Former Marine general target of Stuxnet leak investigation

This seems rather disturbing.  Usually, leakers come from lower in the ranks, not from the Vice Chair of the Joint Chiefs of Staff:

Retired U.S. General James Cartwright is the target of a Justice Department investigation into the leaking of secret information about the Stuxnet virus attack on Iranian nuclear facilities in 2010, NBC News reported on Thursday, citing unidentified legal sources.

NBC said Cartwright, once the second highest ranking officer in the U.S. military, is being probed over the leaked information about the computer virus, which temporarily disabled 1,000 centrifuges used by Iran to enrich uranium, setting back its nuclear program.

The United States and Western powers believe the Iranian nuclear enrichment program is aimed at building atomic weapons, while Tehran says it is solely for civilian energy purposes.

CBS says its sources confirmed the story:

A former vice chairman of the Joint Chiefs of Staff is under investigation for allegedly leaking classified information about a covert cyberattack on Iran’s nuclear facilities, U.S. officials confirmed to CBS News correspondent Bob Orr Friday.

Retired Marine Gen. James “Hoss” Cartwright has been told he is a target of the probe, NBC News and The Washington Post reported Thursday. A “target” is someone a prosecutor or grand jury has substantial evidence linking to a crime and who is likely to be charged.

“Hoss”? Seriously?

Cartwright definitely had the inside information to leak the program, which makes this part rather ironic:

In June 2012, the New York Times reported that Cartwright was a crucial player in the cyber operation called Olympic Games, started under President George W. Bush.

Mr. Bush reportedly advised President Obama to preserve Olympic Games.

According to the Times, Mr. Obama ordered the cyberattacks sped up, and in 2010 an attack using a computer virus called Stuxnet temporarily disabled 1,000 centrifuges that the Iranians were using to enrich uranium. …

The Times said Cartwright was one of the crucial players who had to break the news to Mr. Obama and Vice President Joe Biden that Stuxnet at one point had escaped onto the Internet.

A CBS notes, the leak in 2012 came at a time when Obama wanted to burnish his national-security credentials.  Republicans accused the White House of engineering the leak, and having a leaker this close to the White House will probably fuel speculation about his motives, if Cartwright is confirmed to have been the one who leaked it. Recall that the June 2012 leak to the Times and later the Washington Post both emphasized Obama’s role in accelerating the Stuxnet attacks while revealing the US role in the program.

Update: This is probably a bad time to bring up problems in security clearance investigations for contractors, huh?

Federal investigators have told lawmakers they have evidence that USIS, the contractor that screened Edward Snowden for his top-secret clearance, repeatedly misled the government about the thoroughness of its background checks, according to people familiar with the matter.

The alleged transgressions are so serious that a federal watchdog indicated he plans to recommend that the Office of Personnel Management, which oversees most background checks, end ties with USIS unless it can show it is performing responsibly, the people said.

Cutting off USIS could present a major logistical quagmire for the nation’s already-jammed security clearance process. The federal government relies heavily on contractors to approve workers for some of its most sensitive jobs in defense and intelligence. Falls Church-based USIS is the largest single private provider for government background checks.

The inspector general of OPM, working with the Justice Department, is examining whether USIS failed to meet a contractual obligation that it would conduct reviews of all background checks the company performed on behalf of government agencies, the people familiar with the matter said, speaking on the condition of anonymity because the investigation has not yet been resolved.

Back when I got my clearances, I got them through DISCO, the Defense Industrial Security Clearance Office, which was part of the Department of Defense.  I don’t know if they subcontracted that out or not; I only dealt with DISCO and my employers, though.  If contracting out the clearance investigations proves to be a problem, then the DoD and intelligence agencies should take the work in-house.  But when the second-ranking man in the military is spilling the beans to the New York Times (if in fact he did so), then the problems go far beyond USIS.