In recent months we have seen news about a number of government agencies addressing mobility strategies and management solutions as mobility continues to grow within the government sector. The Library of Congress, the Department of Veteran’s Affairs and the Department of Defense (DOD) as a whole are all evaluating their mobility strategies and security measures being taken. A recent report conducted by the Office of Inspector General reveals just how dire some sector of the government’s needs actually are when it comes to the management and security of their mobile environments.
The report looked to determine whether the Department of the Army had an effective cybersecurity program that identified and mitigated risks surrounding commercial mobile devices (CMDs) and removable media. In looking at the United States Military Academy (USMA) and United States Army Corps of Engineers (USACE) Engineer Research and Development Center (ERDC) the report simply suggested that “The Army Chief Information Officer (CIO) did not implement an effective cybersecurity program for CMDs.” Quite surprising for a group that is built on policy, regulation and structure.
A report audit highlights some of the more concerning finding and that the Army CIO did not:
- ensure that Commands configured CMDs to protect stored information. The CIOs at United States Military Academy (USMA) and United States Army Corps of Engineers (USACE) Engineer Research and Development Center (ERDC) did not use a mobile device management application to configure all CMDs to protect stored information.
- require CMDs to be properly sanitized. CIOs at USMA and USACE ERDC did not have the capability to remotely wipe data stored on CMDs that were transferred, lost, stolen, or damaged.
- control CMDs used as removable media. The CIOs at USMA and USACE ERDC allowed users to store sensitive data on CMDs that acted as removable media.
- require training and use agreements specific to CMDs. The CIOs at USMA and USACE ERDC did not train CMD users and require users to sign user agreements.
Click here to access the full report and recommendations offered by the Office of Inspector General.