Inside the Department of Transportation’s Cybersecurity Ecosystem
Comprising dozens of sub-agencies, the Department of Transportation makes protecting its digital information and networks a priority. Jim Ward, Executive Account Manager supporting the US Department of Transportation and other Federal Government Civilian Agencies shares his insights on the use of mobile devices and the need to utilize enterprise mobile devices with proper security.
When the Department of Transportation’s inspector general revealed the agency’s top management challenges in a report last year, cybersecurity made the list, with key focuses including standardizing cybersecurity processes to manage enterprise-wide risk; increasing network visibility to prevent and respond to security incidents; and the resolution of longstanding security weaknesses to strengthen IT infrastructure.
According to MeriTalk, the IG’s report noted that 71 DOT systems at eight operating centers were not authorized to operate by a senior official as required, and that DOT lacked an effective process for Operating Administrations to assess, authorize, and monitor common security controls that support multiple information systems. “This inconsistent implementation of processes throughout the department,” the IG concluded, “exposes it to increased and undetected cybersecurity risks.”
Empowering Employees and Streamlining Operations
As a very large agency comprised of sub-agencies like the Federal Aviation Administration (FAA), the Federal Motor Carrier Safety Administration (FMCSA), the Federal Railroad Administration (FRA), and the National Highway Traffic Safety Association (NHTSA), the DOT relies on mobility to streamline its operations, empower its employees, and improve efficiency. And while mobility is critical to government productivity, mobile data and devices alike present attractive targets to cybercriminals seeking to exploit vulnerabilities across the spectrum.
“Agencies like DOT can’t afford to ignore the growing security risk of mobile devices.” said Jim Ward, Federal Named Account Manager, Panasonic. “When devices don’t receive the necessary protection, it introduces substantial risks to an organization’s data, the efficiency of its mission, and the privacy and wellbeing of its people.”
Unprotected devices, for example, can expose agency proprietary data, undermining the trust that citizens have in government services and creating negative publicity that can take years to recover from. And while government agencies like DOT have strict security standards, a recent Government Business Council (GBC) poll of federal employees suggests that 39% of respondents lack confidence in their mobile devices’ security.
That lack of confidence is warranted. The average cost of a data breach in 2018 was $3.86 million. Approximately three out of every four federal employees surveyed in 2017 admitted to downloading unauthorized mobile apps to their work-issued mobile device in violation of organizational policy. Also that year, just 54% of agencies required employees to lock devices with a PIN or a password.
Unlike desktops and office-based laptops that agencies have constrained, locked down, and made less vulnerable based on years of experience, many of their mobile devices remain vulnerable to attacks. “And because federal and contractor employees carry smartphones and tablets around almost wherever they go,” Federal News Network reports, “the hackers, nation states, and other adversaries see them as an avenue to steal data.”
Even as the DOT and other federal agencies work to secure mobile device usage, the environment “remains complex and in need of better ways to secure and manage data, apps, and devices,” Federal News Network points out. When sharing crash investigation data, gathering field data from ground radar equipment, or doing infrastructure planning, for example, the FAA not only collaborates and shares data using mobile technology with multiple DOT sub-agencies, but also with those agencies’ contractors.
DOT is also in charge of the nation’s highways and byways, where connected infrastructures rely on devices and a smart transportation system. When working in all types of conditions out in the field, its workers need highly secured, rugged mobile devices to do their jobs. “These are just a few examples,” says Ward, “of the types and sheer volumes of information that are passing in and out of DOT as a whole,” said Ward.
A Multi-Layered Cybersecurity Approach
Whether data is on the move—via laptops, tablets, mobile broadband, and Wi-Fi networks—or at rest, securing sensitive government information is essential. Purposely built to meet the environmental, workflow, and security needs of enterprise mobility customers, Panasonic TOUGHBOOK mobile laptops, tablets, and handheld computers all include various enterprise-level security features. These features help federal agencies address their data security, device access privileges, network connectivity, and security needs in a number of ways:
- Basic data access security for mobile devices. In general, strong PINs, password complexity, and auto-lock timeouts on mobile devices offer the first defense against unauthorized mobile data access.
- Mobile device access privileges. A number of internal and external controls beyond software and hardware encryption exist to provide additional device protection.
- Mobile device security. To ensure a highly secure level for mobile devices, agencies can also use mobile device management (MDM), asset tracking, BIOS-embedded agents, and lock slots that are integrated into the hardware and help ensure physical device security.
- Asset tracking. Integrated with an MDM solution, mobile-based asset tracking provides real-time updates on the location, condition, and physical custody of a particular piece of equipment.
As the number of mobile devices being placed in DOT employees’ hands continues to proliferate, the need for enhanced security will increase exponentially. Agencies that understand the risks and protocols involved with protecting mobile devices will be better equipped to ward off potential threats. They will also promote safe usage practices among employees and contractors which, as the number of mobile devices continues to grow, will be in everyone’s best interest going forward.
Recognizing that security of agency and citizen data requires a multi-layered approach, Panasonic offers highly secure, reliable, and configurable rugged mobile computing for government workers. To learn more, stop by our table at the US DOT Cybersecurity Summit May 21-22 in Washington, DC.