Department of War is leaking secrets, GAO warns.
getty
The Department of Defense needs to “address the security risks of publicly accessible information,” warns a report published Monday by the U.S. Government Accountability Office, an independent and non-partisan agency that works for Congress.
The report explains that the “digital footprints” from social media posts, press releases and other public information from the DoD, which Trump renamed the Department of War, could “threaten military personnel and their families, operations, and ultimately national security” and recommends new policies and training to address the risks.
The department defines such data, the GAO report said, as “a growing threat” and has taken steps to address the problem facing service members. The GAO even mentioned a new take on the old “loose lips sink ships” wartime motto, with a poster at the Department of War that reads “Loose tweets sink fleets.” But this is not enough.
“GAO determined that three of five offices under the Office of the Secretary of Defense have issued policies and guidance on the risks associated with the public accessibility of DOD’s digital information,” the report confirmed, going on to warn, “however, the policies and guidance are narrowly focused, do not include all stakeholders, and do not include all relevant security areas.”
“Massive amounts of traceable data about military personnel and operations now exist due to the digital revolution,” the GAO warned. Social media and a lack of proper training are exacerbating this. “Public accessibility of this data enables malicious actors to exploit critical information and jeopardize DOD’s mission and the safety of its personnel.”
The GAO confirmed that 10 components were not adequately addressing training and security assessments, which it considers essential for reducing the risk of digital threats. It warned that 90% of training materials did not “consistently train personnel on risks of digital information in the public across all relevant security areas,” while 80% of components “did not conduct assessments of threats across the required security areas of force protection, insider threat, mission assurance, and operations security.” Too much emphasis, the report said, sat with operations security.
This could lead, the GAO argued, to malicious actors using information “purchased from data brokers or collected from the web to identify and harm DOD personnel and their families.”
I have reached out to the Department of War for a statement, but in the meantime, the GAO recommendations include reassessing security training and auditing existing departmental security policies and guidance to identify gaps related to risks in the digital environment. The secretary of war should, the GAO said, make “recommendations on updating policy and guidance to reduce the risks of digital information about DOD and its personnel being publicly accessible.”