Mobile devices can leave you open to cyber attacks

Monday - 6/21/2010, 3:48pm EDT

Gregory McNulty, vice president of Federal System and Business Development, Mocana Corp.

Click to hear the interview

Download mp3

We've seen iPhones . . . and iPads . . . but many experts say that we haven't seen anything yet.

Increasingly, all sorts of devices will be Internet-enabled, and they will be looking to connect and communicate.

So . . . how do you keep your network secure?

Gregory McNulty is the vice president of Federal System and Business Development for Mocana Corp., which just earned the government's first FIPS 140-2 level one validation for an encryption product running on the Apple iPhone or iPad.

He says the working world needs to get used to worrying about the security of its mobile devices.

"We're seeing, in fact, that PCs aren't the dominant form of computing anymore, and everything's becoming connected. There's lots of reasons [as to] why these things are happening. . . . Our focus is on securing those Internet devices that are web-enabled."

On the whole, he says, the field is growing.

"We're seeing a whole explosion in complexity for a lot of reasons. One is the volume of these devices are increasing significantly. The diversity of the devices is increasing. We're finding more of these devices are using open source, which [can] have a lot of security flaws in it. . . . Another contributing factor is the 'always on' and wireless connect activities are increasing, as well as the convergence of voice, video and data."

Their overall goal, he adds, is to ensure the devices are well protected.

They're also working on a cloud solution to protect these smartphones and other pieces of technology.

"So, as more of these devices become deployed out in the field, there needs to be an encrypted, cloud-based service that can manage these devices. So, if somebody loses an iPad, for example, and it's a State Department employee and it has the high level of encryption that we provide, we would be able to provide a service [where] they would be able to do a remote wipe and wipe all of the data that is on the device. So, we're moving from protecting not only the devices themselves, but being able to manage those devices from a cloud service."

And they practice, too, just to make sure their solutions work.

"We've had Black Hat people try to hack into our code. We went through certifications with government agencies, so we've got a very strong solution. People are getting crafty about hacking into devices, and some of them are doing it for the joy of doing it and, in some cases, [because] they believe that the public should know about these vulnerabilities do exist. You get hobbyists, you get hacktivists, you get foreign governments."

He says just looking at how much malware has been introduced to mobile devices alone is enough to make one raise an eyebrow.

"From 2005 to 2008, 3,000 new pieces of malware are introduced into the Internet every hour, and the number of attacks have increased 975 percent. That's reported by mobile operators. What's not reported, you can imagine, is a lot more."

Email the author of this post at dramienski@federalnewsradio.com

Read more about cloud computing in the federal space at the Fed Cloud Blog.

Check out all of Federal News Radio's coverage of cybersecurity issues here.