This is the second part in a series written by the Intelligence and National Security Alliance (INSA) Insider Threat Committee, Emerging Threat Working Group :Val LeTellier, Sue Steinke, Michael Crouse, Frank Greitzer, Eric Lang, James Onusko, Ross Tapp, Fred Walker, and Bishop Garrison.
Based on publicly available court documents, it is known that Air National Guardsman Jack Teixeira allegedly repeatedly accessed classified information without a need-to-know, even after being directed by his leadership not to access similar information. He then allegedly shared the information on Discord, a social media platform not authorized for classified information to anonymous individuals.
What has not yet been publicly disclosed is how the Air National Guard security system failed to prevent the unauthorized disclosure of classified information.
While new details continue to be revealed, Air Force officials were aware of Teixeira’s transgressions months before his March 2023 arrest. Although he was reportedly written up in September 2022 for taking unauthorized notes on classified intelligence information and cited for ignoring this cease-and-desist order a month later, he continued to view classified intelligence information unrelated to his primary duty as late as January 2023.
Over the months Teixeira posted classified information on Discord, Teixeira displayed extremist views—exhibiting profound disloyalty to the U.S. government, an interest in racist and white nationalist propaganda, a fascination with weapons and war, and unusual opinions about mass shootings.
Psychosocial and behavioral indicators associated with violent extremism or weapons/mass shootings are themselves worthy of further examination. It’s possible that if not for his arrest, Teixeira might have carried out an act of violence like those that he had so frequently praised.
The question then becomes: Given the indicators of concern, why was Teixeira able to retain a top-secret security clearance?
One apparent reason for the disconnect between the presence of numerous insider threat risk indicators and prevention is a lack – or breakdown – of a holistic insider threat program at the government facility, despite Executive Order 13587, which “…requires the development of an executive branch program for the deterrence, detection, and mitigation of insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosures.”
A holistic approach incorporates the individual and their mental, emotional, financial, behavioral, physical, and virtual state–utilizing a ‘whole person’ and ‘whole threat’ perspective. In addition to using traditional technical safeguards, a whole person approach to insider risk mitigation considers psychosocial, personality, and behavioral factors along with contextual factors — like precipitating events and the work environment — to identify risk. This approach addresses the common root causes that result in different forms of attacks (data theft, fraud, sabotage, violence) – and in all domains (cyber, human, and physical). Importantly, it seeks to get “left of harm” by examining organizational factors or precipitating events that motivate insider attacks, while identifying and helping individuals before they take harmful action.
In this case, a holistic program would have integrated data between human resources, security, information technology, and insider threat elements (possibly including publicly available information “PAI”) into the continuous evaluation of base personnel, particularly those with privileged access. This would also enhance resilience by addressing individual vulnerabilities that adversaries typically exploit. Most important, it would have identified Teixeira earlier as someone requiring greater scrutiny as a security risk.
The continuing review of this case leads to questions that intelligence community security officials, commanders, managers, and human resources stakeholders should further examine in the search for policy reforms and strategies to improve insider risk management effectiveness. In future columns, we will examine the role of social media and PAI, the accountability of supervisors/managers/co-workers, and security training and policy.
Read more: Jack Teixeira: Anomaly or Archetype?