On April 13, 2023 in North Dighton, Massachusetts, a scene that looked like something out of a Hollywood movie unfolded as the FBI, with full SWAT gear and a helicopter buzzing overhead, descended on the home that Airman First Class Jack Teixeira lived in with his mother. The details that followed were shocking to the public as well as our nation's leaders. 21 year old Airman Teixeira had allegedly taken untold numbers of highly classified intelligence documents and posted them in an online Discord chat room for gamers for seemingly no other reason than to gain their respect. How could something like this happen?
Russia, A foreign Intelligence Service, or Insider Threat?
In the weeks leading up to Airman Teixeira’s arrest, the Pentagon seemed caught off guard by numerous leaked intelligence documents released on various regions of the internet. Rumors swirled about where the leaks came from. Had Russia somehow stolen these documents through espionage and published them to weaken the coalition standing against its war on Ukraine? Was it another foreign intelligence agency that looked to harm the United States and its allies? Was it an inside job, maybe a disgruntled employee with access to the information?
While to many, the mention of spies stealing Top Secret documents may sound like something that only happens in action movies, it’s a real threat for anyone working in National Security. I would have bet a large sum of money that Russia was behind the leak, and we now know I would have lost that bet. So back to my original question, how did a 21 year old junior enlisted Airman access Top Secret intelligence reports and publish them to the internet without anyone noticing?
The Castle and Moat
Traditional network security can be compared to the moat around a castle. Picture a beautiful castle full of the king’s gold, but to get to it you have to climb a tall rock wall and then cross a moat full of alligators. The process to gain access to government classified information is very hard. You need an extensive investigation to get a security clearance, you must have physical access to the facility, and you must have a network account. For a malicious actor the landscape is even more treacherous with sophisticated firewalls and other advanced security appliances constantly searching for any malicious data packets just as a Surface to Air Missile searches the sky for hostile aircraft. Any malicious traffic detected is “shot down.” This defense-in-depth approach to security makes it all but impossible to gain access to these highly secure networks.
This moat is very difficult to get around! However, once you are inside the castle (on the network), you are treated like you should be there and the security is more relaxed. This is what allowed Airman Teixeira’s activity to go unnoticed. After all, he had a valid security clearance and administrative rights on the network. So now for the question that many senior government officials, the press, and concerned citizens are asking. How can we prevent something like this from happening again in the future?
Part of the Answer is Zero Trust Security
In this previous blog, Second Front Systems® explains how the government’s zero trust strategy greatly improves on traditional network security. It is defined by five foundational tenets: assume a hostile environment; presume breach; never trust, always verify; scrutinize explicitly; and apply unified analytics. Zero trust verifies users by using multiple factors, authenticates the devices they are connecting from, and ensures network resources are only available to those who have been granted access. In addition, data is clearly labeled and marked for classification while robust monitoring and system detection identifies abnormal behavior. Application service and workloads are also secured and monitored, and security tasks are automated to allow a rapid response to threats. All of these measures combined will protect sensitive government data from external and internal threats.
Under a zero trust architecture, Airman Teixeira would have been given access to perform administrative actions on the network without the ability to access sensitive intelligence documents, and if he tried to access files inappropriately an alert would have been generated. In the event that no one noticed the alert right away, the audit logs would have clearly led back to him as soon as security knew something wasn’t right. As the Navy CTO said in this article, the government is moving in this direction, but this event shows the importance of speeding up the migration of sensitive government networks to more secure networks that incorporate zero trust security. This migration should include classified infrastructure in the cloud. If you really want to dive deep into zero trust, I recommend the book Zero Trust Security: An Enterprise Guide, by Jason Garbis and Jerry W. Chapman.
Champions of the Zero Trust Strategy
Two government leaders who are leading the charge on implementing zero trust security are Jay Bonci, CTO of the Air Force, and Angelica Phaneuf, CISO at the Army Software Factory. Both of these organizations are pushing the envelope of zero trust, expanding access to DoD services while simultaneously increasing security. As this incident shows, the migration of classified data to networks protected by zero trust security can’t come soon enough!
To help commercial companies streamline their delivery of emerging technologies to U.S. and Allied warfighters, Second Front Systems® offers Game Warden®, a DevSecOps platform and secure cloud hosting environment that removes the burden from commercial software companies by enabling them to leverage our security controls and DoD-approved platform to accelerate software delivery. Learn more about how Game Warden can help you accelerate the delivery of your software to the DoD and NatSec community by downloading our white paper, or by contacting us here.