AusCERT2012: ACT targets staff jailbreaks

Powered by SC Magazine
 

Personal data nuked.

The ACT Government has deployed a platform to lock down government staff smartphones and tablets while operating over the local network.

The no-holds-barred approach to personal devices would see security bypass methods such as jailbreaks, rooting and other disallowed security features banned while using local wi-fi and LAN networks.

Staff who voluntarily sign up to use their personal devices on the corporate network and then attempt a jailbreak would find their devices erased by a “silver bullet” fired from the government's central IT office.

“We will blow your personal information away if you jailbreak or root; personal data, the lot” said Peter Major, the ACT Government's senior manager of IT security.

The service would be compatible with phones and tablets running Windows Phone, Apple's iOS and Google Android, but not BlackBerry or Nokia devices, which Major described as "dying" and "dead" platforms respectively.

Major said it was his long-term personal vision that students and teachers be able to access educational resources in a secure manner.

“Take off your pointed hats, get off your broomsticks and find out what the business wants, what works,” he told delegates at the AusCERT 2012 conference on the Gold Coast last week.

The initiative began deployment to administrative staff within the territory's education department, state bureaucrats and politicians in 2010. Government users are required to sign up to the service in order to use personal devices over the local network.

The government aimed to conform monitored personal devices to centralised mobile policies and security arrangements.

Some government users could opt to use corporate-issued devices, depending on their role.

“Others might get old Nokias, whatever is appropriate,” Major said. 

Crippled iPads

Cabinet ministers are also afforded access to agency-issued iPads to cut down on paper use, with each device controlled by the government's mobile device management service.

The devices are signed over to the user for a limited time, loaded with materials, then later handed back to be erased.

Staff using the system had to sign privacy waivers because personal information could be monitored along with the device's security. Agencies need to seek user approval to be able to take disciplinary action based on information gleaned from devices.

Major said the security controls, approved by the Defence Signals Directorate, minimised functionality and effectively turned the agency iPads into Amazon Kindles.

The state IT shop ran a pilot with ministers and bureaucrats to gain executive support for the project.

This was effective, Major said, because it allowed the IT department to “push the policies through the gods first” and avoid the risk of executives pouring cold water on the policy later.

The government had developed an application blacklist for mobile devices that was initially compiled from the corporate network. There was currently no way to control consumer cloud services like DropBox and iCloud, which he described as “scary”.

Copyright © SC Magazine, Australia


AusCERT2012: ACT targets staff jailbreaks
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Telcos finally briefed on data retention details
Update: AGD offers list of data to be stored.
 
Qld Health hires short-term CIO, CTO
Ray Brown leaves after five years at IT helm.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  12%
TOTAL VOTES: 558

Vote