Mobile security threats facing feds
- By Mark Rockwell
- May 05, 2017
What: "Study on Mobile Device Security," prepared by the Department of Homeland Security's Science & Technology Directorate in consultation with the National Institute of Standards and Technology.
Why: Mobile devices pose a special risk to the security of government systems and data, in part because commercial carriers aren't subject to the security controls that can be applied to federal networks. The Cybersecurity Act of 2015 required DHS to explore security gaps that arise from government's use of commercial mobile devices and recommend security improvements within the mobile device ecosystem.
The mobile threat requires a substantially different approach to security than desktops, particularly because mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures," the report said.
Nation states, organized crime and hackers use the same variety of threats against federal mobile devices as they do against consumer phones -- social engineering, ransomware, banking fraud, eavesdropping, identity and data theft.
Federal mobile users, the study said, may also be specifically targeted just because they're government workers, particularly because their devices could provide a way into computer systems that contain sensitive data on Americans or access to government functions.
Despite the growing threat, the study noted mobile device security is improving thanks to operating systems providers and mobile device and enterprise mobility management systems that inject additional scrutiny and manage security configurations.
However, DHS lacks legal authority to close security gaps with wireless service providers, the report said. While DHS can evaluate voluntarily provided mobile carrier network information, the agency doesn't have the authority to make wireless carriers provide information to assess their networks' security.
Although the General Services Administration has successfully leveraged the federal government's vast buying power to nail down group discounts with carriers, the study said that purchasing power may not be enough to give the federal government any leverage on wireless security issues with service providers.
According to the study, in the vast global wireless market of 4.7 billion users, the federal government has little influence. The study said it expects that number to increase to 5.6 billion users by 2020, encompassing almost three quarters of the world's population.
Verbatim: "When viewed against this backdrop, the use of mobile devices by the U.S. Federal Government is an almost insignificant market share. This means that the Government's ability to influence the market cannot be accomplished by purchase power alone, but must instead be achieved via its legislative and regulatory authority. It also means that special care must be taken in the use of these devices because the default level of security is optimized for consumer ease of use, which is not appropriate for Federal employees."
Read the full report here.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.