Senate Hearing: Data Threats to Pentagon Personnel and Operations

The Evolving Threat Landscape

• 💡 The increasing interconnectedness of our lives has created a new exploitable surface for adversaries through metadata, location signals, app usage, and biometric data.
• ⚠️ Data that seems insignificant on its own can be aggregated to reveal troop movements, operational planning, and daily routines of DoD personnel.
• 🎯 Foreign intelligence services and cyber criminals can harvest and analyze this information, threatening DoD missions and the safety of service members and their families.

Adversarial Exploitation of Data

• 🔍 Adversaries can now access vast amounts of data that previously required extensive surveillance, lowering the barrier to entry for malicious actors.
• 📊 Data brokers, with both neutral and nefarious intent, along with artificial intelligence, increase the availability and potential exploitation of this data.
• 🚨 Examples include fitness apps exposing sensitive military bases and social media being used to geolocate personnel.

Key Witnesses and Their Insights

• 🎤 Dr. Joseph Kersbomb highlighted that DoD lacks a single entity to address all risks associated with data exploitation and found uneven progress in existing security disciplines.
• 🎤 Justin Sherman emphasized that the US is behind in recognizing the threats posed by the explosion of data and digital connectivity, recommending legislative action and a societal shift in attitude.
• 🎤 John Doyle, founder of Cape, explained how commercial cellular networks, which are convenient but vulnerable, are a primary vector for data exposure, with phones accounting for about 85% of data vulnerabilities.
• 🎤 Michael Stokes defined Ubiquitous Technical Surveillance (UTS) as a fused fabric of various data sources and recommended naming a single accountable lead, protecting people by shrinking the commercial attack surface, and closing infrastructure gaps.

Proposed Solutions and Recommendations

• 🏛️ Congress can compel the DoD to evaluate risk mitigation gaps and pass legislation to further protect Americans' data.
• 🛡️ DoD needs to improve policies, guidance, training, and assessments across security disciplines, integrating new threats into existing structures.
• 🎓 Enhanced training for service members on digital footprint awareness and the importance of technical solutions and policy changes are crucial.
• 🔒 Recommendations include establishing enterprise baselines for signature management, implementing