Since the September 11, 2001 attacks, billions have been funneled into bolstering national security. Yet, experts caution that government facilities remain vulnerable to spies and information leaks.
The Intelligence Community has established standards, but information classified regarding government facilities faces threats from sensitive areas, with portable devices potentially facilitating hostile actions, according to a 2010 report. However, many of these critical facilities lack adequate tools to detect deceptive devices.
Rodney Alto, a retired Senior CIA Executive with a 35-year career at the agency, remarked that there’s a “wide range of actors” seeking sensitive U.S. national security information. He stated, “Whether it’s a nation-state, a terrorist group, or a criminal organization, the goal now is to utilize all available technology to gain access to private conversations.”
Currently, Alto is a senior advisor at Bastille, a radio frequency security firm. He pointed out that cell phones top the list of potential spying devices, asking, “How can I misuse my phone to overhear sensitive conversations?”
In recent years, mobile devices have become prime targets for espionage. Sources indicate that China’s intelligence operations have compromised data from over a million American phone users. U.S. officials deemed it a significant intelligence issue in 2024. And it’s not just Americans at risk; even French President Emmanuel Macron has reportedly faced targeting from spyware.
Macron is alleged to have been compromised by Pegasus software, developed by the Israeli NSO Group, meant to infiltrate electronic devices. The NSO Group denies any wrongdoing.
Federal agencies like the Department of Defense are sharing critical information within Sensitive Compartmented Information Facilities (SCIF) and Special Access Program Facilities (SAPF), where officials can discuss classified matters. Yet, despite signs banning electronic devices, Alto estimates that only a fraction of SCIFs and SAPFs effectively detect unauthorized devices.
Bastille, which monitors these facilities, utilizes wireless intrusion detection systems (WIDs) across 40 federal agencies. CEO Chris Risley noted that these systems spot thousands of devices annually, most of which are simply employees mistakenly bringing their phones to secure areas.
Risley emphasized the potential threats from cell devices. “It doesn’t take much for personal phones to compromise security,” he explained. Issues like unstable apps or unsecure Wi-Fi connections can lead to data theft and facilitate accidental leaks from well-meaning employees.
The very design of smartphones—equipped with cameras and microphones—means they can easily send information via various connections. Yet, Risley pointed out that signs forbidding devices in sensitive facilities aren’t enough; they can create “opportunities for crimes of opportunity.”
He elaborated on how employees often bring their phones to secure areas without any ill intent. Some might just think, “I’ll leave it in case my family needs to reach me.” But in a situation where someone wants to leak information, a phone camera makes it all too simple.
The issue is not new; a case recently emerged at the State Department where an employee allegedly took secret document photos with their phone and tried to share them online for payment.
This is becoming more frequent, largely due to the technological landscape, and experts recognize the urgency. Mobile devices as well as smartwatches and Bluetooth-connected items can be exploited if not properly safeguarded against unauthorized signals.
The Department of Defense addressed this vulnerability in a 2023 directive, instructing all SCIF and SAPF personnel to ensure compliance with a ban on personal devices and to develop systems for detecting unauthorized electronics.
However, Alto suggests that securing funding for these systems is essential. “It’s really about prioritizing our investments,” he said, emphasizing the need for better protection in sensitive settings.
He also called attention to the need for ongoing education regarding the risks associated with electronic devices in secure environments. “We have to keep leadership aware of how these rogue electronics can be misused,” Alto advised.
He noted that laws must hold violators accountable, as legislation in 2025 mandates the evaluation of cybersecurity for mobile devices used by the Department of Defense.
Alto concluded by stressing that lawmakers need to channel appropriate funding to safeguard U.S. national security effectively. “We need clear directions from Congress,” he stated.
“In the past, we focused on physical security around government buildings. Today, threats can easily come through mobile devices, which pose significant risks to national security because of the vast amount of data they can access,” he added.
