Cybersecurity

DHS makes mobile security a priority

Shutterstock image: mobile device security, continuous monitoring concept.

Mobile security continues to be top priority for the Department of Homeland Security, and new initiatives are underway to address threats to federal mobile devices.

In August, DHS will announce a new Science & Technology Directorate research program for mobile application security. “Whether you consume a mobile application or you develop one for the government, we’re going to have security baked in,” Vincent Sritapan, program manager in the Homeland Security Advanced Research Projects Agency's Cyber Security Division, said at FCW’s July 18 Mobility Summit.

Federal mobile users are frequently targeted by hackers because their devices can be a backdoor into agency systems.

The scope of the mobile security threat to government was outlined in a June DHS report, Study on Mobile Device Security, which noted that mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures."

In addition to the app security research program that will be announced next month, other plans to strengthen mobile security are on the horizon -- such as updates to the Federal Information Security Management Act, which currently does not account for mobile devices.

“We protect our laptops,” Sritapan said. “On mobile what do we protect? What do we have to do? It’s not even a part of FISMA currently.”

This gap in security, he noted, is now being addressed via a progressive program that will be implemented throughout fiscal year 2018. He added that DHS is working with the Federal CIO Council’s Mobile Technology Tiger Team on “metrics specifically to address mobile” security progress.

Sritapan also discussed changes to the Continuous Diagnostics and Mitigation program, which at present does not address mobile devices, although it does cover other endpoints such as desktops and laptops.

Thanks to the Federal Risk and Authorization Management Program, he noted, whenever “a laptop or desktop [is added] to the cloud, you would have to [use] endpoint protection and other security measures.”

That's not yet the case with mobile devices, Sritapan said. “Guess what? If you add mobile to the cloud, you don’t have to do anything.” Unlike laptops and desktops, there are no additional security measures when a mobile device is added. That is likely to change, he said, as “CDM is actually looking to include mobile going forward.”

About the Author

Ben Berliner is a former editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at [email protected].

Click here for previous articles by Berliner.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected