Purpose

This Policy provides information security direction for Ministers, Ministers’ staff, Department Secretaries and Senior Executives in the use of mobile electronic devices when travelling overseas, with the aim of protecting digital information, NSW Government IT networks and the reputation of the NSW Government.

This Policy applies to overseas travel undertaken by Ministers, Ministers’ staff, Department Secretaries and Senior Executives to countries identified as being ‘high risk’. The policy applies for travel which is either for official business or private travel where there is a requirement to carry a mobile device in order to remain contactable for work purposes.  However the risk mitigation measures described in this Policy should be considered for all overseas travel undertaken by NSW Government employees.

The threat to Government 

Government employees travelling overseas face an increasing number of information security threats, including compromise of information stored on mobile devices. The risks are greatest for senior government individuals or delegations that represent high value targets to aggressors. In countries identified as posing a high risk it must be assumed that the level of threat will be more advanced and coordinated, so additional protection is required.

On occasions where Ministers and Departmental staff are engaged in joint overseas visits, often to multiple countries, it is important to ensure that consistent information security practices are applied. Differences in security approaches may lead to confusion and present any potential aggressor with additional opportunities to obtain sensitive information.

This Policy directs the use of ‘clean devices’ by Ministers, Ministers’ staff, Department Secretaries and Senior Executives when travelling to countries listed as high risk. Mandatory use of a clean device applies when travelling to multiple countries, if one or more countries is listed as high risk. Normal work devices may be used in all other countries. However, this Policy should still be taken into consideration; operatives from high risk countries may still target Australian delegations while they travel in non-high risk countries.

Not complying with this policy could result in the compromise of a device. This can lead to the theft of sensitive information from the device, installation of malware onto the device, interception of government communications, and damage to NSW or to Australia’s national security interests.

Management of clean devices

Management of clean devices is the responsibility of agency Chief Information Officers (CIO), who are expected to have access to the knowledge, expertise and technical support necessary to maintain a clean device capability. Requirements of this Policy should be implemented in line with a comprehensive information security risk assessment, which is informed by the nature of the visit and risk profile of the destination countries.

The quantity, type and form of clean devices is to be considered with the intended use of the capability, the sensitivity level of information to be placed on the device and the risk profile. Clean devices should be obtained through approved NSW Government procurement channels.

Agencies are to develop procedures to procure, maintain and control their clean device inventory, noting commonality of device types will assist future Whole of Government management. A record of inventory must be maintained which identifies each device by type and serial number, showing to whom it has been assigned, for what period and to which countries it has been taken. Clean devices should conform to technical standards prescribed by ASD for specific types of device, e.g. Apple iOS. ASD can be contacted via email, [email protected], for more details.  

Clean devices include all forms of mobile telephones, tablets, e-readers, laptop computers and wearable electronics. Clean devices have never been connected to the associated NSW Government IT network and never will be. Subject to the functionality of the device, and where possible, such devices should:

• be configured by loading a controlled image stored on a controlled portable medium (e.g. external hard drive);

• have an associated ‘clean profile’ which is configured specifically for a nominated user to access documents on the device and pre-defined communication portals within a specified time period.

  • the ‘clean profile’ is used solely for access to the device and is different to the usual ‘profile’ (network login) used by the individual; and

  • all other forms of connectivity should be disabled by default.

• can access a specifically created alternate ‘clean mailbox’ which is used solely for the specified travel and is completely wiped upon the traveller’s return.

At the simplest level, these requirements may be met by obtaining a basic device or “feature phone” for telephony, disabling other connectivity, pre-loading required contact details onto it, and disposing of the device upon return to Australia – in line with this Policy.

Loss of a clean device must be reported as soon as possible to the controlling agency for the attention of the CIO. In the event that a government device usually connected to a NSW Government IT network is taken overseas contrary to this Policy, the relevant agency will attempt to wipe all information held on the device and immediately disconnect access from the network.

Before you travel overseas

When planning programs involving overseas travel it is recommended the person responsible for coordinating travel arrangements:

• Ascertains through the agency CIO the risk profile of each country to be visited and whether they are high risk.

  Checks the DFAT advisory website for the latest advice on the destination countries.

• Advise ICT support staff that a clean device will be required, giving them a minimum of 5 days’ notice before the intended day of travel.

• Requests that ICT support staff advise the CIO on the receipt, handling and return of clean devices after travel.

• Conducts a pre-travel brief for nominated government delegates to include an information security update covering physical security of devices, use within high risk countries, action upon suspicion of compromise, and procedure on return to Australia. If time permits it may be possible to arrange for DFAT/ASIO to provide a specific country brief.

• Appoints a delegation member to manage the control of clean devices while overseas; this person may require additional knowledge to act as the point of contact for any information security matters that may arise while overseas.

• Where delegates are drawn from multiple agencies it is important that respective ICT support staff liaise to ensure commonality of security policies and controls across all assigned clean devices.

