close
close

Mondor Festival

News with a Local Lens

Combatant commands mishandled classified mobile devices, audit finds
minsta

Combatant commands mishandled classified mobile devices, audit finds

Three U.S. combatant commands and the Defense Department’s IT Support Agency failed to follow cybersecurity protocols when handling classified mobile devices, according to a report from the Department of Defense’s Office of Inspector General. Defense published Monday.

The heavily redacted reporttitled “Cybersecurity Audit of DoD Classified Mobile Devices,” said U.S. European Command, two subcomponents of U.S. Special Operations Command and the Defense Information Systems Agency failed to maintain a accurate device inventory, an error that could leave sensitive information behind. vulnerable to cyber threats.

“The security of DoD mobile devices is essential to ensuring national security, protecting classified data, and ensuring the integrity of DoD missions,” Pentagon Inspector General Robert P. Storch said in a statement. “Securing these devices is not just a technical priority; it is a critical operational mandate that allows DoD to fulfill its mission safely and effectively.

The audit covered 43 aircraft from the Defense Information Systems Agency, 21 aircraft from the United States European Command, four aircraft from the headquarters of the United States Special Operations Command and five aircraft from the Special Operations Command Center. UNITED STATES.

The audit found that organizations kept incomplete records on devices, which should include the user’s name and defense agency, device type, device serial number, serial number, phone, the classification of data stored on the device, and the conditions relating to when and how the device is used. must be used.

Those responsible for managing and tracking devices failed, the report found, in part because of their inability to handle the surge in mobile device usage after the start of the COVID-19 pandemic in 2020, an event which forced many people into a teleworking situation.

The report also reveals that inventory records from the Defense Information Systems Agency and U.S. Special Operations Command Headquarters in some cases contained incorrect information about the devices.

The DOD Office of Inspector General recommended that U.S. European Command and U.S. Special Operations Command immediately correct inventory records to reflect all classified mobile devices, reorganize the device program classified devices and its training and to review the reason each individual uses a classified device to determine if they need it, among other recommendations. Both agencies complied with the recommendation, according to the report.

The audit further directed the Defense Information Systems Agency to correct its inventory records and develop a new process for maintaining accurate inventories. The agency responded that it would find a way to keep its inventory records up to date.

The report also called on the Department of Defense to encourage agencies under its umbrella to follow the report’s recommendations.

The DOD Office of Inspector General has made several efforts to address cybersecurity weaknesses, issuing a special report report in March, highlighting weak passwords and a denial of multi-factor authentications for Department of Defense contractors. The report found that between 2018 and 2023, five audits found that DOD officials were unable to properly verify whether contractors were meeting cybersecurity requirements.

Riley Ceder is a reporter at Military Times, where he covers breaking news, criminal justice, investigations and cybersecurity. He previously worked as a student investigative intern at the Washington Post, where he contributed to the Abused by the Badge investigation.