Protecting Government Agencies From Mobile Threats: A Guide

If you work for (or alongside) the United States government, then threat actors want your sensitive data. In 2023, federal agencies fell victim to 11 major cybersecurity incidents, with threats continuing to evolve well into 2024. Safeguarding federal and critical infrastructure organizations requires a modern cybersecurity framework. In today’s mobile-enabled workplaces, that means extending your data protection strategy to wherever devices are being used.

Compared to desktop computers, mobile devices represent a significant vector for potential cyber attacks. Phones and tablets may contain sensitive data — and if they don’t, they can usually access that data via cloud applications. These gadgets are prime targets for phishing and other forms of social engineering. 

However, securing government data on mobile devices is simpler now than it used to be. Over the past decade, U.S. agencies have implemented consistent strategies and standards for storing, modifying, and transferring digital data. Following government recommendations like CISA’s Mobile Communications Best Practice Guidance and complying with federal standards can help keep mission-critical data safe, regardless of location.

Use AI to combat APTs

While garden-variety cybercriminals generally want money, those who target government agencies may be out to destabilize democratic institutions. Rather than simple phishing scams, these threat actors leverage advanced persistent threats (APTs). Using these tools and techniques, attackers can establish a long-term presence in government systems and go undetected indefinitely. APTs may employ custom malware packages, sophisticated social engineering techniques, or zero-day vulnerability exploits. A threat actor could even get a job at a targeted agency and feed information back to a larger network.

Mobile devices are a tried-and-true vector for APTs from foreign governments. Consider the Pegasus spyware, which may have played a role in the 2018 assassination of Saudi journalist Jamal Khashoggi. More recently, the Salt Typhoon spyware may have leveraged U.S. cellular networks to funnel sensitive information to the Chinese government.

To combat these threats, the federal government has recommended artificial intelligence (AI) as a critical infrastructure protection tool. Using machine learning (ML) algorithms, AI tools can sift through threat intelligence databases, analyze user behavior, and evaluate device security risks quickly and effectively. From there, an IT administrator can quarantine or oust potential intruders before a data breach occurs.

The federal government’s latest AI initiative came in the form of an executive order, creating a roadmap for changes to innovation and advisory structures, for both public and private sectors, as technology evolves in the near future. 

For more information, read Detecting APT Threats on Government Devices: Insights into Federal Cyber AI Strategies.

Comply with FedRAMP requirements

The Federal Risk and Authorization Management Program (FedRAMP) evaluates cloud apps that handle unclassified government data. When FedRAMP approves a program, any national government agency or third-party contractor can safely use that tool to store and transmit sensitive data. Many different useful apps are available, from the Lookout Security Platform to Microsoft Office. As of 2022, the U.S. requires all federal agencies to be FedRAMP-compliant.

Using FedRAMP-approved tools is a convenient way to improve your organization’s critical infrastructure security. Because the standards are the same for every government agency, administrators never need to replicate their work when sharing information with new partners. Authorized users don’t need to request additional permissions or undergo tedious security checks.

FedRAMP’s cybersecurity requirements are also exacting, designed to safeguard each document’s confidentiality, integrity, and availability. Every tool in the FedRAMP Marketplace has to undergo a rigorous screening process before it receives authorization. 

Mobile devices are common targets for threat actors who employ SMS phishing and SSO credential theft campaigns because the devices provide the keys to access sensitive cloud data. Using a FedRAMP-authorized mobile threat defense solution allows agencies to meet the highest standards of detecting and responding to mobile device threats.

Since researchers discover hundreds of new vulnerabilities in Android and iOS every year, consider keeping data in compliant cloud locations rather than device storage. You could also implement a security service edge (SSE) solution to help spot and restrict suspicious login attempts, regardless of a user’s location or device.

Check out Navigating FedRAMP Compliance: Why It’s Crucial for Mobile Security for more details about FedRAMP requirements.

Learn from the MITRE ATT&CK framework

Threat actors are constantly refining their tactics, techniques, and procedures (TTPs) to infiltrate government organizations. Learning about those TTPs is an excellent way to develop countermeasures for your organization. The MITRE ATT&CK framework is an online database that details hundreds of different cyber attack strategies, from the common (password spraying) to the obscure (VDSO hijacking).

(MITRE is a nonprofit security research center, although the acronym doesn’t stand for anything. ATT&CK means “Adversarial Tactics, Techniques & Common Knowledge.”)

Using the MITRE ATT&CK framework can help improve four critical infrastructure strategies:

• Defense planning: The MITRE ATT&CK database receives frequent updates about real-world threats. This information lets your security team know which cyber attacks they’re likely to encounter in the near future.
• Threat hunting: While automatic threat detection follows pre-established patterns, security administrators can catch infiltrators who use novel techniques. By following attack patterns over time, you can predict how threat actors’ schemes might evolve.
• Simulated attacks: A simulated cyber attack won’t do your organization much good if it’s based on outdated tactics. Knowing the latest cyber attack strategies lets you craft more realistic simulations.
• Communications and forensics: One advantage of having a large, publicly accessible database is that it standardizes the language around common cyber attacks. This lets agencies collaborate more efficiently, whether they’re building prophylactic defenses or investigating past incidents.

Another useful feature of the MITRE ATT&CK framework is that it outlines how each threat fits into the modern kill chain. This process describes how threat actors steal sensitive data, from initial research all the way through ransoming or destroying critical systems. The modern kill chain often starts with phishing, which is easiest to pull off on mobile devices.

Read What Is the MITRE ATT&CK Framework? Mapping to Today's Defensive Controls to learn how the database relates to similar government initiatives.

Adopt CDM Program standards

The U.S. government implemented the Continuous Diagnostics and Monitoring (CDM) Program in 2012. This program, now part of the Cybersecurity & Infrastructure Security Agency (CISA), sets cybersecurity standards for all federal agencies, with the ultimate goal of providing “risk-based, consistent, and cost-effective cybersecurity solutions.” While the specifications vary from department to department, the CDM Program generally requires zero trust principles. These require users to constantly and consistently prove their identities — even if they supply correct usernames and passwords.

Each federal agency has a dedicated CDM Dashboard, which gathers and displays relevant cybersecurity information. CISA has provided a comprehensive CDM Agency Dashboard course for administrators who want to learn more about the program.

As of 2021, the CDM Program also has specific objectives for mobile security. CISA now works more closely with the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence to research threats, test apps, and standardize regulations. Complying with CDM Program regulations offers better protection for your organization’s mobile devices.

To learn more about how the CDM Program applies to different federal agencies, check out How the CDM Program Strengthens Federal Cyber Resilience.

Safeguard government data with mobile endpoint security

From military operations to election security, government agencies protect the nation’s critical infrastructure from both foreign and domestic threat actors. To see how mobile devices fit into your larger cybersecurity framework, read the Lookout playbook How to Manage Risk at the Mobile Endpoint. In it, you’ll learn how mobile endpoint security safeguards government data through zero trust principles, dynamic policy enforcement, and legal compliance.