GPS Apps Are Off-limits To DoD Employees And Deployed Service Members

The DoD reevaluated employees’ use of electronic devices after Strava, a fitness app, used satellite information to map users’ locations at multiple overseas military bases and published those locations on a map. As a result of a new memo from a new memo from Deputy Defense Secretary Patrick M. Shanahan, location-based social media and other GPS apps are now off-limits to DoD employees and deployed service members in deployed locations. “These geolocation capabilities can expose personal information, locations, routines and numbers of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” he wrote.

Commanders Make The Call On Risk

Combatant commanders in operational areas may authorize the use of geolocation services on government-issued devices based on mission necessity, but they must take into account potential risk to operations security. They may also authorize use of geolocation services on personal devices after conducting a “threat-based comprehensive operations security survey.” On the surface, this is a long-overdue policy that is critical to maintaining operational security. However, there is a human component intertwined with a technology component where training and awareness may fail. DoD employees may unwittingly enable location on a device as a result of an update on a phone or plain fatigue from choosing to disable/enable location services when they are not subject to the policy.

Maintaining Situational Awareness And Mitigating Risk With Automation

To execute on this policy, personnel and commanders will need support with continuous monitoring capabilities like Location Monitor and Web Presence Monitor. These capabilities will assure commanders assure policy is being adhered to. It will also enable personnel to focus on mission without worrying about innocent mistakes that can be exploited by threat actors. Automated threat monitoring of locations, quick-turn disablement and the proper data sanitizing from open sources will be required to mitigate location exposures. This will enable commands to collect, correlate, and analyze to determine security posture to maintain situational awareness to high risk situations. Secondly, the risk doesn’t stop at GPS enabled devices. Settings in location-based social media applications that tag a place or mentions where location can be inferred by natural language processing technology will also have to be managed.

The market for location-based social media applications has exploded over the past few years, DigitalStakeout maintains visibility into location-based open sources to detect and mitigate risk to your mission, assets and personnel.