November 6, 2023 at 05:41PM
The US Department of Homeland Security Office of the Inspector General conducted an audit of equipment managed by Immigration and Customs Enforcement (ICE) and found lax mobile device security practices. The audit identified mobile device management issues that put ICE devices and sensitive data at risk of espionage and attacks. Thousands of unauthorized applications were found on ICE-managed devices, including those developed by banned companies and third-party file sharing services. These apps potentially compromised ICE’s operations and the Department of Homeland Security as a whole. ICE has taken some steps to improve device security but still needs to address the risks associated with unauthorized applications.
According to the meeting notes, the US Department of Homeland Security Office of the Inspector General conducted an audit of equipment managed by Immigration and Customs Enforcement (ICE) and their IT policies. The audit found mobile device management issues that potentially put ICE mobile devices and sensitive data at risk of espionage, leaks, and attacks from viruses. Thousands of applications were found on ICE-managed devices, including third-party file sharing services, outdated messaging platforms, and apps developed by companies banned from US government IT systems. The report mentioned concerns about apps associated with China and Russia, which could collect and distribute sensitive information stored on the devices. ICE did not monitor these user-installed applications, considering them to be personal apps. However, ICE has implemented some of the auditors’ recommendations to boost device security, such as blocking prohibited apps and updating their mobile device use policy. The Department of Homeland Security disagreed with the inspector general’s audit findings, stating that ICE security controls have reduced the risk to federal mobile devices and their sensitive information. However, the report concludes that ICE still needs to fully address the risks associated with user-installed applications.