A new report finds that the Department of Defense needs to find more productive ways to address and mitigate risks associated with publicly available digital data of military personnel that could potentially harm service members and their families.

The report was publicly released Nov. 17 by the U.S. Government Accountability Office (GAO) and stems from prior testimony before the Senate Committee on Armed Services' Subcommittee focused on risks of publicly available data about DOD personnel and operations, and DOD’s own approach to address security-related risks.

Broader recommendations for more stringent guardrails to protect personnel and their families, in addition to national security as a whole, have been put forward by GAO to DOD— the latter of which was presented 12 recommendations to assess its policies and guidance; collaborate to reduce risks; provide training on the digital environment and its associated risks across security areas; and complete required security assessments.

DOD concurred with 11 of 12 recommendations and partially concurred with one as GAO maintains that all recommendations are warranted.

GAO found that digital activity from personal and government devices, online communications, and defense platforms such as ships and aircraft can generate volumes of traceable data, commonly known as digital footprints.

Malicious actors can take rather innocuous digital information and use it to their advantage, be it DOD press releases, news sources, online activity, social media posts, or ship coordinates.

Risks That 'Exploit Weaknesses'

Joseph Kirschbaum, director of Defense Capabilities and Management at the nonpartisan GAO, told Military.com^[1] that the full 63-page report was spurred by congressional members’ interest in understanding where DOD stood on the issue of risk associated with the vast amount of data and information in the public sphere.

“The increasing amount of this data and information and the changes in associated technologies have also increased the degree to which it is vulnerable,” Kirschbaum said. “Just as in the cyber realm, nefarious actors are increasingly interested—and able—to exploit weaknesses.”

A Pentagon spokesperson, in a statement to Military.com, deferred comment to the GAO.

Risk mitigation includes understanding policy, technology and culture. GAO requires regular employee training and awareness on the vulnerabilities of publicly available data and information, Kirschbaum said, as part of a well-rounded effort where every relevant agency and official is in the know.

Asked whether the report was issued due to heightened security risks or concerns, Kirschbaum said it’s more about the combination and overlap of risks and vulnerabilities.

“There have been increased examples of data brokers selling information about DOD personnel."

“There have been increased examples of data brokers selling information about DOD personnel,” he said. “There have also been examples of the potential risks of digital footprints, including the 2018 revelation that fitness trackers worn by military personnel were an operational security risk.

"GAO warned DOD about this in a 2017 report. Different parts of DOD have recognized these threats but have not considered them holistically.”

What The Report Says

A 16-page report detailing testimony from Kirschbaum provided to the Subcommittee on Emerging Threats and Capabilities, within the Committee on Armed Services in the U.S. Senate, says there are multiple actions that need to be undertaken by DOD to mitigate future security risks.

They include steps the DOD itself can take, such as assessing existing departmental security policies and identifying digital risk gaps; better collaboration across the agency; U.S. Cyber Command training; and ensuring that digital profile issues are considered in all security areas such as counterintelligence, force protection, insider threat, mission assurance, OPSEC and program protection.

GAO determined that three of five offices under the Office of the Secretary of Defense (OSD) already have issued policies and guidance on risks associated with DOD’s digital information.

“However, the policies and guidance are narrowly focused, do not include all stakeholders, and do not include all relevant security areas,” the report states.

Shoring Up Loose Ends

GAO also determined that 10 DOD components were not fully addressing two essential areas in accordance with risk management: training and security assessments.

Nine of 10 DOD components’ training materials did not consistently train personnel on risks of digital information in the public across all relevant security areas, while eight of 10 components did not conduct assessments of threats across the required security areas of force protection, insider threat, mission assurance, and operations security. 

Most components focused assessment efforts solely on operations security, per GAO.

“The recommendations we make in the full report^[2] reflect the fact that although divided among a number of security disciplines, DOD has an existing structure to assess and manage these kinds of risks,” Kirschbaum said. “Ensuring that the vulnerabilities and risks of publicly available information is part of that structure is the goal.

“The individual recommendations divide out specific elements, but it is the broader goal that will be the biggest benefit to the department.”

