Cybersecurity

DHS makes mobile security a priority

Shutterstock image: mobile device security, continuous monitoring concept.

Mobile security continues to be top priority for the Department of Homeland Security, and new initiatives are underway to address threats to federal mobile devices.

In August, DHS will announce a new Science & Technology Directorate research program for mobile application security. “Whether you consume a mobile application or you develop one for the government, we’re going to have security baked in,” Vincent Sritapan, program manager in the Homeland Security Advanced Research Projects Agency's Cyber Security Division, said at FCW’s July 18 Mobility Summit.

Federal mobile users are frequently targeted by hackers because their devices can be a backdoor into agency systems.

The scope of the mobile security threat to government was outlined in a June DHS report, Study on Mobile Device Security, which noted that mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures."

In addition to the app security research program that will be announced next month, other plans to strengthen mobile security are on the horizon -- such as updates to the Federal Information Security Management Act, which currently does not account for mobile devices.

“We protect our laptops,” Sritapan said. “On mobile what do we protect? What do we have to do? It’s not even a part of FISMA currently.”

This gap in security, he noted, is now being addressed via a progressive program that will be implemented throughout fiscal year 2018. He added that DHS is working with the Federal CIO Council’s Mobile Technology Tiger Team on “metrics specifically to address mobile” security progress.

Sritapan also discussed changes to the Continuous Diagnostics and Mitigation program, which at present does not address mobile devices, although it does cover other endpoints such as desktops and laptops.

Thanks to the Federal Risk and Authorization Management Program, he noted, whenever “a laptop or desktop [is added] to the cloud, you would have to [use] endpoint protection and other security measures.”

That's not yet the case with mobile devices, Sritapan said. “Guess what? If you add mobile to the cloud, you don’t have to do anything.” Unlike laptops and desktops, there are no additional security measures when a mobile device is added. That is likely to change, he said, as “CDM is actually looking to include mobile going forward.”

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.