Mobility

Army, DOD IG disagree over mobile device management

soldier using tablet pc

Are the Army's policies regarding commercial mobile devices strong enough? (Stock image)

Army officials have taken issue with a recent Defense Department Inspector General report that found the Army is deficient in tracking, configuring and managing its commercial devices.

The DOD IG report was released March 26 but then was pulled from the agency's website with no explanation; a spokesperson there declined to comment. The report was re-posted on April 4 with new detailed comments from a representative from the Army CIO/G-6 office. (Read the report.)

The inspector sought to determine whether the Army has an effective cybersecurity program surrounding the service's use of commercial mobile devices (CMDs). According to the report, the answer was no – and as a result, Army networks are more vulnerable to cybersecurity attacks and data leaks.

"Specifically, the Army CIO did not appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army," Alice Carey, assistant inspector general for readiness, operations and support, wrote in her findings.

Additionally, the Army also failed to ensure its commands properly configured devices to store protected information and to use a mobile device management application to do so. The service also lacks requirements for properly sanitizing devices and controlling their use as removable media, and for training and use agreements specifically for CMDs, the report stated.

"The Army CIO should develop clear and comprehensive policy to include requirements for reporting and tracking all CMDs," Carey wrote, noting that policy should include mobile pilots. "In addition, the Army CIO should extend existing information assurance requirements to the use of all CMDs."

While an Army CIO cybersecurity directorate wrote that the office's leadership agrees with some of the report's recommendations, he also defended existing Army policies.

In the written response included in the DOD IG report, Maj. Gen. Stuart Dyer, director of the Army CIO/G-6 cybersecurity directorate and senior information assurance officer, pointed to policies already in place to secure devices as well as ongoing plans to transition some management responsibilities to the Defense Information Systems Agency.

Dyer emphasized that Army CIO/G-6 Lt. Gen. Susan Lawrence in November 2011 signed a memorandum directing Army organizations to register each mobile pilot. He also noted that the Army cybersecurity directorate runs a SharePoint portal where Army components must register mobile pilots and provide project information.

"The registration process ensures that sensitive information and personal identifiable information is not allowed and the platform cannot connect to the Army e-mail system. On 3 April 2012 the Secretary of the Army signed a memorandum titled 'Mobile Computing Devices' and stated no unauthorized CMDs will be connected to the NIPRNet or used to conduct official business," Dyer wrote. "In summary, no CMDs are currently allowed for Army use outside of authorized pilots and policy and guidance has been promulgated."

Dyer also wrote that his office would extend information assurance requirements to CMDs, but it would not establish CMDs as a separate or stand-alone information system as the report suggests.

According to the DOD IG, those efforts are inadequate.

With the final version of the DOD IG report now published, the Army CIO/G-6 office is putting together additional response, an Army official said.

"Security of the commercial mobile devices that connect us to our network is a very high priority for the Army," said Margaret McBride, Army CIO/G-6 spokeswoman. "The CIO/G-6 is working with the DOD IG's office to prepare a response to their final report's finding."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.