Former White House adviser and conservative commentator Steve Bannon wants an expedited review of Sen. Mark Kelly, telling Military.com^[1] that he expects the Arizona lawmaker to be imprisoned for remarks he made towards U.S. military members.

Bannon, in a phone conversation on Wednesday with Military.com^[2], said that the punishment for Kelly and five other Democrats he refers to as the “seditious six” should be “severe” and time sensitive. Kelly and colleagues have been caught in a firestorm over remarks they made about the Trump administration and encouraging troops to refuse so-called illegal orders.

The other Democrats are Sen. Elissa Slotkin (MI) and House Reps. Jason Crow of Colorado, Maggie Goodlander of New Hampshire, and Chris Deluzio and Chrissy Houlahan, both of Pennsylvania.

Bannon, who served in the Navy for eight years, said he was “shocked” when he first saw the video. At first, he wasn’t even sure if the footage of the members of Congress openly messaging to active-duty service members was real.

“When I saw it at first, I thought somebody was messing around with AI,” Bannon said. “Then I realized it's true. I have no earthly idea why they did it. … It's insanity, and clearly they're trying to intrude into the chain of command. That's why there’s no defense. 

“You have to take severe and dramatic action. And, I mean, for [Kelly], it's Leavenworth [Federal Correctional Facility in Kansas]. I think he's going to prison. I think Kelly's going to prison because it's so outrageous.”

Message to Hegseth, Pentagon

Bannon also wants Defense Secretary Pete Hegseth and Pentagon officials to move fast on the matter, rather than waiting until the almost mid-December deadline set to review all necessary information and justify whether legislators should be court-martialed.

“Pete, you’re secretary of frickin’ war,” Bannon said on Wednesday’s episode of his War Room podcast. “Recall this guy today. And let’s convene a court-martial Friday morning, 0800. And then have him in Leavenworth 0800 on Monday morning.”

According to a memo made public Tuesday by the Department of Defense, Hegseth ordered Navy Secretary John Phelan to investigate "potentially unlawful comments” and to report with findings by Dec. 10.

On Monday, the Pentagon announced it was launching “a thorough review” of allegations of misconduct against Kelly, a retired Navy captain and astronaut, for “serious allegations of misconduct.” That review has expanded to include the other Democrats who partook in and released the video last week.

“Those six, the seditious six, I don’t know why we went to Dec. 10th,” Bannon said on War Room. “It’s simple what they did. Just look at, recall Kelly. You want to send a shockwave to D.C.? They’re going to be cute. Like President Trump says, no games.

“So here’s no games: recall Kelly today. And let’s in fact tell the flag officers no long Thanksgiving weekend. Friday, you’re going to convene a court martial for him. And let’s roll, let’s get a verdict by Sunday. And let’s throw him in Leavenworth and throw him in prison by Monday. Let’s just roll, this is very simple. And then the other five are going to wet themselves and then start rolling them up. This is what has to happen.”

Bannon’s remarks on sedition echo those of President Donald Trump, who said following Democrats’ release of their video that their message could be construed as “seditious” and actions taken by “traitors.”

“In the old days, if you said a thing like that, that was punishable by death," Trump said.

Bannon agreed with Trump’s remarks, saying that the court-martial is going to have serious implications now.

“Are they going to get to the death penalty? I’m not a JAG lawyer, I think that is maybe a stretch,” Bannon told Military.com. “But when I say serious, I believe that Mark Kelly's going to Leavenworth.

“Plus, he's doubling down and tripling down. He's going on the shows. So no, this has got to be dealt with.”

Trump's 'Authoritarian' Administration

Kelly has maintained his resolve, saying in a statement Monday that he’s “given too much to this country to be silenced by bullies who care more about their own power than protecting the Constitution.”

In an appearance Tuesday on ABC’s Jimmy Kimmel Live, he made similar remarks.

“It is right out of the playbook, you know, the playbook of authoritarianism. That's what they do,” Kelly said. “They try to suppress speech. Every one of us has First Amendment speech rights, and I think the president is infringing on those and he is sending a pretty strong message.

“You do not want to cross him, and your loyalty should be to him. It should not. It should always be to the Constitution.”