COMSEC/OPSEC waiting to happen!! :eek:

http://www.foxnews.com/tech/2013/04/06/us-army-threatened-by-rogue-iphones/

BMT

I don't get the threat. The mobile device won't ever connect to a secure server so "they" will (as if they don't already) get access to NIPR? :confused:

The article sort of plasters a variety of common issues, and just applies them to a device now carried in the pocket instead of the travel case. This type of potential threat will continue as long as walk isn't matched by talk (speaking of PEDs in general and commercial wide-area connections then plugged in and sync'd at the office). A failure of imagination leads to agencies playing catch-up implementing Data-At-Rest and "Road Warrior" training for dusty laptops - whew, got that box checked - without realizing the 'warriors' have already moved on to the next 'big' (smaller) thing.

Recall the draconian (and often system-breaking) knee-jerk response to USB devices - spiilage! oh, shit! ban all thumb drives! (Replace spillage with school shooting and thumb drive with gun & you'll get the drift.) What they should've done was just order up a few public hangings.

Higher piles of paperwork and hours devoted to audits to check on the audit and massive online training for the auditor don't fix bad behavior.

:rolleyes:

From our friends at "No Such Agency"

6.3 Risk Mitigations
6.3.1 User Equipment
Current commercial smartphones and their operating systems and applications do not yet provide all the security mechanisms and levels of assurance that are desired; however, by limiting initial use to voice and non-resident data applications (reducing the need to securely store data), shutting off unneeded processes and interfaces (reducing threat exposure), adding monitoring and control capability, and controlling the allowed connectivity, the risks can be managed at the User Equipment end.


HERE (http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_Vers_2_1.pdf)