Published April 06, 2013
The phrase "good enough for government work" apparently applies to the U.S. Army as well.
The Department of Defense (DoD) recently conducted an audit to evaluate how well the most powerful military force on Earth handled the security issues concerning personal mobile devices in conjunction with its professional duties.
The result: If the study falls into enemy hands, you might want to brush up on your North Korean dialects.
The audit covered the use of iOS, Android and Windows mobile devices among Army personnel and in Army facilities, where the devices joined on-site Wi-Fi networks. Thousands of American businesses face the same issues concerning what is commonly called "bring your own device," or BYOD, security.
The DoD tracked the use of 842 devices, which cost an estimated $485,794. The DoD believes that these findings are indicative of the 14,000-plus mobile devices the Army has purchased for its members.
The DoD discovered weaknesses in the Army's mobile strategy right away. The Army's chief information officer, Lt. Gen. Susan S. Lawrence, who oversees her subordinates' technology, failed to give a number of critical instructions.
Lawrence did not require secure storage for data on mobiles, insist on keeping devices free of malware, monitor mobiles while hooked up to computers or even employ training or user agreements to keep military secrets under wraps, the report said.
The Army does not even know where all of its mobiles are. In theory, personal mobile devices need to be authorized before military use, but the audit found almost 15,000 unauthorized devices in use.
The DoD discovered 276 mobiles in use at one facility; the chief information officer was only aware of 180 of them. [See also: 5 Smartphone Security Features We'd Like to See]
The DoD also found regulations lax when it came to device disposal. While the Army's "Policies and Procedures for Property Accountability" are arduous and often arcane, they still prevent Army property from going missing.
In at least one instance, according to investigators, a programmer failed to report a damaged iPhone, disposing of it on his own and replacing it out-of-pocket. The report posits that this behavior could pose a security risk.
The list goes on: many mobile devices had no password protection, ran on outdated operating systems (leaving them open to exploits) or had no protective software installed.
The Army responded by saying it had developed mobile technology guidelines in 2011, but the DoD does not believe that these measures are sufficient.
Currently, the two organizations are working together to develop better guidelines and rein in some of the more cavalier mobile behavior among members of the Army. In the meantime, just hope that the U.S. Army is as secure as it believes itself to be.