Management Alert - ICE Management and Oversight of Mobile Applications (REDACTED)

Date Issued

Wednesday, November 1, 2023

Submitting OIG

Department of Homeland Security OIG

Other Participating OIGs

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Components

United States Immigration and Customs Enforcement (ICE)

Report Number

OIG-24-01

Report Description

During our ongoing audit to determine the extent to which U.S. Immigration and Customs Enforcement (ICE) manages and secures its mobile devices, we identified thousands of mobile applications installed by ICE employees, contractors, and other DHS agency 1 employees on ICEmanaged mobile devices. These included applications from companies banned from U.S. Government information systems, applications associated with and , third-party file sharing applications, third-party virtual private networks (VPN), and outdated messaging applications.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 6 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend ICE’s Chief Information Officer require the immediate removal of applications that are prohibited by DHS policy, as well as risky and unneeded applications.
2	No	$0	$0
We recommend ICE’s Chief Information Officer immediately assess whether and to what extent risky applications resulted in breaches of sensitive information.
3	No	$0	$0
We recommend ICE’s Chief Information Officer immediately implement a process to assess and reduce risks of user-installed applications on ICE-managed devices.
4	No	$0	$0
We recommend ICE’s Chief Information Officer develop and implement a process to ensure all third-party messenger applications allowed to be used for official duties are up to date with the latest security updates.
5	No	$0	$0
We recommend ICE’s Chief Information Officer update ICE’s mobile device use policy to align with current DHS requirements and industry best practices.
6	No	$0	$0
We recommend the DHS Chief Information Security Officer determine whether similar issues exist for other DHS agencies and take immediate appropriate actions as appropriate.