Improper Use of a Personal Mobile Device in a Classified Workstation Supporting Critical Systems: Technical-Operational Analysis, Evidence Gaps, and Corrective Measures

This paper presents a structured technical-operational case study concerning the improper use of a personal mobile device within a classified communications operations centre. The scenario examines an incident in which an operator connected a personal mobile phone to a classified workstation through a USB interface, intending only to charge the device. However, the workstation operating system automatically mounted the device and established an unauthorised data communication interface. A later routine audit identified evidence of a data transfer between the classified workstation and the personal device, raising concerns regarding potential exposure of classified information. The investigation was significantly constrained by the absence of real-time connection logs, device authentication records, a complete audit trail, and a documented chain of custody for any data potentially transferred. The analysis identifies technical, procedural, and human failures, including unrestricted USB ports, lack of removable media control, insufficient logging, absence of formal personal device policies, and inadequate operator awareness. Corrective and preventive measures are proposed across access control, media protection, monitoring, incident response, evidence preservation, and auditable compliance. The expected outcome of these measures is the restoration of operational control, the enforcement of accountability, the strengthening of continuous monitoring, and the establishment of verifiable evidence that classified information is handled in accordance with security requirements. As a simulated and anonymised scenario, the case does not involve real classified information but provides a transferable model for analysing comparable risks in sensitive or regulated environments. The findings are particularly relevant for critical systems environments, where the improper connection of personal mobile devices to classified workstations may affect operational continuity, resilience, accountability, auditability, and the protection of sensitive or classified information.