Federal Chief Information Officers Council

MEMORANDUM

Executive Committee
September 8, 2008

Executive Chair
FROM: Karen S. Evans, Director
Clay Johnson
CIO Council
Director
and
Karen S. Evans
David M. Wennergren, Vice Chair
Vice Chair
CIO Council
David M. Wennergren

Architecture & Infrastructure TO: CIO Council Members

Committee Co-Chairs
Michael W. Carleton Subject: Practical Tips for the Use of Personal Electronic Devices
Molly A. O’Neill When Conducting Foreign Travel
Best Practices Committee
Co-Chairs
Casey Coleman
Susan H. Swart Government personnel are increasingly relying on personal electronic devices to remain
connected while working outside their normal office environment. However, as with all
IT Workforce Committee
Co-Chairs
wireless devices, as usage increases, the risks to the communications and information
Janet L. Barnes these devices support also increase. This is particularly true for personnel as they travel
Christine H. Liu overseas where their devices may well become the subject of targeted attacks as part of
organized industrial or government espionage efforts. A compromised wireless device
Security & Identity could potentially allow a person with malicious intent to enable any of the device’s
Management Committee
Co-Chairs
functions, access all of the data that it contains, and compromise any network or computer
Robert Carey to which the device is later connected. While classified information or communications
Vance Hitch would not be at risk, United States national interests may be harmed if sensitive
information (including Controlled Unclassified Information) is obtained by adversaries.
Section 508 Liaison Applying the best practices in the attached paper will help individuals avoid common
Craig Luigart mistakes when traveling abroad, but may not stop a determined adversary.

This paper provides a starting point for each Federal agency to tailor to meet their own
individual needs, based on their own technological maturity and risk assessment.

It will be posted on CIO.gov.

www.cio.gov
ciocouncil.support@gsa.gov
 Federal CIO Council
Practical Tips for Use of Personal Electronic Devices
During Foreign Travel

Preamble: This paper provides a starting point for each Federal agency to tailor to
meet their own individual needs, based on their own technological maturity and risk
assessment.

Introduction

Government personnel are increasingly relying on personal electronic devices, like the
BlackBerry, to remain connected while working outside their normal office environment.
However, as with all wireless devices, as usage increases, the risks to the
communications and information these devices support also increase. This is
particularly true for personnel as they travel overseas where their devices may well
become the subject of targeted attacks as part of organized industrial or government
espionage efforts. A compromised wireless device could potentially allow a person with
malicious intent to enable any of the device’s functions, access all of the data that it
contains, and compromise any network or computer to which the device is later
connected. While classified information or communications would not be at risk, United
States national interests may be harmed if sensitive information (including Controlled
Unclassified Information) is obtained by adversaries. Applying the best practices listed
below will help individuals avoid common mistakes when traveling abroad, but may not
stop a determined adversary.

Secure use of wireless devices is a critical responsibility for the CIO community. Use of
key behavioral and technical Information Assurance (IA) controls may minimize the risks
associated with wireless communications. Behavioral controls are generally applicable
regardless of the specific device used. However, technical solutions will vary depending
on the specific configuration and architecture of the device in use. Since the BlackBerry
is currently the primary “smart phone” used by the Government, this discussion of
technical factors will focus on best practices in the BlackBerry Enterprise Server (BES)
environment. The issues identified below are best practices related to government
issued hardware, however many apply to personally owned mobile and smart phones
as well.

Behavioral Factors

Behavioral factors to consider may be divided into pre-travel, on-travel, and post-travel
actions.

Before travel:

9 Determine if BlackBerry access is an essential requirement for accomplishing

either your travel mission or your home organization’s mission in your absence.
 Consider leaving your BlackBerry behind unless the impact to your mission
outweighs the impact of potential loss or compromise of data.
9 Ensure you have received security-focused training for your specific wireless
device.
9 Contact your agency security officer to obtain current guidance on BlackBerry-
specific or general IT espionage activity, and request their assessment of the
potential risk for data collection attempts. Additionally, seek travel guidance and
security warnings/alerts from local security officials, the State Department
website (www.travel.state.gov), and the Customs and Border Protection website
(www.cbp.gov).
9 Consider taking a backup or loaner device to minimize the potential for data
compromise or damage from infection of the device by malicious code.
9 Clear your device of all data and information except that which you will need
while on travel. Backup all other data and information offline and leave it behind.
Note: Data that is synchronized over the air may be repopulated unless stored
temporarily in an offline .pst which is not marked for synchronization.
9 Do not transport your BlackBerry in your “checked” baggage, as it may be stolen,
scanned, or have its contents duplicated without your knowledge. Only
authorized users or officials should have access to your device.
9 Verify that your BlackBerry and communications provider have coverage in your
destination country. You may need to upgrade your device or coverage plan to
include foreign countries.

