals with security clearances every five to 10 years, the new system continuously vets individuals via automated record checks of criminal, terrorism, and financial databases and public records. All Air Force and Space Force personnel with security clearances are subject to continuous security vetting, an Air Force spokesperson said.

But while Trusted Workforce 2.0 does improve the time it takes officials to get important information on security clearance holders, there are still instances when individuals don’t set off any triggers but still present a threat.

“When you have an individual who’s been cleared and been determined to by the government to be trustworthy at a certain level which, in this case, as I understand, is the highest level, what do you do when that person decides to not do what they said they would do as far as non-disclosure?” Beaghley asked. “How do you mitigate that?”

One commonly-suggested solution is to monitor a security clearance holder’s social media presence. There is policy for how government agencies can seek out information about a candidate’s public social media presence at the beginning of a security clearance investigation, and some agencies do so, Beaghley said. There have also been a few test programs that have gathered and analyzed information about individuals’ public activity on social media after they receive their security clearance, but reporting is mixed on how productive those programs were for the resources invested.

Even if there was a successful program that included public social media monitoring as part of a continuous vetting process, monitors are not currently allowed to access a private chat room like the one in which Teixeira allegedly leaked classified information, at least as part of a normal background investigation. It also may not be knowable under which social media profiles or handles a security clearance holder posts.

Beyond social media, the government has also directed employees to report on coworkers exhibiting suspicious behavior. Various federal government agencies also have insider threat programs that monitor employees’ computer activity for anomalous behavior.

Though all these systems complement each other, there are still possible blind spots that could allow for misuse of access. For example, if individuals with security clearances print out a classified document, they generally would not be inspected when they leave a classified facility, Beaghley said.

“In most cases, no one’s patting you down, looking through your bags. So here is the possibility that a trusted individual with access can print out classified material and quite literally walk out the door,” she explained.

While some have called for systems to monitor the printing of classified materials, there are still other ways to create and share classified information—all of those ways is part of what is straining the government’s current information security system.

PowerPoints, PDFs, Word documents, emails, video teleconferences, and chat messages can all be forms of secret or top secret records that must be marked with the appropriate classification level. Each new form of digital record also presents a challenge for how to protect it.

“We live in a world where technology has allowed for sharing of information in a much more robust way,” Beaghley said. “Technology has enabled a lot more national security secret-making and secret-sharing.”

All of these factors mean that even when the Air Force and the Department of Defense complete their current reviews of information security practices, they should continue to reevaluate their practices as technologies change, Beaghley said.

“There’s no silver bullet,” said Beaghley. “The next leak likely won’t look like this particular situation. … The government is evaluating options, learning from prior scenarios, but it’s really important to think about future scenarios and try to plan for and mitigate against the things that have not yet happened but could potentially in the future.”