{"id":2522,"date":"2025-03-28T06:00:00","date_gmt":"2025-03-28T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2522"},"modified":"2025-03-28T06:00:00","modified_gmt":"2025-03-28T06:00:00","slug":"the-trump-administration-made-an-unprecedented-security-mistake-you-can-avoid-doing-the-same","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2522","title":{"rendered":"The Trump administration made an unprecedented security mistake \u2013 you can avoid doing the same"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

If you are the custodian for sensitive information, you have no doubt been watching the inexplicable mishandling of the US military attack on Yemen by the senior members of the Trump administration and perhaps hyperventilating. As a former intelligence officer, I know I was, and I haven\u2019t touched a piece of classified material since 2011.<\/p>\n

I handled sensitive and classified information daily from 1976, there are processes and procedures. If a government-issued and approved classified communications channel was unavailable, encryption protocols existed to allow information to be transmitted over Telex, leased lines, radio telegraph or continuous wave.<\/p>\n

Indeed, secure telephone units, known as \u201cSTUs,\u201d existed to allow landlines to be used for communication. As technology advanced, secure mobile devices were created and government-controlled networks, with appropriate government encryption, were provisioned and provided.\u00a0<\/p>\n

What transpired with the revelation by the editor in chief of The Atlantic, Jeffrey Goldberg, of the faux pas<\/em> of senior administration personnel went from bad to worse to the gutter in the span of 24 hours. If you haven\u2019t read The Atlantic writeup, you should (there are two pieces, the revelation from Goldberg<\/a> and then the subsequent release of the contents of the Signal chat<\/a>).<\/p>\n

Transgression #1 \u2013 Use of Signal for classified discussions<\/h2>\n

There is no getting around it, Signal is a ubiquitous secure chat application that is widely used by industry and, in appropriate circumstances, by government entities. Indeed, during the recent Kyiv International Cybersecurity Resilience Forum 2025 Signal was highlighted as an application which was in use and was actively targeted by the Russian Federation utilizing social engineering to worm their way into group chats of Ukrainian war fighters, access which could sufficiently compromise their operational security and resulting in lethal targeting by Russian forces.<\/p>\n

In January 2025, the State Department\u2019s Office of Inspector General issued an audit report they conducted on the US Embassy Kyiv<\/a> and its records retention, specifically for electronic messaging. Within the report, it is highlighted how the Embassy Kyiv uses Signal, yet did not satisfactorily preserve and protect the content of official business conducted via Signal.<\/p>\n

\u201cAccording to both Department and Embassy Kyiv personnel, Department procedures for preserving Signal messages are burdensome and do not fully address the technical limitations and information security vulnerabilities that personnel encounter when they attempt to preserve messages,\u201d the report said.<\/p>\n

Embassy Kyiv uses Signal to rapidly communicate physical security information as the application is sufficiently secure and easily accessible in a high-threat environment. In a nutshell, it is \u201cused for critical embassy security communications, including tracking personnel movements and announcing air raid instructions.\u201d State is now conducting a global review to \u201cassess the extent to which electronic messaging applications, including Signal, are used at posts worldwide to conduct Department of State business.\u201d<\/p>\n

The Signal group in question was set to automatically destroy content at the seven-day mark. Given the wide dissemination of the content, it may be the only Signal group chat that this group of seniors within the administration has memorialized.<\/p>\n

Based on my personal review of the content of the Signal chat, which included the secretaries of defense and state, the vice president, the CIA director, and the Director of National Intelligence, the information shared prior to the execution of a military operation was not only classified at the time of sharing but also operationally sensitive information which if revealed would place the warfighter at risk.<\/p>\n

Now, I\u2019m just an old HUMINT intelligence type, but take it from Amy McGrath, a former Marine F\/A-18 pilot who has posted on social networks her perspective<\/a>: \u201cThis info is classified BEFORE and DURING the operation. Everyone knows this. It\u2019s OPSEC<\/a> (operational security) 101.\u201d She continued<\/a>, \u201cOld F-18 fighter pilot here with 80+ combat missions \u2014 launch times on a strike mission ARE ABSOLUTELY CLASSIFIED.\u201d<\/p>\n

Signal is used by several government entities to include those whose principals were in the group chat. \u00a0Whether this specific level of classified information should have been discussed requires further investigation to make this determination by the appropriate entities.<\/p>\n

The fact that at least one of the participants was sitting in Moscow during this chat does not give me the warm feels, given the sophistication of Russia\u2019s communications intelligence capabilities and their ability to compromise mobile devices<\/a>.<\/p>\n

