The Department of Homeland Security released recommendations about both devices and networks.
A new report addressing mobile security threats was recently submitted by the Department of Homeland Security to Congress. The document suggested that the federal government would be wise to take a more active position in the organizations developing mobile device and network tech standards.
The DHS also recommended expanding the Continuous Diagnostics and Mitigation cybersecurity service.
That is the service it provides federal agencies to inform them and equip them against mobile security threats and vulnerabilities. The report called for an update to the metrics federal agencies use for their primary annual cybersecurity audit. That is a required action by the Federal Information Security Management Act. The purpose of such an upgrade would be to better cater to mobile security needs and manage risks.
The report was based on a study conducted as a result of legislation established in 2015. That legislation placed the spotlight on cyber threat information sharing. The outcome of the research illustrated the weaknesses in the government’s current ability to uphold federal employee mobile device security.
Currently, the DHS does not have legal authority regarding steps needed to mitigate many mobile security threats.
The DHS does not currently hold legal authority for vetting mobile carrier infrastructure security unless the carrier voluntarily authorizes an inspection. Moreover, the department is also not legally authorized to require carriers to take any specific types of precaution when it comes to security efforts.
Since the federal government makes up only a small portion of the total mobile carrier customer base, it doesn’t have enough influence over those companies to pressure them to increase their efforts to stop mobile security threats. According to the DHS, the government should look to the areas where it does have authority and influence and use them to their best degree.
The recommended efforts in the DHS report included working cooperatively with the industry as well as promoting government-wide mobile security standards. The report also included a list of additional recommendations. These results were obtained through an effort in conjunction with the National Institute of Standards and Technology.