Mobile devices and apps pose cybersecurity challenges
Mobile device adoption in federal agencies is challenging current cybersecurity thinking in many ways, said members of a panel speaking March 23 at a breakfast hosted by AFCEA Bethesda.
"I'm not staffed to look at 500 DOJ component apps," said Holly Ridgeway, deputy chief information security officer at the Justice Department, who noted that many parts of her departments are eager to build apps for theirs' and the public's adoption.
"From a department standpoint, I've got to come up with what's the policy, and how am I going to certify these applications to make sure that our information isn't compromised," she added.
Dan Galik, the Health and Human Services Department CISO, also noted the impossibility of trying to examine every app utilized by federal workers. Some agencies are attempting to do so, he said, but "you can't keep pace."
The introduction of mobile devices and apps has changed the risk-based decision making calculus, Galik added, since many federal workers are unwilling to stop utilizing apps. "They don't want to come into the government work environment and feel like they're taking two steps back."
"They're going to go mobile with or without us," said Gil Vega, the Energy Department CISO.
The introduction of mobile devices adds a new dimension to federal cybersecurity, too, said Ridgeway.
Already, there have been "tons" of lost mobile devices, she said, meaning that agencies must now consider how many lost or stolen devices they're willing to live with.
Theft of electronic devices on public transportation is also a problem, she added. Snatch and grab thefts of electronic devices in the Washington, D.C.-area metro system have been on the rise, with thieves taking advantage of riders situated near closing doors to make a getaway.