Cybersecurity

DHS makes mobile security a priority

Shutterstock image: mobile device security, continuous monitoring concept.

Mobile security continues to be top priority for the Department of Homeland Security, and new initiatives are underway to address threats to federal mobile devices.

In August, DHS will announce a new Science & Technology Directorate research program for mobile application security. “Whether you consume a mobile application or you develop one for the government, we’re going to have security baked in,” Vincent Sritapan, program manager in the Homeland Security Advanced Research Projects Agency's Cyber Security Division, said at FCW’s July 18 Mobility Summit.

Federal mobile users are frequently targeted by hackers because their devices can be a backdoor into agency systems.

The scope of the mobile security threat to government was outlined in a June DHS report, Study on Mobile Device Security, which noted that mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures."

In addition to the app security research program that will be announced next month, other plans to strengthen mobile security are on the horizon -- such as updates to the Federal Information Security Management Act, which currently does not account for mobile devices.

“We protect our laptops,” Sritapan said. “On mobile what do we protect? What do we have to do? It’s not even a part of FISMA currently.”

This gap in security, he noted, is now being addressed via a progressive program that will be implemented throughout fiscal year 2018. He added that DHS is working with the Federal CIO Council’s Mobile Technology Tiger Team on “metrics specifically to address mobile” security progress.

Sritapan also discussed changes to the Continuous Diagnostics and Mitigation program, which at present does not address mobile devices, although it does cover other endpoints such as desktops and laptops.

Thanks to the Federal Risk and Authorization Management Program, he noted, whenever “a laptop or desktop [is added] to the cloud, you would have to [use] endpoint protection and other security measures.”

That's not yet the case with mobile devices, Sritapan said. “Guess what? If you add mobile to the cloud, you don’t have to do anything.” Unlike laptops and desktops, there are no additional security measures when a mobile device is added. That is likely to change, he said, as “CDM is actually looking to include mobile going forward.”

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.