DHS struggles with mobile device management
IG finds the agency's biggest challenge is ensuring the security of portable devices and information stored on them.
The Homeland Security Department is struggling with managing all its mobile devices, and faces challenges in leveraging smart phones, tablets and laptop to increase workforce productivity, according to an inspector general.
The IG's audit found DHS had implemented some policies, procedures and training to better govern, track, categorize and secure portable devices. For example, the Federal Emergency Management Agency and the Transportation Security Administration have developed specific mobile device strategies and procedures. Both agencies also educate its workforce on the acceptable use of mobile devices.
But these efforts need to be complemented by policies and procedures to govern the use and accountability of mobile devices, the IG said, and DHS as a whole needs to adopt a stronger security posture to protect mobile devices and the sensitive data stored on them.
The report also found that some DHS components generally don’t consider USB drives as sensitive assets, nor do they inventory them in accordance with DHS policies. Officials from U.S. Customs and Border Protection and U.S. Citizenship and Immigration Services said the low cost and unencrypted nature of thumb drives led them to believe it wouldn’t be necessary to catalog said devices.
USCIS officials also said it was not logistically efficient to record thumb drives in their asset management system. In the event a device is lost, USCIS officials said the property custodians would have to fill out paperwork, get it signed, and add it to the asset management system to document the loss.
The IG’s recommendations called on the DHS CIO to update asset management policies so that thumb drives are categorized as sensitive personal property. Another recommendation was that the CIO beef up the agency’s annual IT security awareness training to educate about the risks of government-issued mobile devices. Additionally, the IG suggested the CIO to collaborate with the CIO at Immigration and Customs Enforcement to ensure Android and iOS-based devices adhere to DHS guidance.
NEXT STORY: Government at high risk of economic espionage