DHS IG: ICE did not use appropriate mobile device security settings, installed custom-developed mobile applications that contained vulnerabilities onto mobile devices, and allowed employees and contractors to download risky applications onto mobile devices Image: DHS, ICE
By: FEDweek StaffIn the latest in a series of inspector general reports warning of security risks in mobile devices agencies have issued to their employees, the IG at Homeland Security has said that Immigration and Customs Enforcement “did not effectively manage and secure its mobile devices or the infrastructure supporting the devices.”
A report said that ICE has issued more than 21,000 cell phones, tablets and other mobile devices that provide connectivity to ICE information systems and work-related applications. “Although mobile devices increase workforce mobility and productivity, they also increase the risk of cyberattacks or loss of sensitive data,” it said, noting that the agency also allows personnel to install outside applications such as those related to maps, weather and airlines “for personal convenience.”
“ICE did not use appropriate mobile device security settings, installed custom-developed mobile applications that contained vulnerabilities onto mobile devices, and allowed employees and contractors to download risky applications onto mobile devices,” it said.
It said that 33 of 45 mobile device security settings that auditors reviewed did not meet Defense Information Systems Agency standards as required by DHS policy; one of the custom applications contained three critical and five high-risk vulnerabilities that the agency was unaware of until alerted by the IG; and some of the third-party apps downloaded “are associated with foreign adversaries.”
Further, it said, ICE did not fully use mobile device management and threat defense tools, nor identify and address vulnerabilities of web applications and mobile device infrastructure servers, and noncompliant mobile device infrastructure security settings.
It said management concurred with all eight recommendations to address those issues.
The IG last year had issued an alert to departmental management of potential espionage, leaks, and attacks from viruses on mobile devices issued to ICE employees, saying that similar issues could apply to other DHS components. Since then, IG offices at agencies including the IRS and USPS have also called attention to security vulnerabilities and unauthorized software on devices issued to employees.
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…
