Federal workers are advertising their security clearances on LinkedIn. Agencies say those are ‘top secret’ for a reason

This post was originally published on this site

U.S. federal workers and military personnel are using LinkedIn to publicize the fact that they can access top secret government information, a move that experts say can “elevate targeting risk” from adversaries.

Last week, The Telegraph reported that the British Ministry of Defense had told its workforce to delete information about their security clearance from their LinkedIn profiles, citing the growing threat of Chinese espionage.

“If individuals use social networking sites/apps and advertise their security clearance (e.g. the level of clearance they hold), they are putting their self [sic], colleagues and national security at risk,” the MoD reportedly said in an internal memo. “Individuals must remove these details from their social networking profiles immediately.”

Several people with high-level security clearance from the U.K. government—granting them access to highly sensitive information—are still publicizing their security clearance level on LinkedIn.   

But the issue isn’t limited to the U.K.

Fortune found multiple LinkedIn accounts belonging to Americans who were using the platform to publicize the fact that they had access to top secret information.

Publicizing ‘top secret’ clearance

In U.S. federal government jobs—including those in the military—there are three national security clearance levels: confidential, secret, and top secret.

A number of the LinkedIn profiles Fortune found were advertising Top Secret/Sensitive Compartmented Information (TS/SCI) clearance, with individuals who displayed their security clearance status working in a mixture of private sector and government jobs.

A spokesperson for the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence told Fortune that individuals working for the U.S. government were encouraged to take a range of steps “at a minimum” when it came to social media.

Those steps included taking care about what was posted on social media about their work—including security clearances—“as it could draw attention from criminals or adversaries.”

Other steps federal workers were advised to take included never accepting online invitations to connect from people they don’t know—even if they are a friend of a friend—and validating requests to connect through other means before accepting them.

Staff were also encouraged to review their social media settings to control the amount of information they were presenting to the public, the NCSC spokesperson added.

Fortune sent requests to connect to a handful of random LinkedIn users who were publicly advertising their active TS/SCI status on their profiles. Almost all of them accepted, despite the request coming from a complete stranger.

None of the people who accepted a request responded to Fortune’s questions about why they were publicizing their national security clearance status.

‘Sensitive information’

Jobs site Indeed describes TS/SCI clearance as “one of the highest levels of security clearance,” meaning anyone who has this level of clearance has access to highly sensitive information.

“TS/SCI clearance allows you to access sensitive information that is not available to the public,” Indeed’s team said in a blog post in June.

“Sometimes, this can mean access to data, information or even technology that is only available to those with the appropriate clearance level. Often, the type of data that someone with a TS/SCI clearance might access involves national security.”

When a job or project requires access to classified national security information, the relevant level of security clearance can be granted by one of several government agencies, including the Department of Defense, the Department of State and the CIA.

Security clearance is granted after a background check, which is carried out by the Diplomatic Security Service, with some agencies requiring applicants to undergo a polygraph test. More than 38,000 personnel background checks are carried out for federal agencies each year.

Significant risk

Stuart McKenzie, senior vice president of defense and security analysis firm Mandiant Consulting’s EMEA operations, told Fortune that while the risk of advertising security clearances on LinkedIn and other social media sites may not be the highest threat, it could still pose a significant risk.

“Understanding who holds which clearance level and has been exposed to which data through previous work experience will elevate targeting risk,” he explained. “The [British Ministry of Defense] is correct in its assertions that you can put others at risk in this way. Exposing that you have recently worked on sensitive projects will expose your ex-colleagues and heighten their risk too.”

McKenzie added that there was no need for individuals to advertise their security clearance level on social media.

“It will only increase the threat to the individual and their employers,” he told Fortune.