Subscribe
A soldier sets up a government-issued cellphone.

A soldier sets up a government-issued cellphone in 2020. U.S. European Command and segments of U.S. Special Operations Command mismanaged issuance of classified mobile devices to personnel, which may have put sensitive information at risk, according to a Defense Department Inspector General report. (Nathan Hammack/U.S. Army)

STUTTGART, Germany — U.S. European Command and portions of U.S. Special Operations Command may have put sensitive information at risk by haphazardly handing out mobile devices to personnel for three years, according to Pentagon investigators.

A heavily redacted report released Monday contains the findings of an audit by the Defense Department Inspector General. EUCOM and two SOCOM segments didn’t maintain complete or accurate inventory records for classified mobile devices, it said.

Deficiencies were found in all the required elements related to device training and user agreements, annual reviews and so-called incident response plans.

Maintaining complete inventory records enables commands to ensure proper administration and quick intervention if a device is involved in a cybersecurity breach, the IG said.

Mobile devices are “a primary target for cyber threats which could compromise data and the national security landscape,” Inspector General Robert Storch said in a statement Monday. “Securing these devices is not merely a technical priority; it’s a critical operational mandate.”

Under certain circumstances, the military provides personnel with commercial off-the-shelf mobile devices such as laptops, tablets and smartphones that are configured to securely access classified information.

The Defense Department Inspector General logo.

The Defense Department Inspector General said in a report issued Dec. 16, 2024, that U.S. European Command and segments of U.S. Special Operations Command were lax in issuing classified mobile devices to personnel during a three-year period. (Defense Department)

One of the driving factors in the lax distribution of mobile devices was the surge in demand for telework brought on by the coronavirus pandemic, according to the report.

The Pentagon components investigated in the audit between August 2021 and September 2024 included the Defense Information Systems Agency, which the report said had the same problems in issuing mobile devices.

The IG called for a corrective action plan and made dozens of recommendations focused on ensuring that the commands abide by cyber security protocols.

All Pentagon components should reevaluate their needs for classified mobile devices outside of secure spaces and recall ones that are no longer used or needed, the IG said.

Cyber security has been a top DOD issue for years. Troops and civilian employees must complete various training programs that highlight cyber vulnerabilities and the dangers of mishandling classified information.

The cyber realm has emerged as a major battleground, with Russia and China routinely trying to penetrate U.S. and allied networks.

Large chunks of the report were blacked out, making many of the circumstances and specifics related to mismanagement of the classified devices unclear.

EUCOM, DISA and SOCOM headquarters and Special Operations Command Central did not dispute the findings and indicated that steps would be taken to come into compliance with the various recommendations.  

author picture
John covers U.S. military activities across Europe and Africa. Based in Stuttgart, Germany, he previously worked for newspapers in New Jersey, North Carolina and Maryland. He is a graduate of the University of Delaware.

Sign Up for Daily Headlines

Sign up to receive a daily email of today's top military news stories from Stars and Stripes and top news outlets from around the world.

Sign Up Now