Can government secure the mobile ecosystem?
- By Mark Rockwell
- May 08, 2017
While government workers make up a small fraction of the number of mobile device users, securing those devices against attacks that use them to access larger agency networks is a massive task.
According to a new study from Department of Homeland Security's Science & Technology Directorate in consultation with the National Institute of Standards and Technology, mobile devices pose a special risk to government, in part because commercial carriers aren't subject to the security controls that can be applied to federal networks.
The report, "Study on Mobile Device Security," was prepared in compliance with the Cybersecurity Act of 2015, which required DHS to explore security gaps that arise from government's use of commercial mobile devices and recommend security improvements within the mobile device ecosystem.Nation states, organized crime and independent hackers use the same variety of threats against federal mobile devices as they do against consumer phones -- social engineering, ransomware, banking fraud, eavesdropping, identity and data theft.
Federal mobile users, the study found, may also be specifically targeted just because they're government workers, particularly because their devices could provide a way into computer systems that contain sensitive data on Americans or access to government functions.
The mobile threat requires a substantially different approach to security than desktops, particularly because mobile devices "operate outside of enterprise protections and have evolved independently of desktop architectures," the report said.However, DHS lacks legal authority to close security gaps with wireless service providers, the report said. While DHS can evaluate voluntarily provided mobile carrier network information, the agency doesn't have the authority to make wireless carriers provide information to assess their networks' security.
Although the General Services Administration has successfully leveraged the federal government's vast buying power to nail down group discounts with carriers, the study said that purchasing power may not be enough to give the federal government any leverage on wireless security issues with service providers.
Despite the growing threat, the study noted mobile device security is improving thanks to operating systems providers and mobile device and enterprise mobility management systems that inject additional scrutiny and manage security configurations.
Read the full report here.
This article was first posted to FCW, a sister site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.