Yet mobile security remains a work in progress. To gauge that progress and explore the opportunities for improvement, Federal News Radio convened a panel of mobile policy and security experts to explore the crucial topic of mobile security in government.
Vincent Sritapan, program manager in the cybersecurity division of the Science and Technology Directorate at the Homeland Security Department
Jon Johnson, enterprise mobility team manager at the General Services Administration
Joshua Franklin, information security engineer at the National Institute of Standards and Technology (NIST)
Johnny Overcast, director of government sales at Samsung Electronics America.
Johnson pointed out how the three agencies are working in concert to develop mobile security standards and practices, noting the government’s intense interest and leadership in cybersecurity writ large.
At NIST, Franklin explained, several special publications, notably 800-124, address mobile security. Under continuous research and updating with industry input, projects there cover topics as diverse as mobile virtual private network (VPN) security, derived credentials, and safety in uses of 4G LTE wireless services.
Sritapan outlined several technologies into which the directorate is investing in research. These include improvements in network architectures, baseband firmware on devices, and continuous authentication. Some four dozen organizations have responded to the DHS request for information, offering 145 potential ideas – in less than two months since the RFI went out. He said one promising strategy is to bake continuous diagnostics and mitigation – which agencies are using for their Ethernet-connected computers – into mobile device management software.
At Samsung, the Knox product is successfully hardening its Galaxy smartphones down through the operating system level to the processor, providing a hardware “root of trust”, according to Overcast. The devices provide strong VPN support, on-board encryption, and trusted memory zones to keep enterprise data and applications secure and apart from social media and other applications users typically have on their phones. It amounts to assurance for what Overcast calls GOPE – government-owned, personally enabled – devices.
This discussion will get you up to date on the latest strategies and technologies to boost mobile security in your agency.
Tom Temin has been the host of the Federal Drive since 2006. Tom has been reporting on and providing insight to technology markets for more than 30 years. Prior to joining Federal News Radio, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.
Vincent Sritapan, Program Manager, Cyber Security Division, Science and Technology Directorate, Department of Homeland Security
Vincent Sritapan is a Program Manager in the Cyber Security Division (CSD) for the Department of Homeland Security Science and Technology Directorate Homeland Security Advanced Research Projects Agency. Sritapan oversees Mobile Security Research and Development (R&D) projects aimed at accelerating the adoption of secure mobility for the department, government and global community to ensure the homeland security mission.
Jon Johnson, Enterprise Mobility Team Manager, GSA
Jon Johnson serves in the GSA Enterprise Mobility Program within the Office of Integrated Technology Services (ITS) in GSA’s Federal Acquisition Service (FAS). The Federal Acquisition Service provides buying platforms and acquisition services to Federal, State and Local governments for a broad range of items from office supplies to motor vehicles to information technology and telecommunications products and services. As an organization within FAS, ITS provides access to a wide range of commercial and custom IT products, services and solutions.
Mr. Johnson is a federal IT procurement professional, program leader, and strategist. His specialties include IT Procurement, IT Leadership, IT Governance, and IT Strategy. Along with his leadership of the Enterprise Mobility Program, which includes GSA’s Wireless Federal Strategic Sourcing Initiative and the Managed Mobility Program, he was a key contributor to the Mobile Technology Tiger Team that developed tougher security requirements.
Mr. Johnson led the effort to complete Action Item 5.5 on the Federal Chief Information Officer’s (CIO’s) Digital Government Strategy, which required GSA to set up a government-wide mobile device management program, and has worked on procurement projects and programs related to the Federal Cloud Computing Initiative and Federal IT Shared Services Strategy.
Joshua Franklin, Information Security Engineer, National Institute of Standards and Technology
Joshua Franklin is a cybersecurity practitioner at the National Institute of Standards and Technology (NIST) focusing on mobile security, cellular security, and electronic voting. Joshua leads the Mobile Security Program at the National Cybersecurity Center of Excellence (NCCoE), and the Mobile Data and Application Isolation research intended to secure mobile devices used by first responders.
Johnny Overcast, Director of Government Sales, Samsung Electronics America
Mr. Johnny Overcast, Director of Government Sales, Samsung Electronics America, is responsible for Samsung device and solutions sales in the US Public Sector segment. Johnny is a graduate of the University of Maryland and has spent the past 21 years in the wireless and technology arena. He spent several years at Bell Atlantic Mobile (now Verizon), SkyTel, and then AT&T Government Solutions before joining Samsung. Johnny lives with his wife and three children in Ellicott City, Maryland.