As ubiquitous as mobile devices have become for federal users, agencies still need to maintain a mobile-first mindset as they modernize infrastructure and applications.
That’s especially true as artificial intelligence comes into the picture and security concerns grow more intense, said Mark Clancy, senior vice president for cybersecurity at T-Mobile.
“It’s cloud and mobile meet AI,” Clancy said during Federal News Network’s Industry Exchange Data 2025. “It’s all about pervasive connectivity, working from anywhere — whether in the office or on the go — but also keeping everything secure.”
He added, “You must always have security running and always present.”
A perfect, secure network slice
One specific requirement under the Trusted Internet Connection 3.0 standard, Clancy said, calls for data to move back and forth in a protected channel. By using a service known as network slicing, mobile traffic can use a secure access service edge (SASE) solution, he said.
Clancy described network slicing as a virtual network inside of a mobile network.
“It’s one of the big features of 5G when you have a standalone core network,” he said. In a standalone core, the back-end routing infrastructure of the network is 5G-based.
“Essentially you can partition the traffic to have certain properties,” Clancy said. These include low latency or data priority, “but you can also direct where the traffic goes.”
For example, an organization can configure their mobile virtual private network to route certain traffic to a SASE platform “to make sure all the connections to and from the device are brokered through that edge control.”
The 5G slicing capability is a significant improvement over the way the earlier LTE wireless generation secured traffic, Clancy said.
LTE, by routing all traffic back to a data center and out again through a gateway “didn’t allow for quality of service. It didn’t provide a good experience,” he said.
Slicing operates as an integral feature of T-Mobile’s 5G network. “It’s actually part of the radio access network. It’s a feature that you can turn on. It doesn’t exist in a nonstandalone core, and it doesn’t exist in 4G,” Clancy said.
5G also provides better security than LTE, he said, because encryption between devices and cell towers along with location tracking of devices prevent spoofing from hackers in distant locations.
Securing devices and users wherever they roam
Countless federal missions require anytime, anywhere communications, often in austere areas with limited comms coverage of any sort. Clancy said T-Mobile has approached this requirement partly in response to the advent of cellular land radios.
“One of the things we’ve been doing is making sure that we have not only ground-based coverage but also satellite coverage,” he said. “We’ve started with messaging, and we’ll expand it from there, but that makes you able to reach those places that are hard to get to.” Although satellites have less capacity than ground-based cellular coverage, they offer the same security capabilities, he pointed out.
Regardless of where users operate and the source of their devices’ signals, both devices and users must remain visible to their agency’s network security staff so that team can maintain security. Visibility has two main parts, Clancy said.
“One is the inventory knowledge of, what assets do we have?” he said, whether laptops, smartphones, radios or Internet of Things devices like sensors or cameras.
“The second piece is, then, how do you look at the configuration, the security status of those devices?” Clancy said. “You want to intersect those two things.”
He added, “When you do your identity plumbing for humans, and your asset inventory for your devices, all those devices are managed and paid attention to. And then you connect your access policies so that you can only access critical applications from a managed device.”
Equally important, agencies need visibility into the threat environment itself. Clancy said a vendor with extensive network coverage and data from a device population in the millions can aid in threat intelligence.
“One of the things we’ve been working on,” he said, “and this isn’t quite shipping yet, is how we do analytics for individual customers, be they agencies or corporate entities, about what we are seeing from their devices to help them better be informed about the threats that we’re seeing and mitigating or the threats that potentially are getting through and not being handled by that agency’s controls.”
With a wide variation in devices and work locations now the norm, Clancy suggested that it’s time for agencies to get away from the terminal-age password mode of user authentication. Instead, they should adopt a continuous authentication model, he recommended.
Pushing aside password authentication
T-Mobile itself went passwordless by equipping every employee with FIDO (Fast Identity Online) tokens. Clancy said this and several other cryptographic techniques could work for agencies.
“This idea of continuous validation is saying, you don’t want to just do it once, you want to do it all the time,” he said. “What if the session is hijacked? What if somebody changes a session from Device A to Device B? You want to reauthenticate and make sure that party is still who they say they are.”
He added that the cloud and software as a service platforms support this capability, but legacy data centers may not.
“We have to figure out how you migrate to a centralized identity store and how to converge all of those islands such that they’re in a single identity plumbing — a single authorization, authentication plumbing,” Clancy said. He added that this approach also improves user experience relative to passwords.
AI and security intersect in that the malicious actors use AI to improve their phishing and probing of target networks for weaknesses. Clancy said agencies can counter this with techniques such as applying large language models to their network log data.
“We found a lot of efficiencies where just simple things like using an LLM tool to create queries in the security tool,” he said. Staff “productivity in terms of hunting and searching for bad activity goes way up.”
Discover more articles and videos now on our Federal News Network’s Industry Exchange Data 2025.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
