DoD and BYOD

Home Forums Technology DoD and BYOD

This topic contains 1 reply, has 1 voice, and was last updated by  Henry Brown 5 years, 7 months ago.

  • Author
    Posts
  • #177769

    Henry Brown
    Participant

    DOD IG Audit:
    What we Did

    Our objective was to determine whether the Department of the Army had an effective cybersecurity program that identified and mitigated risks surrounding commercial mobile devices (CMDs) and removable media.

    Specifically, at the sites visited, we verified whether Army officials appropriately tracked, configured, and sanitized CMDs. Additionally, we determined whether the Army used authorized removable media on its network.

    What We Found

    The Army Chief Information Officer (CIO) did not implement an effective cybersecurity program for CMDs. Specifically, the Army CIO did not appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army. Additionally, at the sites visited, the Army CIO did not:

    ensure that Commands configured CMDs to protect stored information. The CIOs at United States Military Academy (USMA) and United States Army Corps of Engineers (USACE) Engineer Research and Development Center (ERDC) did not use a mobile device management application to configure all CMDs to protect stored information. require CMDs to be properly sanitized. CIOs at USMA and USACE ERDC did not have the capability to remotely wipe data stored on CMDs that were transferred, lost, stolen, or damaged. control CMDs used as removable media. The CIOs at USMA and USACE ERDC allowed users to store sensitive data on CMDs that acted as removable media. require training and use agreements specific to CMDs. The CIOs at USMA and USACE ERDC did not train CMD users and require users to sign user agreements. These actions occurred because the Army CIO did not develop clear and comprehensive policy for CMDs purchased under pilot and non-pilot programs. In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information. As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cybersecurity attacks and leakage of sensitive data.

    Download PDF file

  • #177772

    Henry Brown
    Participant

    More Information and COMMENTARY from Defense Systems.com

    The inspector general of the Defense Department reports that the Army’s Chief Information Office/G-6 has, in essence, lost control over commercial mobile devices (CMD) within the Army, and that more than 14,000 smartphones and tablets are untracked. The upshot is that the Army CIO office does not have an effective cybersecurity program that identifies and mitigates risks surrounding CMDs and removable media, according to the DOD IG.

    “The Army did not implement an effective cybersecurity program for commercial mobile devices,” wrote Alice Carey, assistant DOD inspector general for readiness, operations and support, in a memorandum dated March 26. “If the devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DOD information.”

You must be logged in to reply to this topic.