The U.S. Air Force laid out a list of steps it is taking to better protect and regulate access to classified data in the wake of last summer’s “Discord” breach that exposed to the public hundreds of classified military and intelligence agency documents, according to a Dec. 11 report that details the service branch’s responses to the breach.
The report from the Air Force Inspector General breaks down the Air Force’s investigation into alleged unauthorized disclosures of classified documents by Massachusetts Air National Guard Airman First Class Jack Teixeira who posted classified information on the Discord chat platform. Teixeira has been indicted on six counts related to the unauthorized disclosure of national defense information and is awaiting trial.
The report finds that Teixeira acted alone in disclosing the information. But it also says that the Air Force has taken related disciplinary action against 15 service members – ranging from the rank of sergeant to colonel – “for dereliction in the performance of duties” in connection with the unauthorized disclosures, including relieving Col. Sean Riley from command of the 102nd Intelligence Wing at Otis Air National Guard base.
Those disciplinary actions stem from the finding that “individuals in Teixeira’s unit failed to take proper action after becoming aware of his intelligence-seeking activities,” even though the Air Force IG did not “find evidence that members of Teixeira’s supervisory chain were aware of his alleged unauthorized disclosures.”
“Indirect factors that enabled Teixeira’s unauthorized disclosure include the failure of commanders to adequately inspect areas under their command, inconsistent guidance for reporting security incidents, inconsistent definitions of the ‘Need to Know’ concept, conflation of classified system access with the ‘Need to Know’ principle, inefficient and ineffective processes for administering disciplinary actions, lack of supervision/oversight of night shift operations and a failure to provide security clearance field investigation results,” the Air Force said.
In response to the leaks, the Air Force said it has “implemented several reforms to improve procedures related to need to know and classified access, in addition to improving accountability for protection of classified and sensitive information.”
“Clearance approval levels and need-to-know are two fundamentally distinct concepts,” the service branch emphasized.
The Air Force said that additional reforms include:
- Improving need-to-know enforcement for electronic and hard-copy classified information;
- Providing additional guidance on layered physical security protections for facilities and systems;
- Increasing clarity on the responsibility of individuals and commanders to report behaviors of concern;
- Ensuring hand-off and receipt occurs within personnel security systems when individuals transfer to other assignments;
- Increased emphasis on cyber hygiene; and
- Improving security training content and delivery.
The Air Force’s release of the information access reforms follows a larger effort by the Defense Department earlier this year aimed at improving internal data security protocols following a 45-day review launched in April to examine how secret information is handled and managed by the military.