Cybersecurity

DHS makes mobile security a priority

Shutterstock image: mobile device security, continuous monitoring concept.

Mobile security continues to be top priority for the Department of Homeland Security, and new initiatives are underway to address threats to federal mobile devices.

In August, DHS will announce a new Science & Technology Directorate research program for mobile application security. “Whether you consume a mobile application or you develop one for the government, we’re going to have security baked in,” Vincent Sritapan, program manager in the Homeland Security Advanced Research Projects Agency's Cyber Security Division, said at FCW’s July 18 Mobility Summit.

Federal mobile users are frequently targeted by hackers because their devices can be a backdoor into agency systems.

The scope of the mobile security threat to government was outlined in a June DHS report, Study on Mobile Device Security, which noted that mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures."

In addition to the app security research program that will be announced next month, other plans to strengthen mobile security are on the horizon -- such as updates to the Federal Information Security Management Act, which currently does not account for mobile devices.

“We protect our laptops,” Sritapan said. “On mobile what do we protect? What do we have to do? It’s not even a part of FISMA currently.”

This gap in security, he noted, is now being addressed via a progressive program that will be implemented throughout fiscal year 2018. He added that DHS is working with the Federal CIO Council’s Mobile Technology Tiger Team on “metrics specifically to address mobile” security progress.

Sritapan also discussed changes to the Continuous Diagnostics and Mitigation program, which at present does not address mobile devices, although it does cover other endpoints such as desktops and laptops.

Thanks to the Federal Risk and Authorization Management Program, he noted, whenever “a laptop or desktop [is added] to the cloud, you would have to [use] endpoint protection and other security measures.”

That's not yet the case with mobile devices, Sritapan said. “Guess what? If you add mobile to the cloud, you don’t have to do anything.” Unlike laptops and desktops, there are no additional security measures when a mobile device is added. That is likely to change, he said, as “CDM is actually looking to include mobile going forward.”

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • Shutterstock imag (by Benjamin Haas): cyber coded team.

    What keeps govtech leaders up at night?

    A joint survey by Grant Thornton and PSC found that IT stakeholders in government fear their own employees and outdated systems the most when it comes to cybersecurity.

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group