Federal agencies are moving toward “BYOD” mobile policies even as questions about security and privacy continue to arise, according to panelists speaking April 4 at the FOSE conference.
A number of agencies have instituted or are considering BYOD (Bring Your Own Device) policies because many employees rely on their personal smart phones and tablets to manage their lives. The White House is preparing to release a governmentwide BYOD policy.
At the same time, the BYOD trend presents some tricky challenges not fully resolved yet, according to speakers on a FOSE panel.
Because of the ubiquity of smart phones in peoples’ lives, the government is moving toward BYOD “whether we like it or not,” said Rob Burton, partner at the Venable LLP law firm. “But this train may be moving too fast.”
One of the sticking points is whether government agencies have the right to examine or download personal information from employee devices. Burton cited a recent Supreme Court case involving a municipality investigating a policeman for alleged violations. The city downloaded personal information from the policeman’s city-owned smart phone, and the court ruled that was reasonable.
In that case, the court ruled that the government agency had a right to examine the personal information. But if the device had been owned by the policeman, the ruling might have been different, Burton suggested. The privacy expectation presumably would trump any agreements signed by the employee, he added.
Another challenge is security against the growing threat of foreign agents seeking to gain access to U.S. government information, Burton said.
“We think the cyber issues for BYOD are a huge legal area and will be very tough and challenging for corporations and government agencies,” Burton said.
Even at agencies with BYOD policies in place, employees might choose not to participate because of objections to the terms of the policy, according to another panelist at a related seminar.
At the General Services Administration’s Federal Systems Integration and Management Center, about half of the 120 employees currently own personal mobile devices, said Chris Hamm, operations director at the center.
Under an existing BYOD policy and a mobile device management system, the workers are able to use those devices to access email and calendar applications, as well as some other Web browser-based applications, Hamm said.
For connection and integration with GSA’s network, the agency requests that before a device can be connected, the employee sign several agreements for security and access authorizations, Hamm said. One of the agreements is to allow remote wiping of the device under certain conditions.
More from this article here: http://fcw.com/articles/2012/04/04/fose-byod-mobile.aspx
- BYOD Control: Aruba brings it together with ClearPass (netsecurityit.wordpress.com)
- Why Businesses Must Embrace BYOD and Social Media. (itsecurityrisksandsolutions.wordpress.com)
- 77% Of Workers Use Personal iPhones, Other Devices On The Job (cultofmac.com)
U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities
The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.
Gen. Alexander’s warning signals a growing federal …
More on this story here:
The National Institute of Standards and Technology proposed Tuesday Feb 7, 2012 the establishment of an independent identity ecosystem steering group, led by the private sector but working with the federal government, to identify and develop standards and policies to assure the security of online transactions.
The recommendations propose a way to implement the National Strategy for Trusted Identities in Cyberspace, known as NSTIC (pronounced n-stick), a White House initiative to get businesses, advocacy groups, governments and others to improve the privacy,security and convenience of online transactions [see White House Unveils Online Authentication Plan].
“While NSTIC is a government initiative, the identity ecosystem it envisions must be led by the private sector,” Jeremy Grant, NIST’s senior executive advisor for identity management, said in a statement accompanying the release of the report [see Fed’s NSTIC Point Man Jeremy Grant Explains Government’s Role].
“The recommendations we published lay out a specific path to bring together all NSTIC stakeholders to jointly create an online environment, the ecosystem, where individuals and organizations will be able to better trust one another, with minimized disclosure of personal information,” Grant said
NIST, charged by the White House to study the establishment of such a forum, said the group should be structured to safeguard protections for individual privacy and the underrepresented, through mechanisms such as a special privacy coordination committee and an appointed ombudsman.
To get the group started, NIST recommended the government initially fund it through a competitive, two-year grant that would ensure no barriers exist to prevent participation. After a period of initial government support, NIST said, the steering group would need to establish a self-sustaining structure capable of allowing continued growth and operational independence.
The NIST report also includes a recommended charter to help jumpstart the steering group’s initial activities.
NIST also announced its intention to issue a so-called federal funding opportunity for an organization to convene the steering group and provide it with initial secretarial, administrative and logistical support.
Last June, NIST solicited public feedback on the steering group, and received 57 responses. Some 270 people also participated in a workshop, including representatives of business and consumer advocacy groups.
Next up, a March 15 workshop for stakeholders at the Department of Commerce, which NIST is part of, to review the findings and kickoff NSTIC implementation activities in advance of the formal formation of the steering group later in the spring.
- NSTIC puts $10 million toward identity pilot programs (zdnet.com)
- Identity Commons: NSTIC Moving Forward with Pilots and Steering Group (oracleidentity.wordpress.com)
- Federal Standards Body Focuses On Big Data, Cloud (informationweek.com)
- NIST Issues Cloud Security Guidelines (netsecurityit.wordpress.com)