This post is also available in: heעברית (Hebrew)

Two widely used American war-fighting mapping applications are marked vulnerable to cyberattacks by hostile actors. After a year and a half long investigation into the matter, the U.S Office of Special Counsel (OSC), an independent agency for internal investigations, has “fully substantiated” whistleblower’s warnings.

The mapping apps are used to accelerate precision targeting and facilitate situational awareness and data-sharing between ground forces and overhead aircraft.

The OSC blamed top Navy leaders and personnel in leaving sensitive data vulnerable for hacking. “When Navy leadership was made aware of software vulnerabilities, it failed to take sufficient action to warn U.S. military personnel or to safeguard sensitive data,” Special Counsel Henry Kerner said in a statement. “Thanks to a brave whistleblower who spoke up, the Navy is now taking the cyber threat posed by these apps seriously and ensuring security measures are in place.” This according to

The investigation found that two mapping software apps, known as KILSWITCH and APASS, were “broadly used in military operations” and have “significant cybersecurity vulnerabilities that have not been effectively mitigated.”

The apps provide satellite views of a warfighter’s surroundings similar to Google Maps that help pinpoint locations. They also enable forces to talk to each other and share updates in real time like instant messages to provide better situational awareness.

Before the development of sophisticated satellite-mapping software programs, requests for airstrikes and other close air support were done using radios and paper maps. After the initial request, there would be a long lag time for the airstrikes to arrive.

Careful coordination between the Joint Terminal Attack Controllers (JTACs) and the inbound aircrews is necessary in order to avoid friendly fire. In intense combat situations, such constant coordination can take place in the middle of a firefight with opposing forces.

While some special operators in the Navy and conventional Marines readily embraced the KILSWITCH/APASS applications, critics aware of the hacking weaknesses point to a preferred and more trusted geo-spatial program that provides up-to-the second situational awareness with software that has been rigorously tested and doesn’t have the cybersecurity vulnerabilities. It is called the Android Tactical Assault Kit (ATAK), which was developed and fully vetted and tested by the Air Force Research Laboratory (AFRL).