DHS Report Details Threats, Recommendations for Mobile Devices
Friday, May 05, 2017 | Comments

The Department of Homeland Security (DHS) submitted a report to Congress that details current and emerging threats to the federal government’s use of mobile devices and recommends security improvements within the mobile device ecosystem.

The DHS Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence. Along with S&T, several DHS components contributed to the mobile device security study. Mandated by the Cybersecurity Act of 2015, the “Study on Mobile Device Security” relied on input from mobile industry vendors, carriers, service providers and academic researchers.

“The Study on Mobile Device Security has found that threats to the mobile device ecosystem are growing but also that the security of mobile computing is improving,” said Dr. Robert Griffin, acting under secretary for Science and Technology (S&T). “It outlines several important recommendations to strengthen security that will help the federal government keep pace with current and emerging threats.”

The improvement in security can be attributed to significant safeguards implemented by mobile operating system vendors and federal departments and agencies implementing enterprise mobility management systems to manage their mobile devices and applications. Meanwhile, the areas that need improvement will provide the opportunity for the federal government, industry and the research community to work together to solve the gaps in mobile device defenses.

The study found that the threats to the federal government’s use of mobile devices — smartphones and tablet computers running mobile operating systems — exist across all elements of the mobile ecosystem. These threats require a security approach that differs substantially from the protections developed for desktop workstations largely because mobile devices are exposed to a distinct set of threats, frequently operate outside of enterprise protections and have evolved independently of desktop architectures.

Threats to mobile devices range from those perpetrated by nation-states, organized crime or hackers to loss or theft of mobile phones. Additionally, threats that target consumers — such as social engineering, ransomware, banking fraud, eavesdropping, identity theft, and theft of services or sensitive data — also impact federal government users, according to the study.

Further, federal government mobile device users may be targeted with additional threats simply because they are public-sector employees. Lastly, the study warns that federal government mobile devices could become an avenue to attack back-end computer systems containing the data of millions of Americans and sensitive information related to government functions.

The study, which also drew support from the Department of Defense (DoD) and General Services Administration (GSA), presents a series of recommendations to enhance federal government mobile device security. Key recommendations include:

• Adopt a framework for mobile device security based on existing standards and best practices.
• Enhance Federal Information Security Modernization Act (FISMA) metrics to focus on securing mobile devices, applications and network infrastructure.
• Include mobility within the Continuous Diagnostics and Mitigation program to address the security of mobile devices and applications with capabilities on par with other network devices such as workstations and servers.
• Continue the DHS S&T applied research program in mobile application security to enable the secure use of mobile applications for government use.
• Establish a new program in mobile threat information sharing to address mobile malware and vulnerabilities, including ways to handle common vulnerabilities and exposures generation.
• Coordinate the adoption and advancement of mobile security technologies into operational programs to ensure that future capabilities include protection and defense against mobile threats.
• Develop cooperative arrangements and capabilities with mobile network operators to detect, protect against and respond to threats and, if necessary, extend the legal authorities of the DHS National Protection and Programs Directorate to achieve these objectives.

• Create a new defensive security research program to address vulnerabilities in mobile network infrastructure and increase security and resilience.
• Increase active participation by the federal government in key mobile-related standards bodies and industry associations.
• Develop policies and procedures regarding U.S. governmental use of mobile devices overseas based on threat intelligence and emerging attacker tactics, techniques and procedures.

DHS has a responsibility to not only secure the means of communications used by departments and agencies, but to safeguard the nation against emerging threats in both the physical and cyber domains. Mobile technology is essential to the United States not just for government use, but also for the security and integrity of communications for businesses and citizens. This report outlines steps by which DHS could further these objectives against the proliferation of threats against mobile technologies and infrastructures.

The report is here.




 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!


Magazines in Print







Events
June 2017

12 - 14
PSCR Public-Safety Broadband Stakeholder Meeting
San Antonio
www.pscr.gov

September 2017

26 - 28
2017 Canadian Utilities and Critical Infrastructure Information and Communications Technology Conference
Regina, Saskatchewan
utc.org/canada/canadian-utility-telecom-conference/

More Events >

Site Navigation

Close