Security

As Mobile Users Increase, Agencies Turn to CDM for Guidance

NASA, DOD and others leverage federal tools to simplify security for devices.

Twitter

Elizabeth Neus is the former managing editor of FedTech and the former producer of FedTech's award-winning Feds in the Field video series. The Washington Nationals are her team; 80s Brit pop is her sound.

Agencies are rushing to better secure mobile devices as use expands exponentially among both federal workers and the citizens they serve.

Of the 2.6 billion visits to government websites in the past 90 days, nearly half came from a mobile device — 42 percent from a phone and 6 percent from a tablet, according to statistics on analytics.usa.gov on Aug. 30.

On the employee side, the Defense Department went from 30,000 mobile users about three years ago to 120,000, with about 4 percent growth in mobile use every month, said Jake Marcellus, manager of the DOD’s mobility program.

Mobility brings different issues depending on how the device makes its way into the system — either BYOD, government-issued but user-enabled, or government-controlled.

“Each one of these has a different threat path,” said Jim Quinn, senior adviser to the Continuous Diagnostics and Mitigation (CDM) program management office, speaking at the ATARC Federal Mobile Technology Summit on Thursday. “The devices really have become an item of concern.”

Security Standards Become a Primary Focus

The CDM program is currently focused on mobile security — how devices and their users interface with the network. The process includes a streamlined acquisition system that gives agencies a list of preapproved products and vendors that meet federal security standards.

“When we do award technologies, we want to be sure we’re awarding best of breed. We want to make sure that we really focus on innovation,” said Kevin Cox, the CDM program manager at the Department of Homeland Security.

The move toward specific standards for mobile is a strong benefit for agencies who regularly work with a host of outside contractors. NASA has more than 70,000 mobile users, but only 18,000 are actual government employees, said Keith Bluestein, NASA’s associate CIO.

The rest often work for huge contractors such as Boeing or CACI, “and they all have their own solutions that they bring to our environment,” Bluestein said. “So we have great complexity, and we’re trying to establish a baseline. We’ve really leveraged the CDM rules — thank God for CDM, because that forced a baseline across all of government. Now industry is like, ‘Okay, that’s the standard we’re all going to as well.’ It’s really helped us.”

CDM is also upgrading its federal cybersecurity dashboard and should have all 23 agencies covered by the CFO Act connected by the end of September, Cox said. Twenty of the agencies are there now, as well as four smaller agencies not covered by the act. Another 15 smaller agencies should be on the dashboard by the end of the month as well, he said.

“We want to help agencies identify their overall security posture and cyberhygiene as soon as possible,” he said. “It’ll be similar to a credit score; you know where you fall within the range of scores.”