Thousands of rogue Apple, Android and Windows devices found operating on the Army’s network could pose major security risks to sensitive data and Army network operations, according to a recent report.
Army commands failed to report more than 14,000 commercial smartphones and tablet computers being used across the service for research activities, data collection, mobile device pilot programs and other tasks, according to the March 26 inspector general report. Army Corps of Engineers, Engineer Research and Development Center in Vicksburg, Miss., and the U.S. Military Academy at West Point, N.Y., were among the locations using unapproved devices.
Army officials at those sites did not ensure devices met security standards to protect data, and they failed to require all smartphones and tablets be wiped clean of data if reported lost or given to a new user. A lack of clear guidance from the Army chief information officer resulted in officials forgoing training and user agreements before handing out mobile devices.
“The Army did not implement an effective cybersecurity program for commercial mobiles devices,” the report said. “If devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DoD information.”
“The Army CIO inappropriately concluded that [commercial mobile devices] were not connecting to Army networks and storing sensitive information; and, therefore, did not” require the same security standards used for other information systems, according to the report.
The IG review was conducted between April 2012 and February 2013 and did not include Blackberry devices.
The IG office set an April 25 deadline for the Army to comment on its recommendations, which include creating clear policy for tracking and reporting mobile device purchases and ensuring mobile devices follow the same security standards as other information systems. Earlier comments provided by the director for the Army CIO Cybersecurity Directorate were deemed nonresponsive.
As of February, DoD reported more than 600,000 commercial mobile devices in use and in a pilot test phase, including 470,000 Blackberrys, 41,000 Apple devices and 8,700 Android devices. The challenge, however, is managing those devices.
Army officials are eager for DoD’s mobile device contract to be awarded this month. The management software will eventually manage, monitor and enforce security for 8 million devices. The software will allow the Army to remotely wipe data from devices and monitor what applications users download, websites they visit and data viewed or modified on their devices.
Are you a chronic smartphone or tablet user, who regularly checks emails and conducts business outside of normal work hours? Federal Times wants to hear from you.
How has this technology impacted your work-life balance? Are you a federal employee, manager or contractor, who knows when to power off, or are you struggling to keep personal and work issues separate? Please comment below or contact Nicole Blake Johnson at 703-750-8145 or firstname.lastname@example.org
The Defense Department’s mobile device strategy released Friday outlines key priorities for speeding secure adoption of government-issued and employee-owned smarthphones and tablet computers.
In the strategy, DoD chief information officer Teri Takai said the department will:
- Improve wireless access and capabilities to support voice, video and data sharing via mobile devices. This includes evolving DoD’s virtual private network technologies and addressing bandwidth limitations.
- Create mobile policies and standards. DoD will define acceptable use of personally-owned devices and acceptable personal use of DoD’s devices.
- Promote the development and use of DoD and web-enabled mobile applications.
“This strategy provides the foundation for the development of policy and an implementation plan,” Takai said in the report. She didn’t say when the implementation plan would be released but it will be tested on a small portion of the DoD workforce. If successful, the plan could be rolled out departmentwide.
The strategy also includes education and training for mobile users. One challenge is that many of the critical security control settings for commercial devices are controlled by the user. Mobile device training will be integrated with existing workforce education and training programs.
DoD’s strategy encourages IT developers and service providers to make their products web-enabled and notes that the growing mobile workforce requires mobile access to current and future IT systems, applications and services.
Currently, DoD has more than 250,000 mobile devices in use or operating in a number of pilot programs, including Apple, Android, Windows and Blackberry devices. The strategy is aimed at coordinating these pilots so that civilian and military personnel can benefit from lessons learned.
DoD’s strategy comes about three weeks after federal CIO Steven VanRoekel released the administration’s Digital Government Strategy. The White House strategy requires agencies to make two government services available on mobile phones in the next year in a “device-agnostic way” and build new information technology systems using open standards, so that content is easily accessible internally and to citizens and web developers.
Most federal information technology professionals are very satisfied with their agencies’ ability to enable telework and support a mobile workforce, according to a survey released last week by Telework Exchange.
The organization, a public private partnership that promotes telework, surveyed 152 Defense and civilian IT professionals about their current telework programs, shortfalls and projections for the future mobile workforce.
Of those surveyed, 65 percent said their agencies offer above average IT programs to support telework, compared with 14 percent of professionals who rated their IT programs below average. Agencies with a “B” rating or below should provide more cloud-based services, expand videoconferencing and establish formal telework plans with employees.
Overall, agencies need to address security challenges to provide employees with a reliable telework program.
Other findings include:
- Improved workforce productivity, employee work-life balance and business continuity are among the top telework drivers.
- 59 percent expect an increase in the number of employees who telework at least two days a week.
- Most employees who telework have to cover all or some of their Internet, phone and printing supply costs.
- 54 percent said their agency is working to reduce mobile device costs, in response to a November executive order.
The Federal Aviation Administration has saved money and increased efficiency since it began issuing iPads and Android devices to employees a year ago, an agency official said.
FAA’s legal department, for example, uses iPads during cases it prosecutes to show radar images of air traffic conditions at the time of a contested incident. Such evidence often leads to defendants ending cases earlier, said Robert Corcoran, manager for architecture and applied technology at FAA.
The legal department estimates that FAA saves about $100,000 per case when cases end early, Corcoran said Tuesday at the FOSE conference inWashington.
FAA has issued 1,100 tablet devices to employees as part of an ongoing pilot program. The long-term goal is to give the employees the option of mobile devices when they trade in their old technology, Corcoran said.
The Defense, Veterans Affairs and Homeland Security departments are among other agencies that offer mobile devices toselect employees.
“We are trying to afford choices to the DoD,” said deputy chief information officer Robert Carey during another FOSE panel. But “the ‘I wants’ have to be offset by the ‘I needs’.”
Corcoran said FAA provided tablet devices and Internet connections to employees who could show a credible need for the devices. Employees have come up with 72 different use cases for the devices.
Within the next three months, FAA plans to study whether iPads can enhance air traffic controller training, Corcoran said.
Trainees will use iPads to access training materials, he said. Results from the study will be compared with training classes that don’t use iPads.
The General Services Administration is considering a procurement for tablet computers that meet federal security standards and can easily integrate with various email platforms like Google and Microsoft Outlook.
GSA issued a request for information to vendors this week for tablet computers that are manufactured by U.S.-based small businesses and meet federal encryption standards set by the National Institute of Standards and Technology.
“The General Services has received many statements of interest from customers within the agency and across government for tablet computers,” GSA said in the RFI posted on fbo.gov. Vendors have until Feb. 20 to respond.
Vendors are asked to include past and current agencies that are using the device, what operating system the tablet uses and where the device is manufactured. GSA is specifically looking for tablets that allow users to easily load applications, weigh less than two pounds, support remote access workers and allow administrators to remotely wipe the devices of government data if it is lost or stolen.