The federal government should take a more active role in organizations that develop technology standards for mobile devices and networks, according to a Homeland Security Department study submitted Thursday to Congress.
DHS should also expand the Continuous Diagnostics and Mitigation cybersecurity service it provides to federal agencies to better address mobile vulnerabilities, the study stated, and update metrics used in federal agencies’ main annual cybersecurity audit, required by the Federal Information Security Management Act, to better focus on mobile device security.
The study, which was mandated by landmark 2015 legislation focused on cyber threat information sharing, paints a concerning picture of government’s ability to maintain the security of federal employee’s mobile devices.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
DHS has no legal authority to vet the security of mobile carrier’s infrastructure if the carrier doesn’t authorize the inspection or to require carriers to take particular security precautions.
The federal government also comprises only a small fraction of mobile carriers’ customer base so it cannot exert significant market pressure on carriers to boost security.
The government should mitigate those weaknesses by focusing efforts where it does wield power, such as promoting cross-government mobile security standards and working cooperatively with industry, the report stated.
According to the report, the government should also:
- Establish a new mobile threat information sharing program.
- Push the adoption of mobile security technologies by operational government programs.
- Develop cooperative security programs with mobile network operators.
- Create a new research program to address mobile network infrastructure vulnerabilities.
- Develop mobile security procedures for federal employees traveling abroad that take account of new intelligence and emerging attack techniques.
The report was developed in cooperation with the National Institute of Standards and Technology.