Mobility

Army, DOD IG disagree over mobile device management

soldier using tablet pc

Are the Army's policies regarding commercial mobile devices strong enough? (Stock image)

Army officials have taken issue with a recent Defense Department Inspector General report that found the Army is deficient in tracking, configuring and managing its commercial devices.

The DOD IG report was released March 26 but then was pulled from the agency's website with no explanation; a spokesperson there declined to comment. The report was re-posted on April 4 with new detailed comments from a representative from the Army CIO/G-6 office. (Read the report.)

The inspector sought to determine whether the Army has an effective cybersecurity program surrounding the service's use of commercial mobile devices (CMDs). According to the report, the answer was no – and as a result, Army networks are more vulnerable to cybersecurity attacks and data leaks.

"Specifically, the Army CIO did not appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army," Alice Carey, assistant inspector general for readiness, operations and support, wrote in her findings.

Additionally, the Army also failed to ensure its commands properly configured devices to store protected information and to use a mobile device management application to do so. The service also lacks requirements for properly sanitizing devices and controlling their use as removable media, and for training and use agreements specifically for CMDs, the report stated.

"The Army CIO should develop clear and comprehensive policy to include requirements for reporting and tracking all CMDs," Carey wrote, noting that policy should include mobile pilots. "In addition, the Army CIO should extend existing information assurance requirements to the use of all CMDs."

While an Army CIO cybersecurity directorate wrote that the office's leadership agrees with some of the report's recommendations, he also defended existing Army policies.

In the written response included in the DOD IG report, Maj. Gen. Stuart Dyer, director of the Army CIO/G-6 cybersecurity directorate and senior information assurance officer, pointed to policies already in place to secure devices as well as ongoing plans to transition some management responsibilities to the Defense Information Systems Agency.

Dyer emphasized that Army CIO/G-6 Lt. Gen. Susan Lawrence in November 2011 signed a memorandum directing Army organizations to register each mobile pilot. He also noted that the Army cybersecurity directorate runs a SharePoint portal where Army components must register mobile pilots and provide project information.

"The registration process ensures that sensitive information and personal identifiable information is not allowed and the platform cannot connect to the Army e-mail system. On 3 April 2012 the Secretary of the Army signed a memorandum titled 'Mobile Computing Devices' and stated no unauthorized CMDs will be connected to the NIPRNet or used to conduct official business," Dyer wrote. "In summary, no CMDs are currently allowed for Army use outside of authorized pilots and policy and guidance has been promulgated."

Dyer also wrote that his office would extend information assurance requirements to CMDs, but it would not establish CMDs as a separate or stand-alone information system as the report suggests.

According to the DOD IG, those efforts are inadequate.

With the final version of the DOD IG report now published, the Army CIO/G-6 office is putting together additional response, an Army official said.

"Security of the commercial mobile devices that connect us to our network is a very high priority for the Army," said Margaret McBride, Army CIO/G-6 spokeswoman. "The CIO/G-6 is working with the DOD IG's office to prepare a response to their final report's finding."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.