AusCERT2012: ACT targets staff jailbreaks

Powered by SC Magazine
 

Personal data nuked.

The ACT Government has deployed a platform to lock down government staff smartphones and tablets while operating over the local network.

The no-holds-barred approach to personal devices would see security bypass methods such as jailbreaks, rooting and other disallowed security features banned while using local wi-fi and LAN networks.

Staff who voluntarily sign up to use their personal devices on the corporate network and then attempt a jailbreak would find their devices erased by a “silver bullet” fired from the government's central IT office.

“We will blow your personal information away if you jailbreak or root; personal data, the lot” said Peter Major, the ACT Government's senior manager of IT security.

The service would be compatible with phones and tablets running Windows Phone, Apple's iOS and Google Android, but not BlackBerry or Nokia devices, which Major described as "dying" and "dead" platforms respectively.

Major said it was his long-term personal vision that students and teachers be able to access educational resources in a secure manner.

“Take off your pointed hats, get off your broomsticks and find out what the business wants, what works,” he told delegates at the AusCERT 2012 conference on the Gold Coast last week.

The initiative began deployment to administrative staff within the territory's education department, state bureaucrats and politicians in 2010. Government users are required to sign up to the service in order to use personal devices over the local network.

The government aimed to conform monitored personal devices to centralised mobile policies and security arrangements.

Some government users could opt to use corporate-issued devices, depending on their role.

“Others might get old Nokias, whatever is appropriate,” Major said. 

Crippled iPads

Cabinet ministers are also afforded access to agency-issued iPads to cut down on paper use, with each device controlled by the government's mobile device management service.

The devices are signed over to the user for a limited time, loaded with materials, then later handed back to be erased.

Staff using the system had to sign privacy waivers because personal information could be monitored along with the device's security. Agencies need to seek user approval to be able to take disciplinary action based on information gleaned from devices.

Major said the security controls, approved by the Defence Signals Directorate, minimised functionality and effectively turned the agency iPads into Amazon Kindles.

The state IT shop ran a pilot with ministers and bureaucrats to gain executive support for the project.

This was effective, Major said, because it allowed the IT department to “push the policies through the gods first” and avoid the risk of executives pouring cold water on the policy later.

The government had developed an application blacklist for mobile devices that was initially compiled from the corporate network. There was currently no way to control consumer cloud services like DropBox and iCloud, which he described as “scary”.

Copyright © SC Magazine, Australia


AusCERT2012: ACT targets staff jailbreaks
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  24%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 271

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  61%
 
No
  39%
TOTAL VOTES: 85

Vote