The Defense Department Office of the Inspector General (DoD OIG) identified critical lapses in the handling of classified mobile devices by three U.S. combatant commands and the Defense Department's IT support agency. A report revealed that U.S. European Command, two subcomponents of U.S. Special Operations Command, and the Defense Information Systems Agency (DISA) failed to follow established cybersecurity protocols. These lapses included incomplete inventory records and insufficient management practices, leaving sensitive information exposed to potential cyber threats.

The organizations did not maintain accurate inventory records for classified devices. Key details such as the user’s name, associated defense agency, device type, serial numbers, phone numbers, classification of stored data, and usage conditions were either missing or incorrect. These gaps created vulnerabilities that could undermine national security. Pentagon Inspector General Robert P. Storch underscored the importance of securing these devices, calling it a critical operational mandate for the Department of Defense (DoD).

The audit examined devices from DISA, U.S. European Command, and U.S. Special Operations Command Headquarters and Central. The findings highlighted systemic issues, including an inability to manage the surge in mobile device usage during the COVID-19 pandemic, when teleworking became the norm. Inventory records in some cases contained outdated or erroneous information, further compounding the risks.

To address these issues, the DoD OIG recommended immediate corrective actions. The U.S. European Command and U.S. Special Operations Command were directed to update their inventory records, improve their mobile device management programs, enhance training protocols, and reassess the necessity of classified device usage for personnel. Both commands have reportedly complied with these recommendations.

DISA was also advised to overhaul its inventory management process to ensure accurate and up-to-date records. In response, DISA committed to implementing a more robust tracking system for classified devices. These measures aim to prevent future lapses and strengthen cybersecurity practices across the DoD's mobile infrastructure.

The findings emphasize the need for improved oversight and strict adherence to cybersecurity protocols. As the DoD's reliance on classified mobile devices grows, ensuring their secure management is essential to safeguarding sensitive information and maintaining mission integrity.

Disclaimer:This image is taken from Getty Images.