The Defense Department's efforts to restrict access to its most sensitive databases remain inadequate more than four years after the high-profile leaks by former National Security Agency contractor Edward Snowden, according to the Pentagon's inspector general.
In a report released Friday, the federal watchdog listed the issue as a top management challenge confronting the military, alongside the threat of North Korea, Russia, Iran, and transnational terrorism, among others.
The Pentagon has been particularly troubled by the ability of employees or government contractors to steal and disseminate troves of classified information, spurring the implementation of a series of new protections to better safeguard sensitive data and monitor those with access to it. Even so, the Defense Department remains vulnerable.
"Although the DOD has made progress defending against insider threats, more progress is needed," the inspector general said. "Despite efforts to limit insider risks, two contractors working for the NSA removed classified information in 2017 and in at least one instance disclosed classified information detrimental to national security."
The indictment of former NSA contractor Reality Winner in June on charges that she printed and mailed to a news outlet a top-secret document detailing how Russia had attempted to hack a U.S. company that provides election software revived scrutiny of how the Pentagon protects its secrets.
Not even a year earlier, Russian government hackers stole and began leaking highly sensitive NSA spying tools after a contractor removed the classified material from a government database and put it on his home computer. The disclosures have continued throughout this year.
Leon Panetta, the former defense secretary and director of the CIA, told the New York Times earlier this month the Russian leaks "have been incredibly damaging to our intelligence and cyber capabilities."
"The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected," Panetta said.
Despite the government's attempts to overhaul the way classified information is handled in the four years after the Snowden leaks, more than 400,000 contractors still hold top security clearances that grant access to sensitive surveillance or data, according to official numbers.
The inspector general in July offered more than 100 recommendations to improve the Pentagon's efforts to stave off insider threats, but the watchdog said many of those have yet to be implemented.