The US Government Accountability Office (GAO) testified before the US Senate Committee on Armed Services’ Subcommittee, presenting its work on US Department of Defense (DOD) efforts to mitigate national security risks and assess DOD components’ efforts to protect the digital footprint of DOD personnel. Its findings are equally informative for any content-driven operation with concerns about piracy.
DOD is one of 38 areas monitored in the GAO’s High Risk List, which identifies government programs and operations with serious vulnerabilities to waste, fraud, abuse, or mismanagement, or in need of transformation.
Sources of the data making up the digital profile include:
- Online activity, such as web browsing and the use of social media
- Personal mobile devices that transmit location data and share data about the owner
- Data brokers that aggregate and sell data
- DOD press releases and other public communications
- Sensors that broadcast the location of military vessels
Malicious actors could collect and analyze this readily available data to identify and harm DOD personnel or their families or track and disrupt DOD operations.
Use-cases
The report uses several use-cases to illustrate the risks, including
- Exposure of military training materials to discern military capabilities and operational details
- Personnel profiling that can expose details of personnel, patterns of behavior and family details
- Disruption of aircraft carrier operations by scraping press releases, social posts, internal communications, and connected devices to build real-time intelligence of movements
- Endangering military leadership by monitoring conference registrations, personal devices, social posts, to track and predict an official’s movements and objectives
Workflows behind these scenarios are detailed in the report, linked below.
Recommendations
GAO listed 12 recommendations to DOD to assess its policies and guidance; collaborate to reduce risks; provide training on the digital environment and its associated risks across security areas; and complete required security assessments.
Recommendations include
- Assesses existing departmental security policies and guidance to identify gaps associated with risks in the digital environment
- Reduce exposure of DOD and its personnel being publicly accessible
- Ensure that security training to ensure that digital profile issues are considered in all security areas and to its workforce
- Ensure that branches of the miliitary and DOD intelligence agencies conduct required assessments in the security areas of force protection, insider threat, and mission assurance
These recommendations are detailed in the report, linked below. DOD concurred with 11 of 12 recommendations and partially concurred with one. GAO maintains that all recommendations are warranted
Why it matters
Massive amounts of traceable data about military personnel and operations now exist due to the digital revolution. Public accessibility of this data enables malicious actors to exploit critical information and jeopardize DOD’s mission and the safety of its personnel.
The risks and GAO’s recommendations apply universally to any digital operation, including those which have the potential to expose premium media & entertainment content and services.
Further reading
Information Environment: DOD needs to address security risks of publicly available information. GAO-26-107492. Published October 7, 2025. Released November 17, 2025. US General Accountability Office (GAO)
