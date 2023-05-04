The Washington PostDemocracy Dies in Darkness

Discord leak lesson: Inefficiency is necessary for security

May 4, 2023 at 3:38 p.m. EDT
Deputy Defense Secretary Kathleen Hicks arrives for an April 19 closed-door briefing with senators about the Discord leaks at the U.S. Capitol Visitors Center. (Chip Somodevilla/Getty Images)

David Ignatius did an excellent job explaining the issues in his April 30 op-ed, “To keep secrets safe, assume there will be bad actors.” However, his sources still do not understand the problem.

The reason security leaks keep happening is that the system relies on information technology (IT) support to be the gatekeepers for all the information and to set up a “zero-trust architecture.” The problem is the gatekeepers have all the keys, and they appear to be able to let themselves in whenever they want. The gatekeepers require supervision and oversight. Our intelligence agencies must go back to the old rule that a clearance does not give you access to everything. Gatekeepers should have “need to know” approved by their supervisors. IT people never have the need to read classified documents; they should only provide support to analysts to access the information.

Supervision and enforcing “need to know” are the solutions. After Chelsea Manning/WikiLeaks and Edward Snowden, we made many recommendations to improve security. Mr. Ignatius’s op-ed revealed that those “controls eroded over time because the restrictions were seen as onerous and inefficient.” To be truly secure, you have to put up with some inefficiency and duplication of effort.

Denis Michael Katchmeric, Gainesville

The writer is a retired Defense Department senior analyst.

