DOJ Weighs ‘Bring Your Own Devices’ Amid Increased Threats
The agency wants stronger industry standards around cybersecurity before considering a more tailored mobile device policy.
Officials at the Department of Justice reiterated the agency’s policy to use corporate-owned, business-only (COBO) mobile devices rather than personal devices, even as agencies across government work to implement zero trust architecture and multi-factor authentication amid bring-your-own-device (BYOD) policies.
DOJ Mobile Security Programs Manager Michael McHugh said the agency isn’t quite on board yet with allowing personnel to use their own devices in the face of high security risks and increasing cyber attacks on government systems.
“The containerization approach from different manufacturers and third parties, we just have not seen industry catch up with really hardening the environment and separating out and sandboxing that data,” McHugh said during a FedInsider webinar.
Threat actors are increasingly targeting specifically mobile devices, which can enable bad actors to move laterally within an organization.
“All of those kinds of social engineering techniques, which are really just about getting credentials from the device. … They are getting legitimate credentials … to get other data out of the organization or compromise other individuals,” said David Richardson, vice president of product, endpoint and security at Lookout, during the webinar.
DOJ has experienced both successes and challenges with its device policy.
Sharing between legacy and mobile devices creates visibility gaps, and due to manufacturers’ limited access to security management tools, mobile devices can’t be managed like legacy equipment can. Cyberattacks often start on mobile devices, allowing bad actors access to legacy devices later, McHugh said.
But at the Bureau of Prisons, for example, the policy is helping to ensure incarcerated prisoners can use technology once released.
“Whether it is an inmate going to a doctor’s visit or going to a learning facility or joining a conference like this to learn about mobile security, mobile impacts them,” McHugh said. “It is my job and [the bureau’s] job to secure that experience and make it beneficial.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Rising Threats Push Agencies to Revamp Cyber Defenses
NIST and DHMS officials boost data security with the evolution of CSF 2.0 and push toward attribute-based access control amid the rise of AI.
3m read -
Mark Green: ROTC-Like Program, Automation Can Impact Federal Cyber
Policies like the proposed Cyber PIVOTT Act could be critical boosts to federal cybersecurity challenges fraught with compliance burdens.
5m read -
CMMC is a National Security Imperative, DOD Official Says
Stacy Bostjanick says CMMC ensures robust cybersecurity to protect against cyber espionage and secure the nation's competitive advantage.
3m read -
Trump Nominates Former DOE Cyber Official to Lead CISA
Sean Plankey, federal cyber leader during President Donald Trump's first administration, has been tapped to lead CISA.
3m read
