Army Falls Short In Mobile Security, Says DOD - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:54 AM
Connect Directly

Army Falls Short In Mobile Security, Says DOD

Lack of comprehensive mobile security policy and thousands of unauthorized devices are among the security shortcomings of the Army's mobile efforts.

The Army has been considering wider adoption of mobile devices, but according to a new report by the military's inspector general, the Army's CIO has thus far done an inadequate job of ensuring the security of commercial mobile devices.

The report, filed last week, finds that, among other shortcomings, the Army CIO hasn't developed sufficiently comprehensive security policies for the service's mobile device programs, and that Army commands have not been getting authorization for mobile pilots as required by Army policy.

The report cautions that these failures could make the Army more vulnerable to cybersecurity threats. "If devices remain insecure, malicious activities could disrupt Army networks and compromise sensitive DoD information," DOD assistant inspector general Alice Carey wrote in a memo to the Army's CIO that accompanied the report.

[ The Air Force is exploring ways to improve the security of spacecraft IT systems. Read more at Air Force Seeks Stronger Spacecraft Cybersecurity. ]

The Army has been among the most ardent advocates of the use of mobile devices in the military. Last February, Army deputy CIO Mike Kreiger characterized the Army as "pushing the envelope and moving fast" in its mobile strategy as he announced an Army plan to move toward a bring-your-own-device strategy in 2013. The Army has also been among the government leaders in pushing the development of enterprise mobile application stores.

However, according to the report by the DOD inspector general, the Army CIO needs to develop more complete cybersecurity policies for mobile device management and remote device administration, use of mobile devices as removable media, and mobile device training.

The report, which was limited to Android, iPhone and Windows mobile devices, found that, among other things, the Army CIO "inappropriately concluded that [mobile devices] were not connecting to Army networks and storing sensitive information," which resulted in the inadequate application of security controls to the Army's mobile device efforts.

As part of the study, the inspector general visited the U.S. Military Academy and the Army Corps of Engineers' Engineer Research and Development Center, each of which has pilot and other mobile device efforts underway. However, neither organization got CIO authorization to use or even in some cases to test a large portion of their mobile devices, which left the Army CIO unaware of more than 600 mobile devices actively in use.

In fact, both organizations used Army data, including "sensitive legal information" and Army email, without obtaining even an authority to test the mobile devices or the mobile data itself.

The study also found inconsistent and incomplete use of mobile device management software; Army employees and soldiers storing and transferring personal and in some cases sensitive data; inadequate training; and the lack of a comprehensive security policy.

Security has become one of the biggest stumbling blocks to the wider adoption of mobile devices across the federal government. Recently, for example, the Department of Veterans Affairs announced that it was holding off on its bring-your-own-device strategy until concerns about privacy could be resolved.

The Army CIO, which largely agreed with the Army's inspector general's recommendations to strengthen mobile security, would do well to take care in navigating mobile security concerns, lest mobile security become an even bigger problem for the Army going forward.

A well-defended perimeter is only half the battle in securing the government's IT environments. Agencies must also protect their most valuable data. Also in the new, all-digital Secure The Data Center issue of InformationWeek Government: The White House's gun control efforts are at risk of failure because the Bureau of Alcohol, Tobacco, Firearms and Explosives' outdated Firearms Tracing System is in need of an upgrade. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
4/10/2013 | 3:18:11 AM
re: Army Falls Short In Mobile Security, Says DOD
I would have to wonder at this point if it's a matter of West Point and the ERDC simply not asking for permission to start their programs or not having the patience to wait for the go-ahead for their programs. If the lack of attention by the CIO's office is slowing the process down, perhaps that's where some attention needs to be paid.

It's a mobile world, and a workforce without mobile capabilities is handcuffed - that's obvious to anyone in the business. However, security and following appropriate guidelines/procedures, especially in the case of handling classified or other sensitive information needs to be the absolute top priority.

Andrew Hornback
InformationWeek Contributor
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll