No BYOD to start, though it is a ‘long term objective.’
This story has been updated.
The Defense Department released a detailed plan on Tuesday to support mobile smartphones on classified and unclassified networks with a fast-track approach to get 100,000 unclassified users online by the second quarter of fiscal 2014. The Pentagon expects the plan will eventually support 600,000 users.
The Joint Chiefs of Staff view mobile devices “as essential to innovations and improved mission effectiveness across a wide range of DoD mission areas,” the plan said.
Defense Chief Information Officer Teri Takai said the plan will facilitate collaboration. “As today’s DoD personnel increasingly rely on mobile technology as a key capability enabler for joint force combat operations, the application of mobile technology into global operations, integration of secure and non-secure communications, and development of portable, cloud-enabled capability will dramatically increase the number of people able to collaborate and share information rapidly,” Takai said.
The Pentagon said it will take a “device agnostic” approach to the development of a mobile infrastructure but due to operational and security considerations will not support the use of personally owned equipment on Defense networks, though development of a bring-your-own-device or BYOD policy is “a long term objective.”
At a Pentagon press briefing Tuesday morning, Air Force Maj. Gen. Robert Wheeler, Defense deputy CIO, said the department is looking at a BYOD policy “down the line” when technology to secure devices matures.
John Hickey, the Defense Information Systems Agency's program manager for mobility, added that in the mobile arena “long term is much shorter” than it is for hardwired computer hardware.
The Pentagon said in its mobile device strategy released in June 2012 that it planned to use mobile-device-management or MDM software to provide security; the plan released Tuesday said that software could be hosted either by DISA at its computer centers or the services or Defense agencies, based on a business use case.
Defense also will set up a mobile application store which will include a library for development, testing and maintenance of non-tactical applications that are hosted either at the Defensewide enterprise level or by the services or agencies.
The Digital Government Strategy released by the White House in May 2012 called for the General Services Administration to establish a governmentwide contract vehicle for mobile devices and wireless service. GSA kicked off a procurement for MDM software and mobile application management tools on Feb. 8.
The Pentagon mobile plan said military organizations may contract for mobility services from GSA once the GSA-provided MDM and mobile application offerings meet appropriate Defense security requirements.
DISA issued a solicitation in October 2012 for an MDM software and enterprise mobile application store that will support up to 260,000 devices. Warren Suss, president of Suss Consulting said the software “will not be cheap.” In a memo attached to the mobile plan, Air Force Lt. Gen. Ronnie Hawkins, DISA director, said the agency plans to award an MDM contract April.
MDM vendors, such as Airwatch, the Veterans Affairs Department MDM and application store contractor, typically charge between $3 and $4 per month per client. Alan Dabbiere, chairman of Airwatch, said DISA should not expect to pay rate sheet prices for MDM clients, software and services and promised a “substantial” discount for large-scale deployment, but did not specify the size of the discount.
MDM software provides the ability to manage mobile hardware remotely, supports over-the-air distribution of applications, malware detection, and a “nuclear option” to wipe data from a user device that does not comply with security policies.
Mobile hardware operating on classified networks will require additional security, including National Security Agency Suite B encryption, which includes a 256 bit encryption algorithm and another for strong digital signatures, the plan said. Mobile voice will use Secure Voice Over Internet Protocol for security, and data transmissions will be protected by hardware tokens for trusted user authentication and identification.
The plan calls for DISA to set up a Program Management Office that that will provide guidance for secure classified and unclassified mobile communications capabilities to Defense on a global basis. DISA will develop a business case analysis for all costs, and timelines for full deployment of all mobile capabilities by May.
Hawkins said DISA plans to establish enterprise mobility architecture by April to field 1,500 devices and assess the security of multiple mobile operating systems. Between April and September, Hawkins said, DISA will field another 5,000 smartphones or tablets to the three services, combatant commands and the Joint Staff and create a security and service delivery infrastructure with 100,000 devices on-line by 2014.
The new plan calls for a 90-day approval process for mobile hardware and operating systems on Defense networks, and DISA’s Hickey said Tuesday he would like to compress that to 30 days.
The plan also calls for public keys to control smartphone and tablet access to Defense networks, handled by a common access card to control access to computers. Mobile devices are too small to house a CAC card reader, so Hickey is working with vendors to tap “near field” short range communications, such as that used by Washington Metropolitan Area Transit Authority “smartcards” to pay fares with a wave of the card over the reader. He said DISA is also eyeing micro-SD data storage cards to host the public keys because numerous mobile phones and tablets support them.
Takai said that the overall goal of the plan is to ensure that mobile devices and their apps, email and other functions, and the wireless networks supporting them can operate securely in hostile and remote environments and adapt to ever-changing technology, even as the number of users expands. “The challenge for DoD is to balance the concern of cybersecurity with the need to have the capability of these devices,” she said.
The commercial mobile device market is moving so quickly, we can’t wait,” she said. “If we don’t get something in place, we will have multiple solutions, just because the demand out there to be able to use these devices is so strong.”