I thought this might have been off-topic for this board but apparently not.
The government may have identified the origin of the leak and arrested the perpetrator but much more explanation is required of the policies and capabilities of both the Department of Defense and the Justice Department.
(snip)
If Corporate America has figured out how to administer modern operating systems on tens of thousands of computers for users scattered across an entire country, why hasn’t the Defense Department adopted these best practices? Many of these security controls are included with modern operating systems. Others require additional add-ons per computer. The Pentagon budget is roughly $842 billion dollars per year. It seems obvious that an $842 billion dollar budget can fit the cost of putting extra security software costing maybe $100 per seat per year on the computers of 950,000 civilian employees and 1.3 million active duty personnel. That’s a mere $225 million dollars. That’s 0.0267 percent of the yearly defense budget.
(snip)
Using the earth as a metaphor for all possible areas of sensitive information, this classification scheme implies that current practices are more focused on the “altitude” of a person (how high up the scheme they are) rather than the “latitude and longitude” of their need to know. Information within the Compartmentalized tier is obviously more segmented but at lower levels, access seems to be quite wide. Conceptually, if you are trusted to view information at two thousand feet, you are trusted to look at any point on the planet at that two thousand foot level. Assuming for a moment that current government policies which seem to require ever larger volumes of information to be hidden from the public are legitimate, it seems clear current classification schemes cannot serve the defined need. They lack the specificity required to properly compartmentalize information and thus contribute to oversharing of information.
The crux problem on display from this excruciating display of unintelligent incompetent failure of security is failure to establish a system of “Need to Know”. This kid, and undoubtedly hundreds more like him, simply had ZERO need to know of almost all he apparently had easy access to.
When I was doing cybersecurity network design fifty years ago Need to Know was paramount, and so I am mostly just stunned.
It is my experience, that anyone can be compromised. Anyone, not necessarily at anytime, but at some point anyone can be compromised.
I suspect, but have not experienced, that at anytime, someone can be compromised.
However, just like Manning and Snowden, this person was not compromised. They just failed. So the question becomes, “How many have been compromised?”
When an intelligence officer acquires an asset, (he compromised someone) the very last thing he wants to happen is for the information that he gains to be used. Every time it is used the counter intelligence forces can narrow in on the compromise.
Allies were curbed. SK was thinking of trading arms with Russia.
Were some of the things outlined about Ukraine false? We do not know in full. Neither does Russia. Meanwhile we are spending more in the west on arming Ukraine than Russia is spending annually on the war. Our arms are more modern and Russia is emptying her dusty old pantry of arms.
Thanks for the interesting OP article. There was a security breach, but most of us will never know the details. Maybe someone left a password in the open.
This old guy (who has never had any security clearance, but has to keep his clients’ info secure) wonders how any 21 year old got a high level security clearance.
Security is a matter of trust. Trust should be earned over time, not quickly given because various bits of data do (or do not) exist. Certainly, there must be 25 or 30 year old IT techs who have proven their trustworthiness rather than letting some guy barely out of college into high security networks. I’m sure there were no red flags in his background check. He hasn’t lived long enough to have any yet.
And as a second observation, there is network level security and document level security. A network tech will need the network level of security, but has no reason to view individual documents. Perhaps there was document level security and this guy managed to hack that security to view individual documents. And with network level security, he could probably override access logs that might show that he copied files to take home and break the security there. But based on the descriptions, I kind of doubt that. It sounds like he actually walked out of the office with a paper copy of at least one document concealed on his person somewhere. Which means that at least the places he was accessing lacked document level security, or he was granted access that he didn’t need. Either one is a really bad look.
I suspect some heads will roll over this whole issue, and a couple of them may have stars on their shoulders. This whole event has opened eyes to the poor level of security in at least one area of the military.
Of course, the military-industrial complex will be more than happy to improve the security of military computer networks. For a nice no-competitive-bid cost-plus contract. With few limits on the cost side.
Some sloppy management, indeed… His CO has a lot to answer for as well as his co-IT guys… Someone had to notice his poking around out of bounds, much less his offsite playtime… Head will roll, careers ruined… Sad, because we need the good ones…
Astoundingly, Teixeira is being hailed by far right “thought leaders” as a “victim”, because he is white, male, and Christian. Treason, dressed up as another “victim” of those who supposedly hate white, male, Christians. Certain factions in Shiny-land have completely lost their freaking minds, in their drive to pander to the very lowest of their base.
[quote=“steve203, post:11, topic:91331”]
Astoundingly, Teixeira is being hailed by far right “thought leaders” as a “victim”, because he is white, male, and Christian. Treason, dressed up as another “victim” of those who supposedly hate white, male, Christians. Certain factions in Shiny-land have completely lost their freaking minds, in their drive to pander to the very lowest of their base.
Steve[/quote]
As a long time handler of classified information it’s literally making me sick. But this is just The Kook Right’s way of crying “racisim” as a deflection from the actual situation.
In 1975, age 24, I was a fierce leftist anti-war-in-vietnam and gay rights organizer with a new BA in political theory and BS in mathematical physics specialized in “complexity and chaos theory”. I applied for a suitable job in cyber communications and was rather quickly granted Top Secret clearance and more, and it was a smart move by the relevant agencies. Why? Partly because I knew what they needed known, but also because I had a proven record as a militant anti-soviet and anti-drooling-idiot-intellectual-Marxist (I actually created and ran a student spy ring that penetrated Harvard’s SDS and PLP organizations and kept sanity one step ahead of those intent on burning down the campus physics labs where I did a lot of my studies), but much more important than my true blue loyalty to constitutional rectitude was the fact that in those days classified info was far far far more compartmentalized. I was trusted, but only to read and work with documents that were absolutely essential to my assigned work. I had to go through a rigorous process when I needed to expand my access.
Beyond the gross security ratings (confidential, secret, top secret, specialized ticketings…), compartamentalization and demonstrated specific “need to know” was crucial in those days. Apparently electronic docs displacing physical docs has pushed the entire intelligence community into stupidity. Like some others in this thread I was staggered at the idiocy that allowed a “tuuerp” [replace the double u’s with the obvious letter and you get the long time useful word I intend but is now forbidden, god help us all, for reasons no doubt as weak and silly as Teixera’s social club of game fantasists] like Teixera to have full run of so much of the secret castle.
Stupid stupid stupid. But I would no more impose death penalty or decades long imprisonment on Teixera than I would beat my rescued street dog for eating a raw steak left unattended on a bench near his food dish, but I sure as hell would require a major shift in how all this is “managed” in this info-age, and creation of a ferocious program of indoctrination on the care and responsibility and personal jeopardy for keeping secrets that Teixera clearly never had in any way that penetrated his noggin.
A certain mentally and physically lazy group of people (according only to them they are the only ones working) has clung to racism endlessly. If not racism as the first answer then it is misogyny as the first answer.
Please do not cry that I say such a thing. Please do not cry. Dry those tears.
Point is Steve nothing is different with them. The only change is the numbers do not add up any longer to promote them alone to the top. Funny thing there is no them at the top. Just a tax cut for the one or two people who are the them.