Don’t Send Safe Combinations and Classified Network PINS to Your Personal Email

Security clearance holders all go through an indoctrination briefing
that includes proper handling and storage of classified or protected
information. They also get an annual refresher training. Unfortunately,
some people find it difficult remembering information like safe
combinations and personal identification numbers (PIN) for access to
classified IT networks. A defense contractor recently had his
clearance revoked due to his mishandling of protected information
(Guideline K). Here are the particulars of his case:

Between 2015 and 2020 the contractor kept an excel spreadsheet
containing safe combinations and PINs for both his DoD CAC and
classified IT network systems. When this spreadsheet was discovered,
an investigation into possible spillage was initiated, and he
initially only admitted to having sent the spreadsheet to himself via
his DoD email and an unclassified personal email account just the one
time. However, later on in the investigation, he amended his statement
to having sent it to himself approximately 200 times over the
five-year time span. As a result, the DoD revoked his clearance and he
subsequently appealed to the Defense Office of Hearing and Appeals
(DOHA).

The DOHA judge cited the fact the contractor had received extensive
training over the years and knew what he was doing was counter to his
training, thereby indicating his actions were intentional and
deliberate. Add in the fact the contractor initially withheld
information on how many times he had done it, and you have a pretty
good recipe for concerns about his judgement and reliability. At the
end of the day the denial was upheld.