The Homeland Security Department wants to make sure employees’ smartphones aren’t turning against them.
The agency is thinking harder about securing its own smartphones and tablets, including from apps that might activate the microphone or camera to eavesdrop, or pull users' call logs and messages without their consent.
Required under the 2015 Cybersecurity Act, DHS is working on a study about mobile device security -- specifically, how the federal government can beef up its own defenses -- and wants input from the private sector about security products and services on the market.
Mobile devices face some of the same security threats as desktop and laptop computers, but portability, constant connectivity, and features such as sensors, GPS, cameras and microphones could amplify the risk of intrusion and potential harm to users, according to DHS’ FedBizOpps posting.
Other potentially dangerous threats and scenarios include:
- Ransomware or systems that deny users’ access to their data until a payment is made
- Apps that try to exploit mobile payment
- Delays to security updates
- Lost or stolen devices
- Attacks on nearby computers or any systems physically attached to the mobile devices
- Jammed networks or denial-of-service attacks
DHS is interested in technology that not only protects the mobile devices, but also the broader ecosystem supporting those devices -- apps, operating systems, sensors, networks including radio, cell, Wi-Fi and Bluetooth, and large-scale mobile device management structures.
Input from the private sector and academia will help shape DHS’ report on mobile security technology, eventually to be submitted to Congress. Participants should identify which threats their products defend against, how the products address that threat, and how the products are used in a large organizational setting.
Submissions are due Aug. 22. DHS is also hosting industry days related to the request for information -- one on July 20 in Washington, and another in Menlo Park, California, on Aug. 2.