Employees bringing their own digital devices to work is a security headache for many large organisations today – even, it seems, the U.S. military.
You don’t have to be a fan of the HBO series Homeland to know this is a problem, although the use of SMS from a civilian cellphone smuggled into a situation room to disrupt a terrorist takedown, in Season 2, Episode 2, was implausible, it made for high drama.
Now there is a report from the U.S. Department of Defense’s Inspector General that pinpoints serious security failings around 14,000 commercial mobile devices used by soldiers and civilians, devices of which the Army CIO was apparently not aware.
The Inspector General’s report found that commercial mobile devices or CMDs were used as remote storage devices for sensitive data, and lacked software to protect the information – or remote-wipe software to destroy it in case of loss. Users of the devices had also not been trained in their use.
“The Army did not implement an effective cybersecurity program for commercial mobile devices. If devices remain insecure, malicious activities could disrupt Army networks,” said the Inspector General’s report.
The devices were used at the U.S. Military Academy and the United States Army Corps of Engineers Research and Development Center.
“These actions occurred because the Army CIO did not develop clear and comprehensive policy for CMDs (commercial mobile devices),” the report said.
The Army’s CIO said that new systems will be put in place within the next 12 months to deal with the problems.
The trend for “BYOD” – Bring Your Own Device – affects almost all businesses. In a poll commissioned by ESET last year, 81% of 1300 American adults surveyed said they used personal electronic devices for work – with many engaging in unsafe practices such as using public Wi-Fi. Details of ESET’s survey can be found here. In addition, ESET Senior Research Fellow Righard Zwienenberg has written extensively on the security challenges posed by BYOD.
Author Rob Waugh, We Live Security