Mr. John Sherman, Acting Department of Defense Chief Information Officer participates in a virtual panel with Billington Cybersecurity at the Pentagon, April 15, 2021 (DoD photo by Chad J. McNeeley)
TECHNET CYBER 2023 — A full implementation of the Defense Departments zero trust strategy certainly might have helped prevent last month’s stunning leak of classified documents, according to the Pentagon’s chief information officer and the person ultimately in charge of keeping DoD data secure.
“I’ve seen in the tech media and the press and elsewhere different opining and stories about would zero trust have stopped this. I’ll tell you from my seat, I think it sure as heck would’ve made it a lot more likely that we would’ve caught this and been able to prevent it at the front end of something like this happening,” John Sherman told the audience at AFCEA’s TechNet Cyber conference in Baltimore.
Last month, Jack Teixeira, a 21-year-old member of the Massachusetts Air National Guard, allegedly leaked classified documents about the Russia-Ukraine war and several other topics on the social media platform Discord. Teixeira, who served as a “cyber transport systems journeyman,” held a top secret security clearance and maintained sensitive compartmented access, according to the Department of Justice compliant filed against him.
Although DoD officials told Breaking Defense following the leak that it was “too soon” to speculate on what preventative measures could have been taken to prevent the leak, Sherman said today that more focus needs to be placed on combating the threats from inside the department.
“We talk a lot about zero trust in terms of the global competition we’re in against state actors, People’s Republic of China and the PLA over there, Russia, Iran, North Korea,” he said. “But one of the most pernicious things we have to be aware of are insiders that will, using other means, release data that should never see the light of day in the way we saw here in this activity up at Otis Air Force Base.”
He added that a leak from a “trusted insider who has gone through the background investigation” and been given access to top-secret level capabilities is “a tough one that we have to be able to put measures to get after.”
“Another area we need to be conscious of is the balance of need to know with need to share… But particularly at the top secret level, where we have capabilities like [the governmental intranet] Intelink, where we have large corpus of documents and information there, we want analysts who are working in the intel sections to be able to connect those dots, to be able to do the work they need to do,” Sherman said at the conference. “But we also need to have some sort of data access controls.”
Sherman’s comments echo a statement from David McKeown, DoD’s chief information security officer, who told Breaking Defense following the leak that “an insider threat with legitimate authorization and access to information remains one of the most — if not the most — difficult challenges in protecting information.”
To that point, DoD is pursuing specific areas of its zero trust strategy and implementation roadmap, Sherman said — like robust user activity monitoring at the top secret and secret levels. As DoD CIO, Sherman is also tasked with conducting the 45-day review lead by the undersecretary of defense for intelligence and security into security related to the link case.
Sherman last month also issued a new directive giving the CIO’s of the military services a month to certify that their systems and networks comply with DoD’s least privilege and security access controls, DefenseScoop reported. He added today he wants to see the military services reach milestones outlined in DoD’s zero trust roadmap to fiscal 2027, the targeted date for implementing a baseline set of zero trust capabilities across the information enterprise.
