A French naval officer reportedly revealed the location of an aircraft carrier. Not through espionage. Not through a cyber attack. Through a fitness app, the officer leaked the location of the French aircraft carrier Charles de Gaulle via Strava, after he logged a 35-minute run on the app while exercising on the aircraft carrier’s deck on 13 March 2026. At the same time, reports have emerged of operational coordination taking place on commercial messaging platforms such as WhatsApp during recent US military activity.

Individually, these incidents could be seen as minor lapses. Together, they reveal a fundamental shift: the boundaries of operational risk are moving beyond what traditional models can capture.

This shift is significant because security often centres on firewalls, air gaps, classified networks, and systems designed to keep adversaries out. Yet, these incidents fall outside that traditional model, highlighting a broader risk landscape.

Today, the primary risk is no longer just unauthorised access. It lies in what individuals voluntarily, often unconsciously, reveal through everyday digital habits.

What’s shared often goes unnoticed, becoming automatic, ambient, or simply convenient—and thus, far more dangerous.

Building on these points, consider the maritime domain itself. In an earlier piece, Cyber at Sea, I argued that the maritime domain has quietly become a persistent digital environment rather than just a physical one. Warships now operate inside a continuous flow of data, connectivity, and system dependency that extends well beyond the hull.

That digital environment extends beyond networks and systems to include another critical factor: the human layer.

It includes the human layer.

Fitness apps, smartphones, and wearables continuously generate location and movement data. Messaging platforms offer something different:

• speed

• accessibility

• low friction

And in operational contexts, friction matters. When formal systems are constrained or slow, people will route around them. They always have.

The difference today is visibility. A message sent on a commercial platform may sit:

• outside military networks

• outside audit structures

• outside formal control

But it does not sit outside the collection. Similarly, a run logged on a fitness app is not intended as operational data. But intention is irrelevant. What matters is aggregation. At sea, uncertainty is protection.

Carrier groups survive not just through layered defence, but through ambiguity. Their location, intent, and movement patterns are deliberately obscured.

That principle is unchanged.

But it is worth remembering that even in an earlier, far less connected era, managing information was never straightforward.

During the Falklands War, HMS Sheffield lost what little warning margin she had at a critical moment. A satellite transmission interfered with her electronic support measures, reducing her ability to detect the incoming threat. Elsewhere in the task group, contacts had been detected earlier but were assessed as unreliable, shaped by the noise and false reports of previous days. In other words, the problem was not simply technology. It was interpretation, timing, and human judgment under pressure.

The challenge was never just seeing the picture.
It was knowing which picture to trust.

What has changed is not just how information is accessed, but how quickly personal actions can compromise operational security.

Where information was once limited and contested, it is now continuous and self-generated.

And the pathways through which it can influence operations have multiplied.

• One data point might mean nothing.

• A pattern becomes intelligence.

• A conversation adds context.

And context is what turns data into targeting.

This brings us to the convergence of both cases. The Strava incident demonstrates how easily pattern-of-life data can be exposed without intent. The use of commercial messaging platforms shows how operational behaviour adapts to convenience, even when it sits outside designed systems.

• Neither is surprising.

• Both are entirely human.

Reflecting on both cases, it’s clear that modern warships are no longer isolated platforms. Instead, they operate within a wider digital ecosystem of shared infrastructure, software-defined capability, and distributed decision-making—connections that frame both the vulnerabilities and new operating realities discussed earlier.

This brings a clear advantage:

• faster integration of sensors and weapons

• more agile command structures

• Reduced onboard hardware and crewing

But this also creates a new dependency—one that goes beyond systems themselves. Not just on systems. On behaviour.

In Cyber at Sea, the focus was on protecting networks and ensuring resilience against intrusion.

That work is still foundational. Yet, these incidents highlight a growing, adjacent challenge: behavioural risk. Unlike technical perimeter breaches, behaviour cannot be easily contained or firewalled.

But these incidents highlight something adjacent and arguably more difficult: behavioural risk resists containment—there is no perimeter for behaviour. For navies moving toward leaner crews, greater connectivity, and AI-enabled decision support, this matters. Because the risk is no longer confined to:

• compromised systems

• degraded networks

• hostile cyber activity

It now sits at the intersection of:

• people

• platforms

• and everyday digital tools

Taken together, these examples do not suggest banning technology or retreating from connectivity. Rather, they highlight the need to understand and adapt to the real and evolving operational environment.

It is an argument for recognising the operating environment as it actually exists.

An environment where:

• data is continuously generated.

• behaviour is continuously recorded.

• informal systems can carry operational weight.

We have spent decades hardening systems against intrusion.

The next challenge is more subtle.

The central challenge in a connected world is to ensure our own everyday behaviours don’t unintentionally expose critical information. Recognising and managing this risk is now essential for operational security.

Further reading

• Cyber at Sea (Future Navy)

• Human behaviour and digital dependency in modern fleets

• Pattern-of-life intelligence and grey-zone operations