Whether deployed to steal ammo for political scandals or classified documents for military sabotage, a cyberattack on a mobile device with access to sensitive information is a matter of national security. And yet, mobile devices are often left out of the national security conversation. Obama’s recently implemented Cybersecurity National Action Plan makes no mention of mobile devices, and neither Trump nor Hillary have broached the subject during their respective campaigns. The cybersecurity landscape is rapidly evolving and a national cybersecurity plan that doesn’t address mobile security is outdated and dangerous.
Unlike a physical battlefield, enemies in cyberspace are anonymous, much more difficult to detect and can operate on miniscule budgets. While the devastating effects of a nuclear bomb or a terrorist attack on civilians are easily envisioned and feared by voters and policymakers alike, the theft of intellectual property or the infiltration of a government network are nuanced, often invisible and too technical for most voters to understand or care about. Whereas 9/11 and Pearl Harbor captured the nation’s attention and rallied Americans around the flag, cyberattacks simply don’t have the same effect.
Mobile devices specifically are subject to unique threats because of their size, always-on wireless connections, physical sensors (e.g. camera, microphone) and location services (e.g. GPS). In other words, your cell phone is a magic key for someone tracking your every move, every communiqué, every habit and interaction. Yet cybersecurity teams remain focused on desktop computers that are usually miles away from a user and don’t have nearly the same tracking capabilities. Government officials are no exception to these mobile security threats. Politicians and diplomats are constantly traveling and mobile devices make it easy to stay in touch with staff for real-time updates and to speak with constituents through social media channels. And as mobile device usage continues to skyrocket, so does mobile malware. A recent study found that traditional malware is actually falling as mobile malware is on the rise. And what’s at stake is more than embarrassing emails becoming public.
Made-for-battlefield apps, for example, can increase soldiers’ awareness of warzone surroundings, but can also compromise sensitive military information if subject to a cyberattack. Part of the issue is that the military is now getting its smart phones from the same carriers and manufacturers that serve civilians. But while civilian customers simply upgrade their phones when a patch is released, military users must wait until the Pentagon clears the fix, leaving critical information vulnerable as it goes through a long line of bureaucratic approvals. It’s taken decades for U.S. security policies to reflect an evolved digital threat landscape and we’re still not prepared to face the newest frontier of mobile malware.
Whether our next commander-in-chief is Hillary Clinton or Donald Trump, we’ll need more than just big promises during a debate to ensure mobile insecurity doesn’t leave the nation vulnerable to malicious attacks; these are some of the tangible ways the government can address the issue:
- Regulations and stricter standards to ensure that all government mobile devices are updated and capable of receiving security patches without delay
- Real-time threat detection in addition to containerization systems on all government smartphones to ensure rapid response capability
- Increased collaboration between government agencies and independent researchers who are finding never-before-seen vulnerabilities before they’ve been exploited in the wild
Mobile attacks are often intangible and invisible without detection, but the destruction they cause is very real. As mobile devices become the preferred targets of domestic and international hackers alike, mobile security needs to be a cornerstone of the government’s national security plan.