US Army practises poor data security on mobile devices

Pentagon inspector general finds smartphones and tablets the US Army buys are not configured to protect sensitive data and allow remote wipe

The Pentagon inspector general has found that the smartphones and tablets the US Army buys are not configured to protect sensitive data and allow remote wipe.

Individual users are responsible for protecting their data, but spot checks have revealed that data security is poor and inconsistent, reports Wired.

At the West Point military academy, 15 out of 48 inspected mobile devices did not even have passwords that offer the bare minimum of data security.

The Army’s Engineer Research and Development Center in Mississippi had more devices password-protected, but the smartphones and tablets used for two pilot programs “did not meet password complexity requirements,” the Pentagon inspector general found.

Assistant inspector general Alice Carey warned that if mobile devices remain insecure, malicious activities could disrupt Army networks and compromise sensitive defence data.

The spot checks also found that the Army’s chief information officer (CIO) has not set up adequate tracking of the non-BlackBerry mobile devices soldiers use.

Read more on mobile security:

Inspectors found that more than 14,000 smartphones and tablets were in use without obtaining appropriate authorisation from the CIO.

The Pentagon inspector general also found that the Army is not keeping sufficient track of devices that are accessing its networks, increasing the risk of vulnerability to cyber attacks and data leakage.

In some cases, the CIO “inappropriately concluded that [mobile devices] were not connecting to Army networks and storing sensitive information,” the inspector general found.

Inspectors discovered that mobile devices are still being used as removable media, which the military has cracked down on since soldier Bradley Manning used them to transfer hundreds of thousands of military and government files to WikiLeaks.

The inspector general’s findings highlight the fact that the US Army’s data protection practices have not kept pace with the adoption of mobile technology.

The US military is set to make a major push into the mobile market, but the Army has been leading the way among the military services in embracing mobile technologies.

The Army got an app store in beta and it has reconfigured its next-gen dismounted communications system around smartphones. Now its data protection practices will have to catch up.

Read more on Endpoint security