>ghost protocol
>>13791310 /lB
>Bluetooth Side Effects
In a May 25 memo, Army CIO Raj G. Iyer laid out mandatory procedures
remote workers must use to mitigate leaks of official government information.
Theyapply to all military components, civilian employees and contractors.
https://gcn.com/articles/2021/05/27/army-iot-free-telework.aspx via @GCNtech
https://twitter.com/780thC/status/1398224707284054016
and
https://twitter.com/780thC/status/1398224752502886401
6:28 AM · May 28, 2021·Twitter Web App
SUBJECT:
Cybersecurity Requirements for Teleworkersin the Vicinity of Smart Internet of Things (IoT)
Applications and Devices (Army CIO):
Army reminds remote workers that in-home IoT devices pose security risks
https://gcn.com/articles/2021/05/27/army-iot-free-telework.aspx
By GCN Staff May 27, 2021
The Army wants to be sure teleworkers aren’t letting smart devices in their home listen in on any government work.
In a May 25 memo, Army CIO Raj G. Iyer laid out mandatory procedures remote workers must use to mitigate leaks
of official government information. They apply to all military components, civilian employees and contractors.
Effective immediately, the memo states, the remote work environment for all approved teleworkers must free of internet-of-things devices.
That includes more than 70 types of devices, from Bluetooth speakers, fitness trackers, smart kitchen appliances, TVs and gaming consoles
and home security systems.
The memo makes particular mention of personal home assistants – like Alexa and Siri -- from Amazon, Google, Microsoft, Apple and others.
If that’s not possible, teleworkers must remove from their workspaces all loT devices with an automated listening functions, such as smart TVs
and smart speakers. Additionally, teleworker should turn off personal smartphones or tablets their work area or disable the "audio" access function,
such as voice to text and automated assistants such as Siri.
“Personal home assistants capture and record good or bad conversations and activities within a home,” the memo states.
Powered-on digital assistants can be listening and recording conversations, and even accidently recorded background chatter
can include audio or images of critical unclassified information, personally identifiable information or Defense Department mission and operational data.
IoT-collected data from smart devices poses security and privacy risks, Iyer said.
Law enforcement can access it for investigations, as can marketers for promotions.
The service providers’ data can be hacked, and foreign intelligence services use connected devices to collect information for espionage, the memo says.
The devices can also be leveraged for a botnet, much like the Mirai malware that in 2016 hijacked unsecured IP-connected CCTV cameras and launched
a DDoS attack on an internet infrastructure company.
Teleworkers should be aware that these connected devices are less secure than conventional IT equipment, the memo states.
They often use default user names and passwords, and their connected nature offers adversaries a large attack surface.
Risks are not limited to remote workers.
Teleworkers’ connection to DOD networks may
“affect the security posture of DoD information systems and alter the information system's risk assessment that may then require the allocation
of additional security controls or the introduction of compensating controls to reduce risk to acceptable levels,” Iyer wrote.
“At a time when the majority of the workforce is remotely teleworking,
loT devices are an area of concern because it is likely that teleworkers use their personal devices,
while connected to DoD's networks for official business conversations, in the vicinity of a smart device or application
(e.g., Amazon's Alexa),” the memo states.
“For these reasons, teleworkers must incorporate strong cyber hygiene practices in their daily telework routine.”
czeKEK'T ^