When should feds use a burner phone abroad?
The Federal Chief Information Officers Council released new guidance on toting government-issued mobile phones and devices on foreign trips – and when to leave official gear at home.
Mobile phone security is a big deal for federal employees traveling abroad for work – especially when they're going into adversarial territory.
New guidance from the Federal Chief Information Officers Council is designed to educate feds on the risks and best practices for traveling outside of the continental United States with government furnished mobile devices like mobile phones, laptops and tablets.
The council's International Travel Guidance for Government Mobile Devices is meant to help government employees, contractors and detailees who use government mobile devices protect government data, back-end enterprise systems and the information of the user themselves when they travel.
For some, the risk is enough that the latest report recommends forgoing usual devices in favor of a burner phone.
"Foreign countries often leverage their security apparatus – especially airport security, customs, and connections to the tourism industry – to conduct physical attacks on mobile devices," the report reads.
One factor to consider is that in many foreign countries, governments have direct or proxy control over cellular infrastructure, giving another way to attack devices. Most mobile devices "by design" trust cell network signaling, the report says.
"Successful exploitation can allow adversaries to remotely activate microphones and cameras, geolocate and track specific devices, and steal the information processed by or stored on the device. A compromised device can also be used as a vector to attack connected enterprise networks."
The CIO Council's Federal Mobility Group was supported by the Departments of Education, Energy, Homeland Security, Interior, Justice and Treasury, as well as the General Services Administration and the National Space and Aeronautics Administration in producing the guidance. A draft version was first published for public comments in October 2021.
Although this guidance is meant for people who need unclassified, official government-issued commercial mobile devices outside the continental United States, it also has a piece of advice for high-profile top targets – burner phones.
"High-profile U.S. government personnel are top targets and if a mobile device is required while they are traveling overseas, they should carry or employ a disposable or loaner commercial mobile device for travel in high-threat environments," the guidance reads. "They should not carry their government-furnished mobile device in these high-threat environments."
This recommendation also goes for devices that have sensitive data or communications and those that are used to access systems deemed high value by agencies. For these and high value personnel, the guide recommends a proxy account as well.
The guidance also advises against using public charging stations and suggests covering cameras with tape and disabling them when possible, turning off GPS and location services, and avoiding open WiFi networks.