Maya Villasenor, Guest Contributor
Ukrainian forces recently leveraged Russian phone signals to strike a temporary base in the occupied city of Makiivka, killing dozens (or more—the toll is highly disputed). The Russian Defense Ministry subsequently issued a rare statement attributing the unprecedented loss to the widespread, albeit unauthorized, use of personal phones. While powered on, the phones had been pinging Ukraine’s cellular network, allowing Ukrainian forces to triangulate precise location information.
Russia is rumored to have similarly exploited roaming signals to track Ukrainians by equipping trucks and drones with cell-site simulators. Between 2014 and 2016, Russian hacking group Fancy Bear (APT 28) purportedly followed Ukrainian artillery movements using Android malware.
The universal adoption of smartphones, as well as social media, has revolutionized the dynamics of surveillance, especially in theater. Social media requires few intermediaries, meaning that members of the armed forces can—and do—use smartphones to participate in online dialogue without oversight. More data—such as locations, and information about habits, health, relationships, religious beliefs, and more—is being generated and shared than ever before. Although militaries often instruct soldiers in the field not to utilize personal phones, the rules are regularly ignored.
Military commanders historically exercised a high degree of control over the information flowing from and to the troops under their supervision. In the pre-digital days, soldiers who wrote letters to send by postal mail understood that their letters were subject to inspection by censors. Today, the sheer volume of digital information that can be conveyed by service members either intentionally (e.g. through social media posts) or inadvertently (e.g. through the use of apps that send data to the cloud) makes it impossible as a practical matter for military leaders to maintain full oversight over the flow of information. Military leaders in turn have little understanding of the information that their subordinates inadvertently make available to adversaries.
The prevalence of smartphones today has drastically shifted the availability of intelligence. However, analyzing the sheer volume of available data is incredibly challenging. Asymmetries therefore emerge not in access, but in discovery capabilities. For instance, states have varying access to advanced artificial intelligence used to extract meaning from large volumes of data.
Unfortunately, securing smartphones against information leakage is difficult (due to the range of signaling protocols, each with their own exploits), and impossible when smartphone owners themselves post on social media or convey sensitive data to third parties (such as Strava). Attempts to curb personal phone use among troops—such as the threat of military jail for Russian soldiers that violate smartphone use and social media policies—have been unsuccessful in preventing their use.
Military leaders have occasionally banned phones altogether: In 2020, U.S. Army paratroopers deploying to the Middle East were prohibited from carrying personal devices, in part because of the cyber capabilities demonstrated by Russia, China, and Iran in the region. However, South Korea, which had once outright banned personal phones (and strictly enforced the rules), eased its policy in 2018 due to dampened morale and widespread frustration.
Militaries need to adapt to the realities of an era in which smartphone and social media use by soldiers is inevitable. Proactively understanding specific vulnerabilities associated with the ecosystem of data collected by apps running on soldier’s smartphones could help identify which apps are particularly good (or particularly bad) at protecting data that might be of interest to military adversaries.
Part of the solution also requires rapidly detecting and localizing unauthorized transmissions from within friendly ranks while abroad, as well as creating technical frameworks to enforce security policies. Militaries are already monitoring their own troops—Israel has been eavesdropping on its soldiers for over a decade, and the United Kingdom claims to disable personal devices that breach protocol—but capabilities are neither comprehensive nor consistent.
More crucial, however, is educating soldiers that some forms of smartphone use, although seemingly innocuous and important for morale, expose far more than expected. It is insufficient to rely on generic policies and handbooks.Instead, military leaders should make digital hygiene a key component of programs like Advanced Individual Training, where soldiers should be taught the basics of signals intelligence, and how they could avoid the most glaring collection opportunities. This program could be used to build a culture of awareness throughout the military, including through conveying sobering real-world examples that illustrate the potential consequences of unsafe smartphone use. The Israeli Defense Forces' approach of prioritizing both digital technology, as well as appreciation of its dangers, could serve as a potential model.
Despite their troubling vulnerabilities, smartphones on the battlefield do enable immense tactical opportunities. A key challenge for modern militaries lies in maximizing the benefits of the extraordinary communications and computational capacity of current and next-generation smartphones while sufficiently mitigating the equally extraordinary cyber and intelligence risks involved in their use.
No comments:
Post a Comment