Congress Tells DoD to Report on Leaks, Insider Threats
For the next two years, Congress wants to receive quarterly reports from the Department of Defense on how the Pentagon is responding to leaks of classified information. The reporting requirement was included in the pending National Defense Authorization Act for FY 2015 (Sec. 1052).
“Compromises of classified information cause indiscriminate and long-lasting damage to United States national security and often have a direct impact on the safety of warfighters,” the Act states.
“In 2010, hundreds of thousands of classified documents were illegally copied and disclosed across the Internet,” it says, presumably referring to the WikiLeaks disclosures of that year.
“In 2013, nearly 1,700,000 files were downloaded from United States Government information systems, threatening the national security of the United States and placing the lives of United States personnel at extreme risk,” the Act states, in a presumed reference to the Snowden disclosures. “The majority of the information compromised relates to the capabilities, operations, tactics, techniques, and procedures of the Armed Forces of the United States, and is the single greatest quantitative compromise in the history of the United States.”
The Secretary of Defense will be required to report on changes in policy and resource allocations that are adopted in response to significant compromises of classified information.
The defense authorization act does not address irregularities in the classification system, such as overclassification or failure to timely declassify information.
It does call for additional reporting on the Department of Defense “insider threat” program (Sec. 1628), and on “the adoption of an interim capability to continuously evaluate the security status of the employees and contractors of the Department who have been determined eligible for and granted access to classified information.”
By definition, this continuous evaluation approach does not focus on suspicious individuals or activities, but rather is designed to monitor all security-cleared personnel.
While it seems that the current political climate may not incentivize the use of evidence-based data sources for decision making, those of us who are passionate about ensuring results for the American people will continue to firmly stand on the belief that learning agendas are a crucial component to successfully navigate a changing future.
In recent months, we’ve seen much of these decades’ worth of progress erased. Contracts for evaluations of government programs were canceled, FFRDCs have been forced to lay off staff, and federal advisory committees have been disbanded.
This report outlines a framework relying on “Cooperative Technical Means” for effective arms control verification based on remote sensing, avoiding on-site inspections but maintaining a level of transparency that allows for immediate detection of changes in nuclear posture or a significant build-up above agreed limits.
At a recent workshop, we explored the nature of trust in specific government functions, the risk and implications of breaking trust in those systems, and how we’d known we were getting close to specific trust breaking points.