Cybersecurity is lax for some
14,000 commercial mobile devices used at the U.S. Military Academy and the
United States Army Corps of Engineers Engineer Research and Development Center,
according to a report released March 26 by the U.S. Department of Defense
Inspector General's office.
Not only had the Army's Chief
Information Officer not implemented an effective cybersecurity program to
manage the devices, the IG reported, but he was unaware that the 14,000 devices
were being used throughout the Army by soldiers and civilians.
Cybersecurity sins found by the IG
at West Point and Corps of Engineers center included:
- Absence of a mobile device management application to protect data on the devices;
- Absence of a facility for wiping all data from a phone should it be lost or stolen;
- Ability to use the devices as removable media for the storage of sensitive data; and
- Absence of training and user agreements.
"These actions occurred
because the Army CIO did not develop clear and comprehensive
policy for CMDs
[commercial mobile devices] purchased under pilot and non-pilot programs,"
the IG's report said.
"In addition, the Army CIO
inappropriately concluded that CMDs were not connecting to Army networks and
storing sensitive information," the report said. "As a result,
critical information assurance controls were not appropriately applied, which
left the Army networks more vulnerable to cybersecurity attacks and leakage of
sensitive data."
In a response to the report, the
Army's CIO said that policies are in place to address the concerns raised. He
said that a request for proposal would be aired by the military branch this
month and systems installed within the next 12 months to give it visibility of
all devices and meet the governance and oversight recommendations.
Gaps
In Security
Normally, one would believe that today’s MDM solutions have the appropriate security measures in place; however, you would be sadly mistaken, for many of these solutions were born from billing consolidation and lack the appropriate infrastructure to perform a comprehensive security solution. Many rely on an honor system that suggests that they use a particular browser that will ensure their security mechanisms are in place. Others have solutions better security measures; however, as soon as their VPN is turned off, so is that ingenious solution.
MDM Today
The
capabilities of an MDM product fundamentally depend on the management
interfaces made available to it by the underlying mobile operating system. In
fact, even when an MDM vendor provides a similarly-named product for multiple
mobile OS platforms, considerable differences exist between the enterprise management
capabilities possible on each platform. Furthermore, neither MDM products nor
any commercially-supported 3rd party software enable an enterprise to carry out
arbitrary modifications to the underlying mobile OS platform. This represents a
fundamental departure from the traditional managed desktop paradigm, in which 3rd
party software can run highly-privileged code with power equal to that of the
operating system. Yet, mobile OS platforms include very powerful security-enhancing
features such as application isolation and mandatory code signing that have yet
to be widely implemented on desktop or server platforms. In fact, for the general-purpose
use case, it is not at all clear that the lack of some enterprise controls
makes these mobile devices less secure than other platforms.
MDM
products typically involve an agent on the mobile devices, a server component
used by administrative personnel within an enterprise enclave, and an intermediary
server operated by the platform vendor. The on-device agent may be a hidden
part of the mobile OS itself, or it may take the form of a 3rd party app distributed
through online app repositories. The intermediary server maintains a continuous
connection to the devices to facilitate on-demand queries such as push notifications
initiated by the enterprise. Some MDM products depend on additional network
infrastructure, which may compel additional risk considerations.
Gaps for Specialized, High-Security
Use Cases
Most
commercially-supported MDM products and the platforms on which they run are
designed for general-purpose use and for compatibility with the BYOD scenario.
This means that many feature trade-off s have been made that are detrimental to
specialized scenarios having higher security requirements. Implementation of
the following features would significantly advance the suitability of
commercially-available mobile devices for more specialized, high-security use
cases across government and industry.
Binding Only to Trusted Wireless
Networks.
The
ubiquitous wireless connectivity of mobile devices is the source of much of
their perceived
Automatic, Comprehensive VPN
Connectivity.
Many
VPN implementations, such as those provided by “SSL VPNs,” ensure only that a
subset of a device’s network communications are cryptographically protected and
routed to a trusted enclave. Only when all of a device’s network layer
communications transit a trusted
enclave is the enterprise positioned to defend in depth against network attacks
aimed at the mobile devices. Furthermore, enterprise enforcement of this configuration
ensures that users are not burdened with
manual setup, and enterprises have
confidence in their ability to provide network-based defenses to mobile devices.
Verifiable Device Integrity.
Some
MDM solutions attempt to detect
modification of the underlying platform,
but since the MDM agent has limited privileges and is susceptible to compromise by malicious
privileged software, these stand little
chance of detecting a targeted attack by
a capable adversary. An immutable cryptographic root of trust on the platform, available to be
leveraged by MDM or other software,
provides a means of countering this
threat. This provides the ability for devices to credibly attest their integrity to an enterprise and
also soundly carry out any local policy
decisions. The availability of this root of trust to other software can powerfully
complement a chain of trust which begins
at boot and extends into system runtime,
already available on some platforms. An additional
benefit to an immutable root of trust is that it allows an enterprise to bind the unique
identity of that device with other
credentials to restrict enterprise access to only those devices. In effect, the device
itself can become one of the factors of
a multi-factor access.
Cryptographic Trust Management.
Enterprise-managed
devices that connect exclusively to an
enterprise intranet have no need to
trust many of the root Certificate Authorities
that are trusted by default on the platform. To reduce the risk of compromise through
fraudulent certificates, enterprises
using devices in high-security scenarios
should have the ability to remove root Certificate Authorities from managed devices’ trust
stores. Given the recent, high-profile
compromises of certificate authorities and
certificates, a compelling case exists for this capability in the general purpose use case as well.
AMIRITE?
Yes, this all holds water with only one exception, there is a solution that came out before its time two years ago and is now finding its niche. ContinuityFocus.com has an MDM solution that addresses all of the above and even has a loadable kernel for those who really want to control a device when its off reservation. In all fairness though, we shall not devulge the product, for this is not a marketing vehicle. However it is a wake up call.
Source(s)
So “Once more unto the breach, dear friends, once more;”
____________________________________________________________
About Rick Ricker
An IT professional with over 21 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff