An investigation by the U.S. Office of Special Counsel found that the Department of the Navy failed to adequately address the cybersecurity vulnerabilities in two software applications known as KILSWITCH/APASS.
These apps work by showing satellite images of surroundings, including nearby enemy and friendly forces. The apps also work as a replacement for radio and paper maps, allowing troops to coordinate with other military branches via real-time messaging. However, the two apps were meant for training and military exercises primarily, not to be used in active combat. The vulnerabilities could have allowed enemy combatants to access troops’ information.
The report by the Office of Special Counsel states that Naval personnel were not accurately advised as to the nature of these two apps, and what kind of danger they might have been in for a year.
“Significant concerns remain relating to the extensive and apparently unregulated distribution of the software, and the circulation of notice concerning its shortcomings,” Special Counsel Henry Kerner wrote in a letter to the president.
The report states that thousands of copies of the software programs were loaded on to government issued tablets. Poor internal controls are cited as the reason that unsecure, untested software was distributed to front-line personnel.
“It is clear, based on the information in the report, that the military maintains a complex process for the approval and evaluation of software used by military personnel. This process was totally circumvented here,” Kerner wrote.