Securing federal mobility from the full spectrum of mobile risk

Predicting the future is never easy, but it’s safe to say that work is becoming more mobile. At least, organizations including federal agencies are giving employees more leeway to work in an on-the-go way. And they’re deploying a growing number of enterprise applications onto mobile devices – smartphones and tablets.

But – and there’s always a but – as federal employees and federal IT systems become more mobile, mobile cybersecurity challenges have multiplied. Deployment of enterprise applications on mobile devices has added to the threats. Now IT and security operations center staffs find themselves dealing with a variety of mobile-specific cyber threat vectors including man-in-the-middle attacks, errant apps, adware and ransomware, and employee attempts to root mobile devices.

To look into best practices and the current thinking in how to deal with advanced mobile threats, Federal News Radio convened a panel of federal and federal market practitioners. They included:

  • Josh Franklin, information security engineer at the National Institute of Standards and Technology
  • Brian Varine, chief for cyber threat intelligence at the Justice Department
  • Vincent Sritapan, program manager for mobile security research at Homeland Security’s Science and Technology Directorate

and

  • Bob Stevens, vice president of public sector at Lookout.

Varine stressed that mobility in many ways remains in infancy relative to what will come in the next 10 years. But he’s looking to fiscal 2018 for the release of new mobile security metrics as he oversees mobile deployments across DOJ. For Franklin, the challenge is making sure NIST guidance – particularly in Special Publication 800-124 – stays out in front of the market and the threat environment.

Sritapan’s agency has released its own comprehensive guidance for federal mobile security. He tells feds to be careful of too much data aggregation on mobile devices and to be aware of an emerging set of threats related to the three radios aboard the average smart phone – cellular, Wi-Fi and Bluetooth.

For Stevens, the issue is bringing in security capabilities beyond what is provided by mobile device management and enterprise mobility management software. Such add-on solutions may be most efficient if accessed in a cloud hosted way.

Host

Tom Temin, Federal News Radio

Tom Temin has been the host of the Federal Drive since 2006. Tom has been reporting on and providing insight to technology markets for more than 30 years.  Prior to joining Federal News Radio, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.

 

Panelists

Josh Franklin, Information Security Engineer, National Institute of Standards and Technology

Joshua Franklin is a cybersecurity practitioner at the National Institute of Standards and Technology (NIST) focusing on mobile security, cellular security, and electronic voting. Joshua leads the Mobile Security Program at the National Cybersecurity Center of Excellence (NCCoE), and the Mobile Data and Application Isolation research intended to secure mobile devices used by first responders.

Brian Varine, Chief for Cyber Threat Intelligence, Cybersecurity Services Staff, Department of Justice

Brian Varine is currently Chief of the Department of Justice (DOJ) Security Operations Center, which is responsible for enterprise-wide network monitoring and incident response management.  He manages the everyday functions of this 24/7/365 team, including cyber threat analytics, cloud and mobile security, tool evaluation and implementation, and security architecture.  Prior to joining DOJ, Mr. Varine held the position of Director of Cyber Incident Management, where he led the daily operations of the Joint Cybersecurity Coordination Center.  He has also held leadership positions at the Department of Energy, US Immigration and Customs Enforcement, Maryland Army National Guard, as well as several commercial companies. Mr. Varine received his Bachelor of Science in Business/Management Information Systems from Oregon State University.

 

Vincent Sritapan, Program Manager for Mobile Security Research, Department of Homeland Security Science and Technology Directorate

Vincent Sritapan is a Program Manager in the Cyber Security Division (CSD) for the Department of Homeland Security Science and Technology Directorate Homeland Security Advanced Research Projects Agency. Sritapan oversees Mobile Security Research and Development (R&D) projects aimed at accelerating the adoption of secure mobility for the department, government and global community to ensure the homeland security mission.

Prior to joining CSD, Sritapan spent three years with the department’s Office of the Chief Information Security Officer as the Technical Lead and Component Coordinator in the Information Security Architecture and Engineering Division.

Sritapan holds a bachelor’s of science in Information Systems from California State University Northridge, a master’s in National Security Studies and an MBA in Information Assurance and Security Management from California State University San Bernardino.

Sritapan teaches cyber as an Adjunct Assistant Professor at Northern Virginia Community College and is a direct commissioned Information Professional Officer in the United States Navy Reserve. He is a National Science Foundation CyberCorps Scholarship for Service Alumnus and an Office of the Director of National Intelligence—Intelligence Community Scholar Alumnus.

Bob Stevens, Vice President of Public Sector, Lookout

Bob Stevens is Vice President of Public Sector at Lookout where he focuses on helping government agencies secure data and internal app stores while respecting employee privacy. A government technology executive for more than 25 years, he started his career as an engineer in the Air Force, and later served at the White House Communications Agency, before going on to lead Symantec Federal and helped establish Juniper Networks Federal Systems.