WASHINGTON – Democrats and Republicans expressed unified concerns on the need to protect Department of Defense personnel’s data during a Senate Armed Services Committee hearing on Tuesday.
Publicly available data across social media and other private information stored in cellular devices carried by military personnel and DOD contractors can be easily weaponized by U.S. adversaries, namely China and Russia, according to testimony delivered to the Emerging Threats and Capabilities subcommittee.
In 2018, the fitness app Strava exposed sensitive military information, including base locations and layouts, when soldiers used the app to track their exercise routes in its online map. Separately, in 2024, U.S. internet-service providers including AT&T, Verizon and Lumen Technologies, were hacked in a cyber attack by the Chinese government to gain access to presidential candidate communications. The attackers, dubbed ‘Salt Typhoon’, targeted vulnerabilities in unencrypted communication.
Justin Sherman, the founder and CEO of Global Cyber Strategies, told the Medill News Service that protections should have been put in place to protect against these attacks ten years ago.
“What can we do next year to ensure that whether it’s a contracting provision or more resourcing or a training requirement, that we are at least inserting more requirements then we have now,” said Sherman.
The United States Government Accountability Office released a report titled, “DOD Needs to Address Security Risks of Publicly Accessible Information” following the hearing. The report made 12 recommendations, including collaboration across the DOD to keep sensitive data out of public forums and called for the implementation of routine security checks as well as programs to educate service members.
Michael Stokes, Vice President of Strategy at Ridgeline International, emphasized the need for DOD to avoid using open-source, publicly available infrastructure that can be exploited by adversaries.
“This conversation has been going on since 2016,” said Stokes, adding, “it’s just now coming out into the open more, so I’m thrilled that it’s now in the public and we are looking at this problem from a holistic view,” Stokes said.
Sen. Garry Peters (D-Mich.) recognized the need to protect critical DOD data as the threat of emerging technology grows.
“There’s no question that AI has tremendous potential for bringing great good to our society, but there are also ways in which AI can be used in more nefarious ways, so it’s important for us to have oversight and thoughtful regulation, and there’s got to be a way we can do that in a bipartisan way,” Sen. Peters said.
Sen. Joni Ernst (R-Iowa) agreed.
“It’s just common sense we’re dealing with a lot more information that’s being put out in the digital space. We want to make sure that people know that it’s, it’s accurate, it’s authentic and it is a bipartisan bill so we’re very hopeful,” Sen. Ernst said.