DHS to Conduct Wireless Security Audits

In light of the discovery that government-issued mobile devices lack security protections, the Homeland Security Department is taking steps to safeguard the executive branch's wireless networks, DHS officials said this week.

The Government Accountability Office on Tuesday released a report documenting holes in security guidelines for laptops that are simultaneously connected to agency wired networks and insecure wireless networks, as well as insufficient policies on using mobile devices overseas; monitoring for unauthorized, rogue wireless networks; and scanning for unapproved devices.

The study also noted that the Office of Management and Budget and DHS -- which directs federal cybersecurity operations -- might not have a firm grasp of the wireless security status of the government as a whole. While agencies report on general security safeguards as mandated by the 2002 Federal Information Security Management Act, the most recent OMB-DHS reporting guidelines do not cover many of the wireless problems the auditors found.

When GAO officials closed their review this fall, DHS had not decided on the extent and timing of possible wireless oversight activities, a department official told GAO at the time.

DHS officials on Wednesday night said the department, which was charged with supervising cybersecurity compliance toward the end of the review, plans to address wireless security using compliance audits and a wireless architecture document. DHS already monitors some reporting elements that indirectly cover mobile security, they noted. Those metrics include remote access via wireless technology, asset management of wireless devices, secure configuration of those devices and patching vulnerabilities on those devices.