View by Author

Most Recent Articles

Jack Teixeira, US Air Force IT Technician

Mirror Selfies And Trusted Insiders

By Published On: 3 May 2024Categories: Defence, Security

What is it about the mirror selfie?

Share This Article:

Usually, they are persons of interest to police, footballers who have behaved badly, or in this case of this US Air Force member whose leaks revealed information about the Russia-Ukraine warChina’s development of hypersonic spy dronesNorth Korea’s nuclear weapons development, conflicts in the Middle East and the sabotage of the Nord Stream natural gas pipeline. But more on Jack Teixeira later. Is it their narcissism or are they so lonely they don’t have a friend to take their photo or don’t trust anyone to take a photo good enough? I wonder if vetting agencies should set a higher security clearance bar for people who take mirror selfies.

As I considered the recent examples of insider threat, and there have been some great examples, I reviewed some of my earlier blogs on the subject. On 11 April 2021, I spoke of the relationship between security and organisational culture.

When thinking about security in these times of heightened cyber threats we are often drawn to technical solutions. However, our investment in cybersecurity technology can be circumvented if we do not have a good security culture. And good security culture is an extension of organisational culture.”

And then;

The perpetrator of the alleged rape of Brittany Higgins is said to have previous form with respect to his attitude toward security. If someone places their own priorities over their organisation’s, their personal preference over the security of their colleagues, then they will probably have lower thresholds of regard for other values-based requirements such as fraud and anti-corruption or respectful workplaces.”

Bruce Lehrmann standing in front of parliament house

Interesting how that has borne out. What if Bruce Lehrmann’s security behaviour was called out and addressed, could it have been a trigger for a review of his behaviour, even some self-reflection (with or without a mirror)?

Now back to Jack Teixeira, the Air Force IT Technician. I highly recommend “The Discord Leaks” a story of one of America’s biggest national security leaks via his circle of associates in an online chat platform (https://iview.abc.net.au/video/NC2403H009S00).

He was detected as being responsible for security breaches by his supervisors on a few occasions. The incidents were recorded, and he was counselled. But there was no apparent sanction, and obviously no action that dissuaded him from his behaviour. In fact, an absence of sanction may have emboldened him. It is also a shame that these incidents, each one a red flag, were not a trigger for not just sanction of the individual but also ongoing monitoring as well as review of how the system failed. In summary, the first part of an insider program seemed to be there, the detection, but the response was flawed, and the detected threat remained in place with appalling consequences.

Another key issue with Teixeira is that as an IT technician, he may not have been accessing documentation directly for his work; collecting, collating and conducting analysis and authoring reports; but he did manage the systems that held this information and that provided him significant access. And potentially the knowledge to cover his tracks, but not well enough in his case. The wider lesson here is that it is not just the classification of the information that a person accesses that may determine their security clearance level but also the likelihood and consequences of their position if they were to be a malicious actor.

And not to leave our UK partners of the AUKUS arrangement out, there is another recent insider example provided by the arrest of Christopher Berry and Christopher Cash. Maybe Christophers who take selfies could be another indicator for vetting agencies.

Christopher Cash

Christopher Cash, a parliamentary researcher, was charged under the Official Secrets Act.

They are accused of giving “articles, notes, documents or information” to a foreign state, the Met Police said.

China has called the allegations “malicious slander”.

The full article is available at Two men charged with spying for China under Official Secrets Act (bbc.com).

Christopher Cash is a parliamentary researcher. Another example of a potential insider with access to information, and in this case, people in positions of influence.

So, four young men who have either behaved badly or in the case of the UK example, are alleged to have behaved badly. All had access to information. Three with privileged access to people in power. Three are known to have access to sensitive sites. Whilst we are still to hear about the behaviours of those in the UK, we know there was a poor attitude toward security by two of them.

What I said in 2021 still applies; “So, if security is sorted, it’s likely other things are as well. And conversely, if people are behaving in accordance with their organisational values then it is likely that security behaviours will be practised as well.”

What is it about the mirror selfie?

By Published On: 3 May 2024Categories: Defence, Security

Share This Article:

Categories

Subscribe

Subscribe to our newsletter and get the latest news and information from Anchoram.

View by Author

Most Recent Articles

Author Profiles