recommended reading

Pentagon Buys Untested Mobile Security System for 300,000 Users

Defense Department file photo

Pentagon officials did not test product performance before purchasing a potentially $16 million service intended to secure smartphones and tablets for 300,000 military personnel worldwide.

In late June, the Defense Information Systems Agency inked a deal for software and training to support government-owned mobile gadgets used by the entire Defense Department, along with members of the Coast Guard, National Guard and military reserve forces. The product selection process did not require technology demonstrations, according to contract filings.

The "mobile device management" system is critical to ensuring unclassified consumer brand devices that touch military networks do not infect Defense systems or leak information if they fall into the wrong hands. 

The winning team, made up of security providers DMI, Fixmo and MobileIron, also will open an app store that must hold at least 10,000 mobile applications, according to the filings

Once the system is running, the latest iPhones, iPads, BlackBerry 10s and other commercial devices certified by DISA will be allowed onto Defense networks. 

Since a past performance assessment was not required, it is unclear what assurances the Pentagon has that the winning technologies actually work the way the vendors described on paper. 

For example, the request for proposals did not stipulate that officials weigh feedback from roughly 50 recent smartphone, tablet and mobile software trials. Independent of the contract competition, Defense components have been experimenting with various devices and management systems, including technologies made by contract bidders such as AirWatchGood Technology and Fixmo, according to Pentagon presentations and industry sources. 

The June award fulfills part of an execution plan for a defense mobile device strategy that Pentagon Chief Information Officer Teri Takai announced last year. 

On behalf of DISA and Takai, a Defense spokesman said in an email, "In the course of this request for proposal, DISA followed the standard contractual procedures, rules and guidelines. While an RFP may not always specifically cite 'past performance' as a deciding factor, the department considers and is ever mindful of lessons learned from previous and ongoing pilot programs during this or any selection process."

Pentagon brass expect smartphones and tablets to guide warfighters wherever they might be, whether in battle abroad or on-the-go stateside. The mobile device management system must remotely configure users' devices, push out bug fixes and conduct most of the work typically done by computer support staff.  The app store is intended to let military personnel browse and install vetted apps.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.