As hackers become more sophisticated, the top IT officer at the Department of Homeland Security says he needs better mobile security features compared to other U.S. government agencies.
The Department of Homeland Security “really operates differently than [the Department of Defense]. We are a very mobile organization, so my attack vectors are out there,” said John Zangardi during the Billington Cybersecurity summit Sept. 7. “We are out there on our mobile devices all day long, and that’s not the case with DoD.”
Zangardi would know. He previously served as the Pentagon’s acting chief information officer from October 2016 to November 2017.
In the 2017 Homeland Security industry guide, which lays out the department’s investment opportunities, the agency said it was looking to secure communication systems and monitor cyberthreats in mobile devices. Homeland Security has also invested in research to ensure Android phones are secure and is planning to study end-to-end cellphone call encryption.
Zangardi said the IT industry is going through an “inflection point” that is being driven by a faster rate of innovation, bolstered digital threats from nation-states and a greater demand for consumer expectations.
Amid the shifting digital environment, Zangardi laid out a set of priorities that expanded on his call for greater mobile security. He said the agency was “increasingly moving up to the cloud,” which “raises questions about how do I secure connections.”
He also said that the flurry of mergers and acquisitions mean that the department has focused more attention on supply chain risks. As a result, Zangardi said he must “have more and more assurances that the right risk management posture is in place.”
Still, the department says it has been successful in stopping email-based hacking attempts. Zangardi said the department received more than 30 million emails from December 2017 to May 2018. Roughly 1,200 emails made their way past the agency’s spam folders, and 10 users clicked on the malicious links. But because of other defenses, no users were confirmed to have been compromised.