Pentagon Denies Inadequately Vetting Defensewide Smartphone Security Service
A soldier checks an iPhone during a field exercise. Defense Department file photo
Testing the technology would have required too much time and effort for contractors and Defense.
Pentagon officials defended the purchase of untested technology intended to secure government-issued consumer smartphones and tablets for 300,000 military personnel, insisting the manner in which the products will be deployed is unprecedented.
However, federal documents show that at least one other federal entity, the Agriculture Department, has embarked on a similar installation.
The Defense Information Systems Agency’s selection of a mobile device management system last month was not based on live demonstrations or reviews of vendors' past performance, Nextgov reported on Wednesday.
Another reason for omitting trial runs was a need to simplify the procurement process, Defense Department officials said.
The purpose of the service is to prevent commercial devices, including iPhones, iPads and other popular electronics, from compromising military networks and information.
Based on a “comprehensive evaluation, DISA is confident that the technology proposed will perform in the manner as proposed by the awardee and that the awardee is capable of working with DISA to establish this first-ever DoD Enterprise Mobility capability,” a Pentagon spokesman said in an email.
DISA tapped DMI to install a $16 million system developed by Fixmo and MobileIron over a three-year contract period.
The spokesman said officials required "products that have a proven track record in the commercial sector.” Nowhere does the request for proposals state that product track records were a criterion in the evaluation.
Drawing from market research and "DISA's expertise in this area," agency officials determined no service provider could claim having previous experience on a similar initiative, the Defense spokesman said. The service that the Pentagon needs is "unique in scale and functionality.”
So, "an evaluation scheme that focused on technical and cost, rather than past performance, would be the best method to compete this requirement,” he explained.
Mobile management technology basically works like a human help desk, remotely installing software, erasing lost smartphones and locking down settings. Defense’s service also includes software for secure email access and Web browsing, as well as an app store that will allow military personnel to search and download approved applications.
But the Pentagon might not be breaking new ground with the project. Last year, USDA officials announced a $20 million rollout of a mobile device management system, app store, and secure email access and browsing tools for the devices of up to 100,000 federal employees.
Pockets of Defense are testing various devices and security management systems, the Pentagon spokesman acknowledged, but "it was unlikely that any current pilot efforts would be relevant to DISA's new, emerging requirement.” Also, it would take too much effort for companies to substantiate their prior accomplishments and for DISA to appraise those accomplishments.
Eliminating the performance factor "allowed the government to shorten the procurement process and thus field critical capabilities in an expedited manner,” the spokesman said.
Defense officials say they incorporated feedback from industry last year in crafting the benchmarks used to vet contenders. They added that DISA did not receive any pre-award protests or complaints about the decision not to rate competitors on past performance.
Nor did the agency receive any post-award protests from contractors. None of the major Defense contractors that have billion dollar contracts under their belts contested the relatively small award. The subcontractors that developed the products were not eligible to protest.