While on travel:

9 If equipped and enabled, use digital signature and encryption capabilities for an
additional layer of protection ensuring the confidentiality, integrity, and non-
repudiation of sensitive information. In support of Homeland Security
Presidential Directive 12 (HSPD-12), RIM has developed a BlackBerry smart
card reader which interfaces with Personal Identity Verification (PIV)-compliant
smart cards through an encrypted Bluetooth communications link.
9 It may be best in some instances to operate as if your BlackBerry has been
compromised and your transmissions are being monitored, although this may not
be the case. This perspective will keep security and confidentiality of information
fresh in mind.
9 Explore the possibility for use of alternate communication methods, if there are
strong concerns about the confidentiality of email content or phone
conversations.
9 Maintain high personal awareness to prevent BlackBerry theft or pick-pocketing.
9 Maintaining personal control over your BlackBerry is the only way to ensure it is
not physically compromised or tampered with. Locking it in a hotel safe or other
secure location may prevent theft, but be aware that hotel personnel may have
access to safes in some countries. Do not leave it in unattended or public areas
including hotel rooms, vehicles, or conference/convention halls.
9 If you are attending meetings or visiting a secured location, surrender your
BlackBerry only when required. Before handing it over or depositing it in a
 temporary storage location, first turn the device off and then remove and keep
the battery and SIM card (if applicable). Upon return of your device, inspect it for
any obvious signs of tampering before replacing the battery and powering it on.
9 Be aware of your environment when using your BlackBerry to prevent
eavesdropping or shoulder surfing.
9 Be aware of rapidly draining battery power or unexplained power loss, as these
can be caused by remote use of system components, such as microphones and
recorders, on a hijacked device. It is important to note that rapid battery loss can
be caused by other environmental factors including weak signal and roaming.
9 If your device is lost or stolen, notify your home organization so that the device
may be deactivated and remotely wiped, and then contact the local US
embassy/consulate.
9 If the device contains Personally Identifiable Information (PII) and a known or
suspected compromise of the device/information has occurred, follow your
agency reporting policy.
9 Do not use unknown computers for charging your BlackBerry via USB cable.
Carry your wall charger instead.
9 Do not open suspicious email messages or attachments, as they could contain
malicious software (malware).
9 Do not use Bluetooth capabilities other than for the smart card reader. Bluetooth
communications can inadvertently provide an adversary access to your
information or communications.
9 If required to surrender your BlackBerry for inspection at customs or border
crossings, avoid disclosing any passwords used for encryption or access control.
Prior to reaching checkpoints or inspection locations, remove your battery and
SIM card and store them separately.
9 If possible, remove and secure the battery to deny remote administration,
although some host country customs services will insist that the Blackberry be
activated to confirm it is a legitimate device.
9 Do not connect to free wi-fi hotspots, as they are often subverted by adversaries.
9 Be aware that some Blackberries and communications providers have built in
capabilities which, if enabled, may be used for tracking or locating individuals.

Upon returning from travel:

9 Before connecting to your workstation or network, if allowed by agency policy,

have your BlackBerry device scanned for malicious content or abnormal activity,
and replaced or re-imaged if necessary. Having your device re-imaged is best if
resources allow.
Technical Factors

The Blackberry Enterprise Server (BES) environment provides the system administrator
with significant control over the deployed devices’ security posture. Ideally, the BES
configuration is covered by an enterprise policy and enforced throughout the enterprise
uniformly even if multiple servers and domains are utilized. The Security and Technical
Implementation Guide (STIG) is the framework around which DoD bases its BlackBerry
security posture. Additionally, the National Institute of Standards and Technology is
currently preparing Special Publication 800-124 “Guidelines on Cell Phone and PDA
Security (Draft).” Below are examples of BES configuration settings to consider in the
process of establishing a BES IT Policy. These settings can be used to generally
increase BlackBerry security, but are especially helpful when traveling abroad.

9 Users should support Information Systems Security Officer (ISSO) requests to

periodically return the device to system managers for regular inventories and
random audits.
9 Content Protection, which when enabled uses encryption to ensure the
confidentiality of the contents of the BlackBerry.
9 Password Authentication for access control prevents unauthorized access to a
device’s contents if lost, stolen, or subject to attempted compromise. Use of
strong passwords should include a mix of upper and lower case characters,
special characters, numbers, and punctuation.
9 Device lock upon holstering or after a specific period of inactive use ensures that
a password be entered before the BlackBerry may be used again.
9 Device wipe after a specified number of failed password attempts will ensure that
the data stored on the BlackBerry is erased if the device is lost or stolen. This
data can typically be restored upon the next workstation synchronization.
9 Use 3DES encryption, at a minimum, to encrypt all communications between
your BlackBerry and the BES. Modification of the settings for communications
encryption to use a stronger FIPS 140-2 approved algorithm is generally
recommended to reduce the risk of your communications being compromised,
especially when communicating using a foreign cellular provider.
9 Modification of the “user installed application” settings can prevent installation of
unauthorized and potentially malicious applications.
9 Call “auto-answer” function should always be disabled.
9 Depending on the IT architecture, it may be necessary to install a firewall
between the BES and the internal email servers to mitigate/eliminate the effect of
a compromised BES. Also consider loading a host-based firewall on the BES.
9 If BlackBerry Desktop Manager is installed on user’s desktops, the Blackberry
Redirector should be disabled to prevent the redirection of BlackBerry messages
to smart phones and the circumvention of the BES.
9 Disable or apply appropriate mitigations when using Bluetooth technology.
9 Use an approved analysis tool to compare the device before and after a trip to
ensure it has not been modified during the trip and that only approved
applications are installed.
 9 Lost, compromised, or stolen devices should be immediately removed from the
BES and remotely wiped or “zeroized.”
9 Antivirus and other security products for wireless devices should be installed and
kept up to date when available.

Another factor to consider is ensuring that the operating system for BlackBerry
handhelds and Blackberry Enterprise Servers are kept current. More recent versions of
the BlackBerry operating system provide greater levels of device control and include
stronger levels of encryption for device content and communications.