DHS struggles with mobile device management

The Homeland Security Department is struggling with managing all its mobile devices, and faces challenges in leveraging smart phones, tablets and laptop to increase workforce productivity, according to an inspector general.

The IG's audit found DHS had implemented some policies, procedures and training to better govern, track, categorize and secure portable devices. For example, the Federal Emergency Management Agency and the Transportation Security Administration have developed specific mobile device strategies and procedures. Both agencies also educate its workforce on the acceptable use of mobile devices.

But these efforts need to be complemented by policies and procedures to govern the use and accountability of mobile devices, the IG said, and DHS as a whole needs to adopt a stronger security posture to protect mobile devices and the sensitive data stored on them.

The report also found that some DHS components generally don’t consider USB drives as sensitive assets, nor do they inventory them in accordance with DHS policies. Officials from U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services said the low cost and unencrypted nature of thumb drives led them to believe it wouldn’t be necessary to catalog said devices.

USCIS officials also said it was not logistically efficient to record thumb drives in their asset management system. In the event a device is lost, USCIS officials said the property custodians would have to fill out paperwork, get it signed, and add it to the asset management system to document the loss.
 
The IG’s recommendations called on the DHS CIO to update asset management policies so that thumb drives are categorized as sensitive personal property. Another recommendation was that the CIO beef up the agency’s annual IT security awareness training to educate about the risks of government-issued mobile devices. Additionally, the IG suggested the CIO to collaborate with the CIO at Immigration and Customs Enforcement to ensure Android and iOS-based devices adhere to DHS guidance.

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Fri, Jul 6, 2012 Jack Marsal

The old saying that security is comprised of people, process and technology is true here. If the people tasked with fixing these security gaps implement the right processes, they can all be enforced via technology. I work for ForeScout, a NAC vendor. A good NAC system can see all the mobile devices—including USB memory sticks—on your network and can enforce restrictions. For example, enforce a policy that only encrypted USB sticks can be used. I am sure other vendors with different technologies can help solve the problem in a different way as well. Given that the article is talking about the DHS, whether they explore NAC or another technology, they should really do SOMETHING!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group