Mobile devices and OPSEC
By Jack White, DLA Intelligence Columbus
/ Published April 16, 2019
COLUMBUS, Ohio --
Mobile devices are being introduced into the Department of Defense at an astonishing rate.
The Defense Logistics Agency defines mobile devices as a wireless-enabled portable device. These include but are not limited to iPhones, iPads and tablets.
This fast paced integration has caused a paradigm shift to occur within DOD and DLA. Our adversaries target these types of devices because they can process information with the same capabilities as a computer.
To combat this, DLA has established policy with the issuance of DLAI 8130.01 Mobile Device Management. The policy covers DLA military, civilian and contractor personnel.
It prohibits users from processing sensitive information, also known as “For Official Use Only”, Privacy Act Information or critical information, on a mobile device unless the device has been configured to send and receive encrypted information.
This is achieved by enabling the Public Key Infrastructure. Users are advised to process limited amounts of sensitive information and to delete the files when no longer needed.
Information operations accomplishes the PKI requirement through their provisioning process with every iPhone that is issued. During the provisioning process, steps are taken to install customer’s encryption and signing certificates onto the phone using the Defense Information Systems Agency’s Purebred application. This allows DLA iPhone customers to sign and encrypt their messages to protect sensitive and personally identifiable information transmissions just as they would through Outlook on their computers.
From an operations security perspective, mobile devices have the potential to be the largest vulnerability in the average users’ life.
Without proper security settings and general OPSEC considerations, your mobile devices are little more than a well-organized beacon of critical and sensitive information.
Remember cell phones, cordless phones and land lines can all be compromised. Censor what you discuss on an unsecured line. You never know who’s listening!