Transgression #2 \u2013 Inclusion of an individual with no clearance<\/h2>\n

Why and how the White House\u2019s National Security Advisor, Mike Waltz added Goldberg to this closed group on Signal is inexplicable. Goldberg explained in his piece he initially thought he was being pranked and rode the wave to see what evolved.<\/p>\n

As the chat evolved and precision information was provided, he explained how he pulled over to the side of the road and watched for evidence that an attack by the United States had occurred in Yemen, and when it did, he knew what he was witnessing was the leadership of the administration sharing sensitive information with him. From my personal optic, it appears to have been a human error, a mistake.<\/p>\n

Yet, those who have followed my opinion pieces know that the largest risk presented by insiders to the compromise of information or networks is negligent behavior. The recent 2025 Cost of Insider Risk report<\/a>, crafted by the Ponemon Institute, shows that over 55% of incidents find their genesis in negligent, non-malicious user behavior.<\/p>\n

If there is to be a prosecution following the non-malicious, negligent insider behavior and unauthorized revelation of classified information to the media, only time will tell. When Reality Winner shared classified information with The Medium<\/a>, she ended up in prison. Similarly, when classified information was mishandled and shared with those without a need to know, other prosecutions concluded with the individual also receiving years in prison.<\/p>\n

Some may view the inclusion of Goldberg as not an error, rather a masterclass-level act, to inform media and, with the ensuing revelation, subtly send a message to European allies by the Trump administration.<\/p>\n

If such was the case, the message carried the subtlety of a chainsaw and was clearly received as such. Former UK Defense Minister, Grant Shapps, said<\/a>, \u201cI agree Europe must do more on security \u2014 but Sir Keir [Starmer] should remind the USA the UK led from the front. I authorised four RAF strikes on the Houthis & the Royal Navy defended Red Sea shipping. Our forces risked their lives to protect trade. Some in DC need reminding.\u201d<\/p>\n

Transgression #3 \u2013 Trust is non-negotiable, yet the Administration trashed it<\/h2>\n

This \u2018mistake\u2019 was first denied by the principals \u2014 the CIA director, the national intelligence director, the secretary of defense, etc. \u2014 all claimed no classified information was discussed. Their defense was classic: \u201cdeny everything and make counteraccusations.\u201d Then they collectively went after the messenger, Goldberg.<\/p>\n

In a nutshell, the administration\u2019s laissez-faire<\/em> attitude truly leaves one with the notion that those in control are simply engaging in cosplay. During the chat, the defense secretary emphatically exclaimed that \u201cOPSEC was good.\u201d OPSEC was nonexistent.<\/p>\n

Trust has been broken. The principals dissembled, which made everything that followed suspicious. I would say that not only has trust been broken, it has been pulverized.<\/p>\n

Lessons to be learned from this rookie mistake<\/h2>\n

Cybersecurity leaders may wish to share the teachable moment of this incident with their teams.<\/p>\n

Communication is required by every enterprise, and the means to communicate must exist. Technology choices must be made, choices that will provide you with the appropriate level of security for the data being protected. The use of Signal for collaboration between the principals may have been a fully approved choice for the purpose used. When you choose a technology for your entity\u2019s communication ensure that the processes and procedures are clearly enumerated \u2014 and then scrupulously followed. \u00a0<\/p>\n

As many investigate insider errors of judgment which cause inadvertent compromise, corrective action must follow discovery. Given my somewhat attuned sense, this instance is not a one-off. I believe that an investigation will find that many daily conversations are occurring on the Signal platform between administration personnel that contain similarly sensitive and\/or classified information. Whether the information sharing via the Signal application is a violation of security protocols should not be difficult to ascertain.<\/p>\n

Those rolling up their sleeves and putting on their audit visor should take a page from the State Department and be tasked with determining how widely this non-government instant messaging application is being used, and in those cases where the content is subject to data preservation, ensure that such is the case.\u00a0<\/p>\n

Finally, if you stub your toe and inadvertently share information with an individual who doesn\u2019t have a need to know, own it. Owning your errors, no matter how small or egregious, goes a long way toward retaining trust.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

If you are the custodian for sensitive information, you have no doubt been watching the inexplicable mishandling of the US military attack on Yemen by the senior members of the Trump administration and perhaps hyperventilating. As a former intelligence officer, I know I was, and I haven\u2019t touched a piece of classified material since 2011. […]<\/p>\n","protected":false},"author":0,"featured_media":2523,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2522","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2522"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2522"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2522\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2523"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}