Annex A

to FOI2018/03310
dated 3 April 2018

From: DSR
Sent: 30 January 2018 17:30
To: NAVY __; Air-Ops __; DIO __; DSTL __; JFC __; Army Info __; DES __; HOCS SSBR
__; UKHO __
Cc: NAVY- CAP __; Army Info __; Air Ops __; JFC __; DES __; DIO __; UKHO __; HOCS
__; ISS Des-DAIS __; DSR __; DSR __; ISS Des __; DefNucSyR __
Subject: 20180130-Strava-OS

All,

You will be aware of the recent press coverage on potential vulnerabilities around the use of
the Strava App. The Departmental Chief Security Advisor reminds all staff of their
responsibility to ensure the security of themselves, their colleagues and Defence assets.
While the Department has no objection to the personal use of fitness apps, the sharing of
personal data (including geotagging) can present a risk to personal and operational security.
Personnel must follow the direction of Heads of Establishment and Commanding Officers
who will assess the security risks and provide local direction.

Guidance on the use of Strava and other geotagging apps was previously issued as part of
the Year of Cyber in 2015. This has been updated (attached) and should be reissued
throughout your TLBs. Defence Assurance and Information Security will shortly be issuing
further guidance to TLB Senior Information Risk Owners.

The Defence Security Handbook is also attached, which includes advice on how personnel
can contribute to the security of Defence. This should be shared widely.

Regards,
____

Directorate of Security and Resilience

Mil: ___
Tel: ___
Mobile: ___

____ MOD Main Building

Horse Guards Avenue, Whitehall, London, SW1A 2HB
Email: ___