Watchdog wants defense CIO to supply evidence of improvements in ‘Signalgate’ aftermath
Since the Trump administration’s Signalgate affair surfaced in March, the Pentagon’s Office of the Chief Information Officer has been working on modern instant-messaging options for personnel to securely communicate at various classification levels in compliance with U.S. policies and the law.
But public details on those efforts are sparse — and challenges remain, according to a top defense watchdog.
The Defense Department’s Office of Inspector General published two highly-anticipated reports on Thursday associated with the Signalgate incident, which involved top national security leaders discussing sensitive strike plans targeting the Yemen-based Houthis, in a group chat with a reporter on Signal, the encrypted but unclassified mobile app.
“Together, these two reports address the March 26, 2025, request to the DOD OIG from the Chairman and Ranking Member of the U.S. Senate Committee on Armed Services,” a spokesperson said in an email.
In addition to the OIG’s new “Evaluation of the Secretary of Defense’s Reported Use of a Commercially Available Messaging Application for Official Business,” the watchdog released a separate report that summarizes its prior oversight projects related to DOD officials’ use of unapproved commercial texting applications.
These reviews shed new light on Defense Secretary Pete Hegseth’s early days in the Pentagon and his contributions to the “Houthi PC Small Group” Signal chat — as well as present-day technical and policy complexities that accompany the military’s growing demand for safe electronic messaging capabilities.
In the assessment of Hegseth’s Signal use for business purposes, the OIG noted that while he holds the authority to determine the required classification level of all DOD information he communicates, “the secretary’s actions created a risk to operational security that could have resulted in failed U.S. mission objectives and potential harm to U.S. pilots.”
However, the inspector general did not make “any recommendations in this report related to the secretary’s use of Signal to send sensitive nonpublic information because it represented only one instance of an identified, DOD-wide issue” that must be solved.
During their investigation for that 84-page review, the OIG learned that at Hegseth’s request, his junior military assistant “requested and oversaw the installation of a unique capability through which the secretary could access and control his personal cell phone from inside his secure office.” Multiple officials in the Pentagon CIO’s office also disclosed the existence of additional Signal group chats, via which Hegseth allegedly texted about official DOD activities and transmitted non-public government information.
The OIG’s separate, 65-page review proposed several new recommendations for the department’s chief information officer.
Notably, the watchdog directed the office to “source and maintain DOD-controlled capabilities that meet the DOD’s operational needs to share information across the DOD and U.S. Government and with foreign partners.”
Such assets should supply, specifically, the ability to communicate on approved and non-approved personnel mobile devices; share unclassified, controlled, and classified information; have a user-friendly interface and group environments; and comply with government-wide requirements to protect information and preserve official records.
Although she did not directly spotlight such capabilities in response to the OIG, the report states that the official performing the duties of the DOD CIO during the investigation, Katie Arrington, “partially agreed and stated that several steps have been taken to develop and maintain comprehensive, layered architecture designed to protect information at all sensitivity levels.”
In response, the inspector general determined that recommendation to be resolved but open, until the chief information officer “provides evidence that DOD-controlled capabilities meet the DOD’s operational needs to share information across the DOD and U.S. Government and with foreign partners, including the ability to use mobile devices and electronic messaging applications.”
The defense oversight hub also recommended that the CIO mandate a tailored training for the department’s political appointees, general or flag officers, and civilian executives about how to use mobile devices and applications in accordance with existing policies — and additionally, streamline the waiver process in the Pentagon’s electronic messaging guidance to be more clear and consistent.
Those two recommendations were marked “resolved” by the OIG, yet will also remain open until the chief information officer provides tangible proof of its implementation.
Further, the inspector general called on Pentagon CIO leadership to incorporate information in the department’s annual cyber training on the impacts and risks of using non-DOD-controlled electronic messaging services for work-related functions. Defense officials disagreed with the OIG about that direction, arguing that the change would be a redundant and non-costeffective undertaking, among other reasons.
“Comments from the official performing the duties of the DOD CIO did not address the specifics of the recommendation; therefore, it is unresolved,” the report states.
Pentagon spokespersons did not respond to DefenseScoop’s request for more information on Thursday regarding ongoing efforts and capabilities related to the newly released inspector general evaluations.
