Critical Read

Mobile security threats facing feds


What: "Study on Mobile Device Security," prepared by the Department of Homeland Security's Science & Technology Directorate in consultation with the National Institute of Standards and Technology.

Why: Mobile devices pose a special risk to the security of government systems and data, in part because commercial carriers aren't subject to the security controls that can be applied to federal networks. The Cybersecurity Act of 2015 required DHS to explore security gaps that arise from government's use of commercial mobile devices and recommend security improvements within the mobile device ecosystem.

The mobile threat requires a substantially different approach to security than desktops, particularly because mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures," the report said.

Nation states, organized crime and hackers use the same variety of threats against federal mobile devices as they do against consumer phones -- social engineering, ransomware, banking fraud, eavesdropping, identity and data theft.

Federal mobile users, the study said, may also be specifically targeted just because they're government workers, particularly because their devices could provide a way into computer systems that contain sensitive data on Americans or access to government functions.

Despite the growing threat, the study noted mobile device security is improving thanks to operating systems providers and mobile device and enterprise mobility management systems that inject additional scrutiny and manage security configurations.

However, DHS lacks legal authority to close security gaps with wireless service providers, the report said. While DHS can evaluate voluntarily provided mobile carrier network information, the agency doesn't have the authority to make wireless carriers provide information to assess their networks' security.

Although the General Services Administration has successfully leveraged the federal government's vast buying power to nail down group discounts with carriers, the study said that purchasing power may not be enough to give the federal government any leverage on wireless security issues with service providers.

According to the study, in the vast global wireless market of 4.7 billion users, the federal government has little influence. The study said it expects that number to increase to 5.6 billion users by 2020, encompassing almost three quarters of the world's population.

Verbatim: "When viewed against this backdrop, the use of mobile devices by the U.S. Federal Government is an almost insignificant market share. This means that the Government's ability to influence the market cannot be accomplished by purchase power alone, but must instead be achieved via its legislative and regulatory authority. It also means that special care must be taken in the use of these devices because the default level of security is optimized for consumer ease of use, which is not appropriate for Federal employees."

Read the full report here.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.