DHS struggles with mobile device management

The Homeland Security Department is struggling with managing all its mobile devices, and faces challenges in leveraging smart phones, tablets and laptop to increase workforce productivity, according to an inspector general.

The IG's audit found DHS had implemented some policies, procedures and training to better govern, track, categorize and secure portable devices. For example, the Federal Emergency Management Agency and the Transportation Security Administration have developed specific mobile device strategies and procedures. Both agencies also educate its workforce on the acceptable use of mobile devices.

But these efforts need to be complemented by policies and procedures to govern the use and accountability of mobile devices, the IG said, and DHS as a whole needs to adopt a stronger security posture to protect mobile devices and the sensitive data stored on them.

The report also found that some DHS components generally don’t consider USB drives as sensitive assets, nor do they inventory them in accordance with DHS policies. Officials from U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services said the low cost and unencrypted nature of thumb drives led them to believe it wouldn’t be necessary to catalog said devices.

USCIS officials also said it was not logistically efficient to record thumb drives in their asset management system. In the event a device is lost, USCIS officials said the property custodians would have to fill out paperwork, get it signed, and add it to the asset management system to document the loss.
 
The IG’s recommendations called on the DHS CIO to update asset management policies so that thumb drives are categorized as sensitive personal property. Another recommendation was that the CIO beef up the agency’s annual IT security awareness training to educate about the risks of government-issued mobile devices. Additionally, the IG suggested the CIO to collaborate with the CIO at Immigration and Customs Enforcement to ensure Android and iOS-based devices adhere to DHS guidance.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Fri, Jul 6, 2012 Jack Marsal

The old saying that security is comprised of people, process and technology is true here. If the people tasked with fixing these security gaps implement the right processes, they can all be enforced via technology. I work for ForeScout, a NAC vendor. A good NAC system can see all the mobile devices—including USB memory sticks—on your network and can enforce restrictions. For example, enforce a policy that only encrypted USB sticks can be used. I am sure other vendors with different technologies can help solve the problem in a different way as well. Given that the article is talking about the DHS, whether they explore NAC or another technology, they should really do SOMETHING!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group