Professional Documents
Culture Documents
MEMORANDUM
Executive Committee
September 8, 2008
Executive Chair
FROM: Karen S. Evans, Director
Clay Johnson
CIO Council
Director
and
Karen S. Evans
David M. Wennergren, Vice Chair
Vice Chair
CIO Council
David M. Wennergren
This paper provides a starting point for each Federal agency to tailor to meet their own
individual needs, based on their own technological maturity and risk assessment.
www.cio.gov
ciocouncil.support@gsa.gov
Federal CIO Council
Practical Tips for Use of Personal Electronic Devices
During Foreign Travel
Preamble: This paper provides a starting point for each Federal agency to tailor to
meet their own individual needs, based on their own technological maturity and risk
assessment.
Introduction
Government personnel are increasingly relying on personal electronic devices, like the
BlackBerry, to remain connected while working outside their normal office environment.
However, as with all wireless devices, as usage increases, the risks to the
communications and information these devices support also increase. This is
particularly true for personnel as they travel overseas where their devices may well
become the subject of targeted attacks as part of organized industrial or government
espionage efforts. A compromised wireless device could potentially allow a person with
malicious intent to enable any of the device’s functions, access all of the data that it
contains, and compromise any network or computer to which the device is later
connected. While classified information or communications would not be at risk, United
States national interests may be harmed if sensitive information (including Controlled
Unclassified Information) is obtained by adversaries. Applying the best practices listed
below will help individuals avoid common mistakes when traveling abroad, but may not
stop a determined adversary.
Secure use of wireless devices is a critical responsibility for the CIO community. Use of
key behavioral and technical Information Assurance (IA) controls may minimize the risks
associated with wireless communications. Behavioral controls are generally applicable
regardless of the specific device used. However, technical solutions will vary depending
on the specific configuration and architecture of the device in use. Since the BlackBerry
is currently the primary “smart phone” used by the Government, this discussion of
technical factors will focus on best practices in the BlackBerry Enterprise Server (BES)
environment. The issues identified below are best practices related to government
issued hardware, however many apply to personally owned mobile and smart phones
as well.
Behavioral Factors
Behavioral factors to consider may be divided into pre-travel, on-travel, and post-travel
actions.
Before travel:
While on travel:
9 If equipped and enabled, use digital signature and encryption capabilities for an
additional layer of protection ensuring the confidentiality, integrity, and non-
repudiation of sensitive information. In support of Homeland Security
Presidential Directive 12 (HSPD-12), RIM has developed a BlackBerry smart
card reader which interfaces with Personal Identity Verification (PIV)-compliant
smart cards through an encrypted Bluetooth communications link.
9 It may be best in some instances to operate as if your BlackBerry has been
compromised and your transmissions are being monitored, although this may not
be the case. This perspective will keep security and confidentiality of information
fresh in mind.
9 Explore the possibility for use of alternate communication methods, if there are
strong concerns about the confidentiality of email content or phone
conversations.
9 Maintain high personal awareness to prevent BlackBerry theft or pick-pocketing.
9 Maintaining personal control over your BlackBerry is the only way to ensure it is
not physically compromised or tampered with. Locking it in a hotel safe or other
secure location may prevent theft, but be aware that hotel personnel may have
access to safes in some countries. Do not leave it in unattended or public areas
including hotel rooms, vehicles, or conference/convention halls.
9 If you are attending meetings or visiting a secured location, surrender your
BlackBerry only when required. Before handing it over or depositing it in a
temporary storage location, first turn the device off and then remove and keep
the battery and SIM card (if applicable). Upon return of your device, inspect it for
any obvious signs of tampering before replacing the battery and powering it on.
9 Be aware of your environment when using your BlackBerry to prevent
eavesdropping or shoulder surfing.
9 Be aware of rapidly draining battery power or unexplained power loss, as these
can be caused by remote use of system components, such as microphones and
recorders, on a hijacked device. It is important to note that rapid battery loss can
be caused by other environmental factors including weak signal and roaming.
9 If your device is lost or stolen, notify your home organization so that the device
may be deactivated and remotely wiped, and then contact the local US
embassy/consulate.
9 If the device contains Personally Identifiable Information (PII) and a known or
suspected compromise of the device/information has occurred, follow your
agency reporting policy.
9 Do not use unknown computers for charging your BlackBerry via USB cable.
Carry your wall charger instead.
9 Do not open suspicious email messages or attachments, as they could contain
malicious software (malware).
9 Do not use Bluetooth capabilities other than for the smart card reader. Bluetooth
communications can inadvertently provide an adversary access to your
information or communications.
9 If required to surrender your BlackBerry for inspection at customs or border
crossings, avoid disclosing any passwords used for encryption or access control.
Prior to reaching checkpoints or inspection locations, remove your battery and
SIM card and store them separately.
9 If possible, remove and secure the battery to deny remote administration,
although some host country customs services will insist that the Blackberry be
activated to confirm it is a legitimate device.
9 Do not connect to free wi-fi hotspots, as they are often subverted by adversaries.
9 Be aware that some Blackberries and communications providers have built in
capabilities which, if enabled, may be used for tracking or locating individuals.
The Blackberry Enterprise Server (BES) environment provides the system administrator
with significant control over the deployed devices’ security posture. Ideally, the BES
configuration is covered by an enterprise policy and enforced throughout the enterprise
uniformly even if multiple servers and domains are utilized. The Security and Technical
Implementation Guide (STIG) is the framework around which DoD bases its BlackBerry
security posture. Additionally, the National Institute of Standards and Technology is
currently preparing Special Publication 800-124 “Guidelines on Cell Phone and PDA
Security (Draft).” Below are examples of BES configuration settings to consider in the
process of establishing a BES IT Policy. These settings can be used to generally
increase BlackBerry security, but are especially helpful when traveling abroad.
Another factor to consider is ensuring that the operating system for BlackBerry
handhelds and Blackberry Enterprise Servers are kept current. More recent versions of
the BlackBerry operating system provide greater levels of device control and include
stronger levels of encryption for device content and communications.