DHS struggles with mobile device management

The Homeland Security Department is struggling with managing all its mobile devices, and faces challenges in leveraging smart phones, tablets and laptop to increase workforce productivity, according to an inspector general.

The IG's audit found DHS had implemented some policies, procedures and training to better govern, track, categorize and secure portable devices. For example, the Federal Emergency Management Agency and the Transportation Security Administration have developed specific mobile device strategies and procedures. Both agencies also educate its workforce on the acceptable use of mobile devices.

But these efforts need to be complemented by policies and procedures to govern the use and accountability of mobile devices, the IG said, and DHS as a whole needs to adopt a stronger security posture to protect mobile devices and the sensitive data stored on them.

The report also found that some DHS components generally don’t consider USB drives as sensitive assets, nor do they inventory them in accordance with DHS policies. Officials from U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services said the low cost and unencrypted nature of thumb drives led them to believe it wouldn’t be necessary to catalog said devices.

USCIS officials also said it was not logistically efficient to record thumb drives in their asset management system. In the event a device is lost, USCIS officials said the property custodians would have to fill out paperwork, get it signed, and add it to the asset management system to document the loss.
 
The IG’s recommendations called on the DHS CIO to update asset management policies so that thumb drives are categorized as sensitive personal property. Another recommendation was that the CIO beef up the agency’s annual IT security awareness training to educate about the risks of government-issued mobile devices. Additionally, the IG suggested the CIO to collaborate with the CIO at Immigration and Customs Enforcement to ensure Android and iOS-based devices adhere to DHS guidance.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Fri, Jul 6, 2012 Jack Marsal

The old saying that security is comprised of people, process and technology is true here. If the people tasked with fixing these security gaps implement the right processes, they can all be enforced via technology. I work for ForeScout, a NAC vendor. A good NAC system can see all the mobile devices—including USB memory sticks—on your network and can enforce restrictions. For example, enforce a policy that only encrypted USB sticks can be used. I am sure other vendors with different technologies can help solve the problem in a different way as well. Given that the article is talking about the DHS, whether they explore NAC or another technology, they should really do SOMETHING!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above