DHS warns Congress of security threats to phones

DHS warns Congress of security threats to phones
© Getty Images

The Department of Homeland Security has sent Congress a study warning of security threats to mobile devices used by the federal government.

The study on mobile device security, mandated by a 2015 law, offered a series of recommendations for the U.S. government to safeguard smartphones and tablet computers against threats from nation-states, criminal hackers, and others, DHS said on Thursday.

The study was produced by DHS's Science and Technology Directorate in coordination with the National Institute of Standards and Technology (NIST), a government body that produces optional standards on information technology and cybersecurity. 

“The [study] has found that threats to the mobile device ecosystem are growing, but also that the security of mobile computing is improving,” Dr. Robert Griffin, acting undersecretary for Science and Technology, said.


“It outlines several important recommendations to strengthen security that will help the Federal government keep pace with current and emerging threats.”

The study was mandated by the Cybersecurity Act of 2015, legislation aimed at enhancing information sharing about cybersecurity threats. DHS said that the study drew on significant input from the mobile industry and academic researchers. 

It outlined a range of threats to mobile devices used by the federal government, including those posed by nation-states, organized crime and hackers, DHS said. It also touched on threat patterns that target consumers, including ransomware, banking fraud and identity theft.

The study warned that federal government device users could be at increased risk because of their employment. These devices could also be used to attack back-end computer systems that hold sensitive data on Americans and government operations, the study said.  

Recommendations offered by the report include adopting a mobile device security framework and starting an information-sharing program to address mobile malware and vulnerabilities.

The report also recommended the establishment of a new research program to focusing on lapses in mobile network infrastructure security.

DHS is tasked with securing federal networks and U.S. critical infrastructure from cyber threats.