During multiple military cybersecurity assessments last year of both simulated and real-world missions — three of which involved units deployed to U.S. Central Command’s area of operations, which includes the Middle East and Afghanistan — personnel leaked the positions and activities of allies to adversaries, Defense Department officials told Congress this week.

The incidents were disclosed as part of an annual report by J. Michael Gilmore, director of operational test and evaluation for Defense. The report assesses the operational effectiveness of systems being developed for combat.

This example and other lapses in information security indicate Defense “has not yet developed sufficiently advanced cyber defensive tactics to counter advanced adversary tactics,” he said.

Testers rarely let drills run their full course to avoid severe disruptions, but “in those exercises where operational effects were permitted,” the results were “disclosure of friendly force locations and activities to the opposition force,” among other setbacks, Gilmore wrote.