Mobile Phones – Cyber Security Threat Within US Department of Defense

Cyber Security Threat

A recent whitepaper on cyber security in the US government reveals that that the increasing number of mobile phones being used within federal agencies is escalating the risk of cyber threat from inside agencies. It also cites employees as the key to insider threats, and recommends that more money be spent addressing this issue.

Titled Cybersecurity in the Federal Government, the report commissioned by management software company, SolarWinds tackles the many challenges IT professionals currently face trying to prevent both external and internal IT security threats and attacks. It also suggests ways that Government and the private sector can help to mitigate the growing risks of cyber attack.

 

Based on a study undertaken by the North American communications company, Market Connections, the whitepaper explores growing “insider threats” within the Federal IT community, acknowledging that this type of threat is the most damaging, and currently creating the greatest concern within government. It looks at the impact of mobile devices as an increasing insider threat; and examines investment trends that are moving toward attempting to mitigate insider threats. It also considers insider threat prevention techniques and tools cyber security managers within government are able to implement.

The increasing use of mobile technology was cited as “the top obstacle for preventing insider threats” within federal agencies. A total of 56 percent of participants in the study believed the mobile devices were an obstacle when it came to preventing accidental cyber threats; and 44 percent said it was an obstacle for preventing malicious threats. A third of those involved in the study believed that agency data on government-owned mobile devices was most at risk. By comparison, only 29 percent were worried about contractor- or employee-owned devices.

According to Joel Dolisy, CIO of SolarWinds, the concerns regarding mobile devices are likely to increase as federal agencies implement more bring-your-own-device programs. “This shift in technology at work will likely contribute to the increased risk from insiders,” he said. Further, because federal agencies generally see external threats as a greater risk, internal threats don’t attract the same resources as external threats, he said.

Insider Threats

 

The study was commissioned in December last year (2014) to assess just how much hacking comes from malicious outsider attacks and how much is due to insider threats. While federal agencies spend a vast amount of money preventing attacks from outside – especially those identified as originating in other countries including China and Russia – those managing cyber security within US federal agencies have been concerned for some time about insider threats.

It followed a previous study earlier in the year, which revealed that because people are so unpredictable, whether through malicious intent or human error, they pose a “damaging threat” to government agency cyber security defenses.

According to the US Defense Contract Management Agency (DCMA)’s director of operations, the Department of Defense has positioned itself quite strongly against external cyber threats, but malicious or accidental insider threats have caused more problems. This was largely because people within agencies largely “do what they want” and see security as a form of interference, he said. Additionally, some of the younger employees have “skills to successfully work around security protocols.

While more than half of respondents in the study believed that insiders were the biggest security threat to federal agencies, 38 percent were convinced that whether from external or external sources, malicious threats were the most damaging breach suffered. A total of 23 percent said malicious insiders were the biggest cyber security threat of all.

Primary security threats cited were:

  • The general hacking community (46 percent)
  • Foreign governments (38 percent)
  • Hacktivists (30 percent)

When asked where data was most at risk, 47 percent said personal computers, and 42 percent said removable storage media.

Ultimately, the study cited a simple solution to addresses insider threats. Agencies must know what devices are used on their networks as well as who is using them and when they are using them. They also need to establish what is being used in the network operation, and whether it is virtual, mobile or desktop based.

Internal threats will continue to exist as long as agencies continue to employ people, so agencies need to make at least an equal investment in addressing insider threats,” the report states.

By Penny Swift

Jim Fagan

Behind The Headlines: Capacity For The Rest Of Us

Capacity For The Rest Of Us We live in the connected age, and the rise of cloud computing that creates previously unheard of value in our professional and personal lives is at the very heart ...
Martin Mendelsohn

Of Rogues, Fear and Chicanery: The Colonial Pipeline Dilemma and CISO/CSO Priorities

The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Brian Rue

What’s Holding DevOps Back

What’s Holding DevOps Back And How Developers and Businesses Can Vault Forward to Improve and Succeed Developers spend a lot of valuable time – sometimes after being woken up in the middle of the night ...
Gamestop NFT

Could GameStop Issue An NFT Dividend?

NFT Dividends A Non-Fungible Token (NFT) is a piece of data that is stored on a blockchain that certifies a digital asset to be unique. An NFT can represent pictures, videos, GIFs, audio and other ...
James Corbishly

Addressing Teams Sprawl in the Remote Workspace

Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.