Bill Anderson is the President of CIS Mobile, a subsidiary of CIS Secure, an industry leader and global provider for designing and manufacturing secure communications and computing solutions for Governments and Enterprises.
For government agencies, managing mobile devices is as much about protecting the user as securing the data. Unfortunately, while government employees on critical missions should be able to maintain complete control over location services, modems, and sensors, most user actions do little to eliminate the electronic breadcrumbs left behind by off-the-shelf, commercial devices.
Android phones, for example, often use wireless capabilities without the user’s knowledge or understanding. Even if features like Wi-Fi or Bluetooth are clicked off, Android will default to turning them back on to detect the device location without notifying the user. The Defense Information Systems Agency (DISA) has determined that even when location history has been fully disabled, Google continues to collect location data for mobile devices.
While these breadcrumbs can lead to phishing attacks or spam phone calls for the average mobile phone user, they can represent a clear and present danger not only for government information that demands security, but also for the government users themselves.The insights foreign adversaries can glean from the data generated by mobile devices potentially can provide a pervasive and low-cost way of identifying government workers, as well as their work and personal activities, which in turn can be used to target their devices and subvert or extort them.
For its part, the government has tried several solutions that probably seemed like a good idea at the time, but ultimately failed. One common solution has been to eliminate consumer-grade devices entirely by equipping workers with custom-built mobile devices. This approach has consistently fallen short, however, for numerous reasons, among them:
- The user experience left much to be desired.
- User couldn’t access their favorite apps so they still carried personal devices for work, completely undermining the reason for creating custom-built devices in the first place.
- Government devices’ conspicuous appearance makes them stand out in the crowd, putting both the information they contain and their users at risk.
- Long design and implementation cycles render such devices obsolete, often before they are even released.
- Such devices are extremely expensive when compared to the cost of consumer smartphones.
Another potential solution, mobile device management (MDM) systems, have proven to be effective for managing enterprise devices, but lack the capabilities needed to protect government workers. Such devices can only use the MDM application programming interfaces (APIs) provided by the operating system (OS), and it’s the operating system itself that can’t be trusted on commercial devices. In many cases, it’s the services and core apps running on the OS that are collecting and retransmitting information about the user location, user activity, applications, and more.
Finally, the Mobile Device Fundamentals Protection Profile (MDFPP) developed by the National Information Assurance Partnership (NIAP) has often been used to certify devices for government use. While conformance to MDFPP does provide strong protection against data loss, it does little to address the broader threat stemming from the breadcrumbs these devices leave behind. It also doesn’t contemplate real use case requirements, such as covert use or the use of mobile phones in sensitive or secure facilities. NIAP-certified devices also have no answer to the issue of mobile ad tracking, big data, and analytics.
Given the relative failure of these solutions, many experts believe government agencies have little choice but to either completely prohibit workers from using mobile phones or simply accept the fact that security risks are likely to be present – neither of which is tenable.
A much better strategy may be to modify the mobile device as needed, while maintaining the functionality and attributes that make it great in the first place. To provide verifiable control over access to device interfaces and location, and ensure that leaky apps such as social channels don’t communicate when you don’t want them to, government agencies must have the ability to do four things: override the device’s built-in data collection capabilities; control device tracking of user location and activities; limit ad tracking codes; and disable Wi-Fi and Bluetooth at certain times.
To do that, modified smartphones must include: a boot procedure which verifies the authenticity and integrity of each successive step in starting the phone; operating system controls that can be used to prevent access to user applications and third-party services without authorization; a customer-controlled policy management system capable of applying changes to devices already in the field; regular security updates which can be distributed from the user’s management system using an over-the-air secure update mechanism; and administrative control to prevent tracking of user activity, contacts, location, calls, and other data generated on the smartphone.
Without a doubt, mobile devices are highly effective, almost essential tools for worker productivity. But for those government agencies and their employees who regularly deal with high security situations, they can also represent a significant threat that jeopardizes both the integrity of the information they contain and the lives of those using them. With security on the line, government agencies must make certain employees’ devices have been modified in a way that guarantees absolute control over both access and the various signals those devices may be sending, with or without your knowledge or permission.