The leak arrest spotlightes major US intelligence vulnerabilities
After the Britney Spears Leak: What Can We Do About It? An Analysis of the US National Security Team’s Position on State Secrets
In addition to teaching at Georgetown University, Bruen is the president of the crisis communications agency the Global Situation Room, Inc. He was the director of global engagement in the Obama White House and an American diplomat in Ivory Coast, Venezuela, Iraq and Madagascar. The views expressed here are his own. Read more opinion on CNN.
Oops … we did it again. The US national security team is once more ignominiously living out the line made famous by pop star Britney Spears after finding itself back in the uncomfortable position of watching state secrets ping-pong around the internet. As a veteran of the National Security Council and State Department, I have a couple of ideas about what we need to change to get Spears’ song off repeat.
The Pentagon has already signaled it is beginning to learn the lessons of this leak, telling reporters the department is exploring “mitigation measures in terms of what we can do to prevent potential additional unauthorized leaks.” The Pentagon’s Joint Staff has cut back on the number of intelligence briefs sent to US officials, as reported by CNN.
But beyond contractors, there are other short-time workers who contribute to the problem. They are at the top of the organization. When President Joe Biden came into office, he promised to elevate experience and empower career officials. That did not happen. Instead, the upper ranks of the Defense and State Departments, along with the National Security Council, were packed with political appointees and other non-Foreign Service staff. This is especially dangerous in the wake of the institutional destruction caused by the Trump administration.
Many of the difficulties presented by a large contract staff was mitigated by me as an American diplomat. They were usually focused on money and not mission. I was a part of the Provincial Reconstruction team at Contingency Operating Base Speicher, which was plagued by problems with contractors and strained relations with our Iraqi counterparts.
The Next Step: Reformulating the Nation’s Security Bureaucracy after the Afghanistan After-Action Report and Implications for the Secretary of State
This administrative action could cost the government some money by forcing it to hire more permanent employees for roles requiring that level of information. But it would be worth it to massively reduce our vulnerabilities. It can help us restore allies’ confidence in our ability to safeguard what they share with us.
Politicians avoid tackling tough bureaucratic problems like the reliance on contractors. After all, they seldom stick around long enough (in many cases less than two years) to understand the classification system, let alone do anything to improve how it operates. It can take too much time if they don’t get how it works. Political appointees could not have deep relationships and knowledge of institutional knowledge to make changes in the first place. Finally, there are few incentives or rewards on offer for those who achieve an important administrative advance.
Biden promised to reestablish confidence in the national security bureaucracy when he took office. He can and must do more, before we once again are playing Spears’ hit track.
The next change ought to be in appointees’ job descriptions, with each one required to make at least three substantive security improvements developed by their team during their tenure.
We will need contractors even though we won’t be completely secure our secrets. There are a number of easy and effective steps Biden and his team can take now. Don’t wait for the review to be over. The last administration should not be blamed for the after-action report on Afghanistan. Don’t expect the next person to deal with it.
An Investigation of the 2001 October 11 Shooting of Aldrich Ames and Michael Hanssen During his 25 Years in the Bureau of Analytical Intelligence
The most dangerous spy in US history was put out of service when FBI tactical agents confronted him one Sunday evening in 2001.
After Hanssen’s treachery was exposed, investigators learned he had full access to the FBI and State Department’s computer systems and would spend hours trawling undetected for classified information. Hanssen had never been subjected to a polygraph examination in his 25 years with the bureau because of his access to highly sensitive sources.
In the case of former CIA officer Aldrich Ames, who was arrested by the FBI seven years before, after passing secrets for many years, the same thing happened, with Russian intelligence officials being executed for working for the US, and later the arrests of accused leakers, including Reality Winner.
An intense period of public anger, accusations of gross incompetence, and the launch of congressional and inspector general investigations are typically followed by a successful mole hunt.
While there is currently no indication that Teixeira allegedly leaked classified documents at the behest or under the control of a foreign power, investigations into major American spy cases involving suspects with varying motivations have uncovered serious inadequacies in the government’s ability to guard itself against penetration.
After the Ames and Hanssen cases, the CIA and FBI moved to strengthen its so-called insider threat programs aimed at safeguarding the nation’s secrets by closely scrutinizing the finances and travel of personnel with access to classified information, and increasing the use of polygraphs to routinely assess employees for continued allegiance and suitability.
Before Hanssen was exposed, the FBI Director said security wasn’t a priority. There was no security division. There wasn’t enough expertise from the FBI. We moved to address that.
More recent espionage cases, including that of former Army private Chelsea Manning, have unearthed vulnerabilities because many individuals have almost unrestricted access to US secrets. In 2006 Manning was sentenced to 355 days in prison for leaking secrets while serving as an intelligence analyst in Iraq.
Hundreds of thousands of secret documents, and in one case the full documents themselves, were referenced in source code on Manning’s computer.
Former NSA General Counsel Glenn Gerstell says the US government must do more to focus on improving procedures for dissemination, how many people have access to information, “and what kind of access controls [can] prevent people from printing out something and walking out the door with it.”
Modern scanning technology has become a method of alerting agency security personnel when an unauthorized device enters a government system.
Tracking the browsing habits of people who have access to classified systems is one of the things that User Activity Monitoring has been deployed to do. The measures include robust monitoring of searches made in classified databases, information downloaded, and documents printed or copied. Intelligence community employees have no expectation of privacy and users receive standardized notifications that every move on the system is subject to monitoring.
One major issue for the Defense Department is how often counterintelligence officials scrutinize employees that have access to information on an ongoing basis. While agencies like FBI and CIA require polygraphs for all employees when hired, and again throughout their careers during periodic reinvestigations, polygraphs are not mandatory for some Defense Department personnel who have Top Secret clearances.
Intelligence community officials believe that the polygraph test helps serve as a deterrent for improper disclosures if employees know they will be subjected to periodic exams.
The Pentagon has already been put into the crosshairs of congressional investigators, despite initial attempts to prevent the unauthorized flow of classified secrets.
Jim Himes, a Connecticut Democrat who is the ranking member of the House Intelligence Committee, spoke with Jake Tapper of CNN after Thursday’s arrest. And that’s where Congress comes in. Our job is oversight and we will be doing it.