Analysis: Savings from going mobile can’t come at cost of security

The Air Force canceled a plan last month to acquire Apple’s iPad tablet for the electronic flight bag program. Next Gov reports the Air Force had received questions about the tablet’s use of Russian-developed software.

“It would seem on the surface of it — and there’s no finger point here — that they [the Air Force] probably should’ve done a little more research before that initial procurement notice went out,” said Tony Busseri, CEO of Route 1, in an interview with The Federal Drive with Tom Temin.

This recent episode is a warning for other agencies to not rush into going mobile with first ensuring “we’re not creating greater compromises to our network security,” Busseri said.

The government’s adoption of mobile devices is only in its early stages — “the first inning in a nine-inning ball game,” as Busseri put it. People hear about “wonderful, sexy new tools that are available for individuals, and we ask the question of ourselves, ‘Why can’t they be available in a working setting within government or industry?'” he said.


Homeland Security Presidential Directive 12, or HSPD-12, set the standard for authenticating people accessing data. With tablets, agencies are still struggling with HSPD-12 compliance, Busseri said.

“If you don’t know who’s using the data, you’re opening yourself up to a lot of issues … and the simple security principle is you have to authenticate the individual so you know what entitlements or access they should have,” he said.

Even with the inclusion of mobile devices, agencies must figure out how to maintain that data behind a firewall, he added.

“Anytime we extract data outside of the firewall, we’re increasing additional vulnerabilities, not just of where that data’s going and who’s using it, but we’re opening holes in that fortress wall and potentially letting some nasty things to come in,” he said.

As federal budgets are squeezed, Busseri reminds agencies to “challenge ourselves that the paradigm that says ‘Better security is going to be more cost’ is not accurate.”


NIST issues new WiFi security guidelines

Wiki allows agency mobile-app developers to share best practices