[LINK] US Defence ordered to evaluate mobile device cybersecurity

[Stephen Loosley]

`

U.S. DOD ordered to evaluate mobile device cybersecurity in 2025 defense 
bill

The evaluations would include basic tools like virtual private networks 
that encrypt connections when browsing the web.

By David DiMolfetta,Cybersecurity Reporter, Nextgov MAY 14, 2024
https://www.nextgov.com/defense/2024/05/dod-ordered-evaluate-mobile-device-cybersecurity-2025-defense-bill/396557/



The U.S. Department of Defense may soon conduct a broad assessment into 
the cybersecurity of internal mobile devices used by service-members and 
analysts, under a provision of a sweeping must-pass defense policy 
package due by the end of the year.

Draft text of the 2025 National Defense Authorization Act includes a 
measure requiring the Secretary of Defense to assess products and 
services available to DOD that can help the U.S. armed forces and 
national security entity secure mobile devices used by its hundreds of 
thousands of staff.

It directs the evaluation to consider anonymizing technologies like 
dynamic selector rotation, a technical protocol that allows location 
identifiers like IP addresses to be regularly switched out at certain 
time intervals to prevent cyberspies from latching onto a specific device.

It would also weigh more basic tools like on-device virtual private 
networks that encrypt internet traffic over a connection, a mechanism 
used frequently by everyday people to protect themselves when browsing 
online.

If adopted in the final version of the defense bill, the DOD would have 
around nine months to submit its findings to Congress. The evaluation 
would need to include a timeline to implement the technologies.

Officials, think tanks and academics are increasingly concerned about 
how malicious actors could tether themselves to mobile devices and use 
them to track the locations of servicemembers or other national security 
officials.

A 2023 oversight report said the Defense Department “does not have a 
comprehensive mobile device and mobile application policy” and that the 
device security programs available to the armed forces “also vary widely 
in the operational and cybersecurity risk they pose to the DOD.”

More broadly, the FCC is trying to reduce vulnerabilities in the 
Signaling System No. 7 — or SS7 — protocol, as well as the Diameter 
protocol, a pair of wireless signal functionalities that enable phone 
communications to travel across different network layers uninterrupted 
but have have frequently made headlines for flaws that could potentially 
let hackers tap into Americans’ conversations.

The State Department has been making acute efforts to reduce the 
proliferation of spyware tools that have been planted on officials’ 
devices by governments around the world to quietly track their location 
and siphon communications.

DOD device security drew renewed interest last year when the Pentagon 
issued a directive to ban TikTok on staff devices amid concerns that the 
China-linked app was transferring sensitive user data back to Beijing, 
as part of a broader effort taken by the U.S. to scrutinize and 
potentially jettison the app altogether.

--