Here’s this bit of news from Tech News Daily.
The Department of Defense (DoD) recently conducted an audit to evaluate how well the most powerful military force on Earth handled the security issues concerning personal mobile devices in conjunction with its professional duties.
The result: [failure]
DoD audited “use of iOS, Android, and Windows mobile devices among Army personnel and in Army facilities, where the devices joined on-site Wi-Fi networks.” The audit found no requirement to:
- secure storage for data on mobiles
- insist on keeping devices free of malware
- monitor mobiles while hooked up to computers or even
- employ training or user agreements to keep military secrets under wraps
- authorize personal mobile devices: almost 15,000 unauthorized devices in use (as a practical matter; the Army nominally requires prior authorization before use)
The audit also found these examples of failure:
- a programmer failed to report a damaged iPhone, disposing of it on his own and replacing it out-of-pocket
- mobile devices with no password protection
- devices using outdated operating systems (leaving them open to exploits)
- no protective software installed
If this is typical, our Army seems wholly unprepared for its role in a cyber strike.