What is, in your opinion, the biggest challenge in protecting sensitive information at the government level?
The mobile nature of information poses a significant challenge at the government level. Data no longer simply resides within the network; it exists on mobile devices and data that is on a network can be accessed from virtually anywhere. In addition, compromising a mobile device itself can place the government at risk.
Spyware exists today that can track a person via GPS, monitor all voice, e-mail and text messages and even remotely and silently enable the microphone to listen to ambient voice conversations. As such, managing the integrity of the mobile devices is of paramount concern and is a significant challenge. Mobile devices are in need of the same protection as PC's, as they require antivirus, firewall, encryption, etc. Government agencies frequently find their mobile devices do not have this protection in place, which jeopardizes the integrity of the device and their sensitive data.
We are becoming increasingly aware of the dangers posed by mobile devices that contain confidential information and that are subject to theft, loss or breach. What can the White House specifically do in order to mitigate those risks?
Only senior staff members and those with proper security clearance use mobile technology such as laptops and smartphones. Rules limiting usage are in place and all communication is closely monitored. Limitations on staff use of mobile devices include a mandate that they not leave the U.S. Meanwhile the White House has taken steps to secure the devices used on U.S. soil as well.
Anti-virus and anti-malware software as well as firewall and applications that can remotely wipe the memory in the event of loss are all readily available and in use. Vendors, like SMobile Systems have been in use on many levels to provide various departments and staffers critical protection for sensitive data.
Based on your experiences, what set of devices are the most hard to secure?
Any mobile device can be hard to secure because they are more susceptible to a physical compromise. We kept a close eye on usage – monitored for uncommon activity and enforced strong protocol for use. Each device was protected with security software and always accounted for.
Do you personally think the President Elect should use a mobile device and/or e-mail once in the White House? Would that change a lot of security procedures?
At this point, the question is moot; President Obama will get to use a secure mobile smartphone. When asked prior to the decision, I have said that his staff can keep him apprised and connected. But as our first connected President with access to his own email, we are looking at a watershed moment for government technology.
I do know that he will be subject to the strictest enforcement of the protocols designed to protect both the information he holds and the President himself. We must also remember that these are not one-way tools. There are people on the receiving end of his transmissions that are also targets.