Pentagon

After leak, Pentagon purges some users’ access to classified programs, launches security review

The review, whose initial findings are due in 45 days, involves DoD CIO John Sherman, who's already been long at work revamping how the Pentagon protects its secrets.

220331_pentagon_circuit_board_gold

The Pentagon, but digitized. (Graphic by Breaking Defense. Circuit photo by Pixabay.)

WASHINGTON — As the Department of Justice continues investigating the breadth of the Discord leak, the Pentagon has launched a review of its security policies and procedures and is paring back just who has access to highly classified information, a Pentagon spokeswoman announced today.

Late last week, a 21-year-old member of the Massachusetts Air National Guard was arrested and charged with two counts related to the unauthorized handling of classified materials in relation to a deluge of classified documents that circulated online for months unnoticed. Deputy Pentagon Press Secretary Sabrina Singh referred reporters today over to the DOJ for all questions related to that investigation but said top Department of Defense leaders continue to receive briefings and are taking some initial steps designed to better protect classified material. 

For example, Defense Secretary Lloyd Austin has directed the Undersecretary of Defense for Intelligence and Security, in coordination with the Chief Information Officer and the Director of Administration and Management, to lead a “comprehensive review of DOD security programs, policies and procedures.”

“Within 45 days, [the Undersecretary of Defense for Intelligence and Security] will provide [Austin] with initial findings and recommendations to improve the department’s policies and procedures related to the protection of classified information,” Singh said. 

That review is designed, in part, to review who has access to “sensitive information” across the DoD and in other agencies. 

“It’s not just the Department of Defense who has [a stake] in some of these unauthorized disclosures of docs that were posted online. There are other agencies that were impacted, our allies and partners as well,” she told reporters. 

More immediately, though, the Pentagon is combing through distribution lists of people able to access and print classified material to determine if they should have that level of access. 

“A very simple example would be a distribution list that has 10 people on it, and one of those people have left the organization, but they moved within the department and still have that email,” Singh explained. “So, it’s culling through some of those lists and making sure that people are sent information they actually need to… do their jobs.”

“That effort is going to be ongoing [and] not just going to stop tomorrow and it’s not going to stop after a week because it’s going to be a long-term effort,” she said separately.

People have already been purged from these distribution lists, according to Singh but she declined to say just how many. 

Although this recent document leak has prompted the department to take new, initial steps to shore up document access, the Pentagon has long sought reforms for how it handles access to sensitive and classified information.

For example, prior to the leak the office of the CIO already had been front and center of bolstering cybersecurity across the Pentagon. In January last year, President Joe Biden signed a memorandum mandating the DoD CIO and those of the intelligence agencies to keep an inventory of information systems that “do or should likely” constitute national security systems.

The DoD CIO, John Sherman, is also leading the effort to implement zero trust, a security strategy that assumes no user is ever fully “trusted” on a network and must continuously be validated through every stage. Sherman aims to have that in place across the board by fiscal 2027.