Agency ICT support staff are to obtain a clean device that is appropriately configured before travelling. They should refer to ASD guidance on requirements for sourcing and configuring a clean device.

Before departure, travelling personnel (with the support of their agency ICT support staff) are to:

• create or reset all complex passwords (ten characters are recommended) and disable swipe or gesture access for any device/system that will be used while overseas;

• ensure all devices automatically lock while not in use, with a secure authentication mechanism for unlocking the device (e.g. fingerprint identification);

• check that all devices to be taken overseas have the latest and most up-to-date: encryption, operating system (OS), applications, antivirus software and security patches;

• ensure, where possible, all devices are fitted with tamper-evident seals and are encrypted with appropriate layers of software protection;

• disable Bluetooth, Wi-Fi, GPS, near field communications (NFC), cellular and any other connectivity functions in the device, and change the device settings so these services do not automatically connect at any stage;

• disable app store downloads, specifically from the Apple, Google and Microsoft app stores;

• disable all non-OS applications, including NSW Government applications and applications from commercial sources (including Apple, Google and Microsoft);

• if it is present, remove all non-essential data including contacts, SMS messages, emails, photos and stored files;

• only information relevant to the overseas trip should be loaded onto the clean device;

• avoid loading sensitive information onto the device;

  • use a risk management approach to decide if any sensitive information can be loaded onto the clean device; and

• refer to the ASD website for further guidance:

  • Travelling overseas with an electronic device

  • Technical advice for travelling overseas with an agency-issued electronic device

While overseas

It is prudent to assume that while overseas someone is likely to attempt to physically or wirelessly gain access to the device in order to extract data or install malware. Only use cellular connectivity when needed and remember the most effective mitigation against cyber-attacks is physical control of each device

As such owners must keep physical possession of their devices (and peripherals, e.g. chargers) at all times or give them to a trusted person, usually a nominated delegation member or a DFAT official. Do not connect to hotel Wi-Fi. Never leave the device or peripherals unattended, for example in a hotel room, hotel safe or foreign government offices.

Adoption of the following strategies will significantly reduce risk of compromise:

• Always place the device in ‘flight mode’ when travelling, powering off during transit and inside airport buildings.

• Avoid sensitive conversations or SMS messages as these can be intercepted by other mobile devices. Public places are vulnerable to surveillance. Conversations of a sensitive nature are to be conducted inside secure facilities at Australian missions.

• Be alert to suspicious behaviour or activity, for example shoulder surfing. Foreign intelligence services particularly from high risk countries are known to operate all over the world.

• Do not use free Wi-Fi and avoid using local 3G networks. Sudden reductions in device battery life could indicate the presence of surveillance software on the device – avoid using the device in this scenario.

• Do not install any application on devices.

• Do not open SMS or emails form unknown sources or apply updates.

• Do not open suspicious or unsolicited emails and attachments. If error messages appear on the device do not click ‘yes’, make no acknowledgement and make a note.

• Do not use a wireless keyboard or mouse with the device.

• Do not connect the device to any un-trusted system nor plug it into third party chargers or peripherals. Consider making a discrete mark on the provided charger so it can be identified if the charger has been replaced.

• Never unlock the device under direct observation or when plugged into its charger.

• Beware of gifts – particularly electronic accessories for example USB keys, USB battery chargers. Do not use suspicious goods or any devices that may have been compromised. Hand them to Departmental ICT support staff for checking on return to Australia.

• Where delegates are drawn from multiple agencies it is important that information about any compromise be shared amongst delegates and with their respective agency CIO

Upon return from overseas travel

It is important agency support staff complete post-travel administration. This may take the form of a de-brief where:

• all clean devices are returned to ICT support staff for inspection and wiping;

• confirmation is given that passwords for any system used or accessed while overseas have been changed;

• any suspicious gifts or compromised devices are handed to ICT support staff for examination; and

• details and concerns regarding clean device use while overseas, including relating to potential compromise, are reported to agency ICT staff for further action.

  • information about any potential compromise while travelling must be shared with the respective CIO of other delegate organisations.

On completion of each overseas activity, devices are to be returned to their nominated agency ICT support staff to receive prescribed security checks, as advised by ASD. On no account are these devices to be connected to government IT networks on return to Australia.

Upon receipt of the clean device, agency ICT support staff may, in line with ASD guidelines and following a risk assessment:

• wipe the device, which involves the removal of all data held on the device, formatting the device, and returning it to its factory state; and

  • place it back in the clean device pool ready for the next trip overseas; or

  • physically destroy the device, through the use of an ASD approved service provider, who must also issue a certificate of destruction to be retained by the Department.

Physically destroying the device is more secure than wiping the device. The ICT support staff member may also be required to keep the device in view from when it leaves the agency premises to its final destruction.

For operational guidance on applying this Policy, contact [email protected], or [email protected].

In applying this Policy and requirements for handling sensitive or classified information, refer to:

• NSW Government Information Classification, Labelling and Handling Guidelines;

• NSW Government Information Security Policy; and

• Australian Government Information Security Manual (ISM).