April 17, 2023

The US National Cybersecurity Strategy is a comprehensive plan put in place to protect the country’s critical infrastructure, government agencies, and citizens from cyber threats. As the CTO of Social Mobile, a company that builds private-label Google-certified Android devices, I believe that this strategy is essential to securing next-generation mobile technology that we rely on for business and personal use.

Overview of the US National Cybersecurity Strategy

The objective of the US National Cybersecurity Strategy is to fortify cybersecurity capabilities and encourage innovation to safeguard the country against cyber threats. The strategy focuses on five key areas:

1. Securing federal networks
2. Protecting critical infrastructure
3. Combating cybercrime
4. Strengthening international cybersecurity
5. Promoting cybersecurity awareness and digital literacy

Strengths and Opportunities for Improvement

The heightened level of visibility provided by the US National Cybersecurity Strategy is a strength because it enables organizations to have a better understanding of their cyber threat landscape. By having increased visibility, organizations can identify potential threats early, track them over time, and proactively take steps to mitigate them before they turn into a major cybersecurity incident.

I am also pleased to see that the strategy includes plans to secure next-generation technology through the National Artificial Intelligence Initiative and the National Strategy to Secure 5G. As a company that builds private-label Google-certified Android devices, we rely heavily on next-generation technology, and this strategy ensures that we can continue to use and innovate with these technologies securely.

Impact of Emerging Technologies on Cybersecurity

The potential impact of emerging technologies, such as artificial intelligence and quantum computing, on the cybersecurity landscape is significant. While artificial intelligence has the potential to enhance cybersecurity capabilities, it can also be used for nefarious reasons by bad actors.  Additionally, quantum computing presents a unique challenge in the realm of breaking encryption.

As quantum computing continues to rapidly evolve, concerns have arisen about the potential for current encryption standards, such as AES, to be easily compromised.

Modernizing outdated systems and implementing a cohesive approach to Zero Trust across all systems is essential, and one way we can help safeguard outdated systems from quantum computing and other threats.

Building a Culture of Cybersecurity Awareness and Preparedness

A whole-of-nation approach to cybersecurity is critical to ensuring the protection of critical infrastructure, government agencies, and citizens from cyber threats. This approach involves not just government agencies but also small businesses, individuals, and other stakeholders.

To create a more collaborative community that encompasses both private and public infrastructure, we believe it’s important to work closely with our ecosystem partners. As leaders in the mobility space, we see great value in partnering with Google to provide feedback from our customers and partners. This can help Google continue to build security components into Android as they learn from their partner ecosystem. Keeping up-to-date with Google’s latest developments will be crucial for us to enhance the security of our devices moving forward. Google boasts some of the most brilliant security minds in the world, and it would be wise for any company in the mobility ecosystem to pay attention to their Zero Trust and security practices.

As part of our commitment to the whole-of-nation perspective, ample, we partnered with Google to establish the EDLA (Enterprise Device License Agreement) by detailing the many enterprise use cases that cannot be satisfied with consumer-grade devices. Social Mobile worked with Google to develop this new license agreement that allows for devices to be built outside of the normal consumer standards, enabling a wider range of specifications for things like screen size, cameras, and more. With our EDLA, Social Mobile can build an Android certified device that is just as secure as any other Google certified device, but with an enterprise-first approach.

Addressing the Key Areas of Focus

The US National Cybersecurity Strategy outlines several critical areas of focus, including the protection of critical infrastructure, supply chain security, and election security. In consideration of Social Mobile’s core business in mobility, we understand the significance of supply chain security in ensuring the quality of our devices and their components.

To address supply chain security, we have implemented measures to ensure that we only use components of the highest quality and do not use any components from companies that pose potential supply chain issues. Additionally, we have improved our chain of custody processes to maintain strict control over the devices’ locations and access prior to leaving our factory.

Challenges for Enterprises

Companies should closely monitor how this initiative unfolds in 2023 and remain vigilant to avoid falling behind or becoming complacent. It is important for businesses to keep their hardware and software up-to-date to maintain security. Critical infrastructure companies, including those responsible for power, gas, and cellular networks, are at high risk and must remain vigilant against malicious attacks. This also includes the healthcare industry as it becomes increasingly reliant on digital technology, which makes securing sensitive patient data essential. Any breach in security could have severe consequences, even resulting in the loss of life.

Impact on Social Mobile’s Operations and Cybersecurity Practice

Prioritizing Supply Chain Security

We’re expanding our manufacturing capabilities to multiple countries to better serve our clients’ needs while also prioritizing building devices in the USA. This approach aligns with the US National Cybersecurity Strategy’s emphasis on supply chain security and the use of high-quality components. As part of our SBIR award, Social Mobile is building a next-generation device for the Air Force, which is being designed and assembled in the USA. Social Mobile is working with US-based companies to build the gear and help secure the entire supply chain. We prioritize the quality of components used to build their devices and work with vendors that have a track record of providing high-quality components. Regular audits are conducted to ensure that our devices meet industry standards.

Building Secure IoT Devices

In the US National Cybersecurity Strategy, Pillar 3 focuses on shaping market forces to drive security and resilience. This means promoting the development of secure and resilient products and services by incentivizing industry actors and consumers to prioritize cybersecurity. The strategy recognizes that the market can play a critical role in enhancing cybersecurity by creating demand for secure products, services, and rewarding companies that prioritize cybersecurity. To achieve this goal, the strategy emphasizes the need for public-private partnerships, international cooperation, and research and development efforts to improve cybersecurity.

We are in the space of building IoT devices and not just smartphones and tablets. We have developed many devices for our customers’ specific needs that fall into the IoT category. As we move forward, the guidance and ever-evolving strategy will help shape how we build our devices. As an Android Enterprise Partner, we are also committed to sharing our clients’ feedback with Google to help them keep iterating on the security aspects of Android.

Ensuring the Security of Sensitive Social Mobile Client Data

Ensuring the protection of our data, as well as our partners and customers’ data, is of paramount importance. To achieve this, we have implemented several standard operating procedures and policies, utilizing the best-in-class technology available. In 2022, we committed to improving our systems and securing our data by implementing controls that align with ISO 27001 and attained certification in May.

To guarantee maximum security, we focus on several key areas. For instance, we ensure that all our users’ equipment has encryption enabled. Our Android devices, for example, use AES 256-bit encryption, which is the baseline standard established by Google, and it is always on and cannot be disabled. Furthermore, our laptops are required to be encrypted by system policies, and we enforce SSO and certificate-based authentication to access our systems. We also have robust data leakage protection measures in place to prevent unauthorized access and distribution of our data.

We take cybersecurity seriously and have made significant efforts to ensure that our systems and data are secure. We understand that the security of our clients’ and partners’ data is crucial to their success, and we are committed to maintaining the highest level of protection for all our stakeholders. Everything we do at Social Mobile and for our clients is in-line with the US National Cybersecurity Strategy, and we will continue to support it as we grow. We urge other businesses to prioritize cybersecurity in the same way and take proactive steps to safeguard their data and systems.