DHS looking for industry expertise in protecting ‘mobile ecosystem’

The Homeland Security Department recently issued an RFI on threats to mobile device security. The RFI includes a survey and room for the private sector responde...

Smartphones and tablets are tools to aid in an agency’s mission, but they’re also a target for attack.

That’s why the Homeland Security Department is taking a look at the government’s “mobile ecosystem” and it’s asking the private sector for help in focusing that lens.

DHS recently issued a request for information on mobile device security. Vincent Sritapan, program manager for the department’s cybersecurity division, told Federal News Radio in an interview that industry’s opinion matters because “we can’t do this without them.”

“Who has the best mobile threat intelligence on the planet? In my opinion it’s not the government,” Sritapan said. “We might have some in different pockets, but it’s industry that has it. Industry runs the actual mobile infrastructure, the networks that exist. It’s industry who we need to work with.”

The RFI  asks for “input on products, services, capabilities and technologies” related to the government’s use of smartphones and tablets, and related threats and defenses.

Responses to the RFI are due Aug. 22. Sritapan said there are no plans for a request for proposals nor will an acquisition be following the RFI. But industry can get credit for its input, he said.

“I will tell you the information here will shape programs, whether it’s in [science and technology], whether it’s in other offices that exist for mobility, the DoD, the [intelligence community], the federal civilian space. People are very cognizant of what we’re doing here and what’s available today,” Sritapan said. “We’re willing to give you credit on this coverage or this defense, maybe that helps out your company. But the idea is we’re all about protecting the American people and the citizenry to use mobile going forward.”

The RFI is required under the Cybersecurity Act of 2015. Once the responses are collected DHS will turn over its findings to Congress in mid-December.

Chat with Jonathan Alboum, USDA CIO, July 26 at 2 p.m. Sign up here.

“The whole point for this RFI is to support this Congressional study on mobile device security, bring awareness to what are the real threats, what are the defenses that exist today and how can we move  forward,” Sritipan said. “Most definitely we’re going to find gaps, where threats exist and defenses do not. That ‘s an area where DHS S&T can use that as future research areas that are a concern that commercial industry can go after, the research community can go after.”

Survey and standards

mobileecosystem
Mobile Ecosystem

The RFI has two parts, a survey worksheet for threats, products, services and technologies, and a standards and best practices section.

For the survey, respondents are asked to:

  • Identify the threats to the mobile ecosystem your product, service or technology defends against. Provide applicable information on how your product, service or technology works and whether it fully or partially mitigates each threat, noting which portion of the threat is addressed.
  • Identify any other applicable threats to mobile ecosystem components that the government should take into consideration and, if possible, partial or full mitigation techniques that may be available.

RFI respondents are given as much as 15 pages for the industry standards and best practices section. In this portion, industry members are asked:

  • What are the demarcation points on a mobile communication chain that need attention and are not already covered by industry?
  • Are there any standards that have stalled or should be started that could be leveraged to improve security?

Meeting mission

Sritapan said the long-term goal of the RFI is to “secure the use” of mobile devices in government missions.

“We’re talking about not mobile as a technology because it’s so awesome, it’s just another way that we use to do our mission. It’s a tool essentially,” Sritapan said. “We’re just trying to ensure that security isn’t just another bolt-on or it’s a road block that we can’t do our mission.”

DHS is hosting two industry days to answer questions about the RFI. One day was hosted July 20 in Washington, D.C., and a second day is set for early August in Menlo Park, California.

Sritapan said DHS is also sending interview requests to various stakeholders in the telecommunications and mobile device management markets, so it can ask its own questions of the private sector.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    DHS playbook strives for consistency of mobile apps

    Read more
    A woman uses an Android smartphone in Brussels on Wednesday April 20, 2016. The European Union is broadening its battle with Google, alleging that the technology giant rigs the global market for mobile apps by making its Android operating system give preferential treatment to its own products. EU Antitrust Commissioner Margrethe Vestager said that

    DHS looking for industry expertise in protecting ‘mobile ecosystem’

    Read more