The Untested Mobile Security System Defense Just Bought Isn't Functioning at USDA

Technology the Pentagon acquired, without testing, to protect email and Web browsing on military-issued consumer smartphones is not working at the Agriculture Department, according to USDA officials.

In late June, the Defense Department signed a $16 million three-year deal with a trio of contractors to secure 300,000 commercial devices, including iPhones, iPads, Samsung gadgets and BlackBerry 10s. USDA late last year hired the same vendors to provide a similar type of security package.

Eight months later, Agriculture's $20 million rollout, intended to support a few thousand devices, is about a year behind schedule and not functioning as promised, according to the contract requirements and Agriculture officials. 

The military has set on a one-year deadline to secure 100,000 smartphones and tablets expected to be indispensable for service members coordinating defenses at home and abroad.

Both projects, led by prime contractor DMI, are slated to include Fixmo email and Web browsing protection, a MobileIron "mobile device management" system and an app store, according to presentations and promotional materials. Mobile device management technology aims to prevent popular brand devices from compromising government networks and leaking information. 

The kinds of protections chosen, irrespective of vendors, should be commended, cyber analysts say. 

"If security is a major priority, then just sticking with MDM is not enough. In that regard, I applaud these guys for taking that initial step toward containerization and added security," NSS Labs Research Director Andrew Braunberg said.  

"The scale of that one is really impressive," he said of the Pentagon project. The requirement to handle a large number of devices is not necessarily a hangup for software providers, Braunberg said, but what could be a challenge is the "aggressive" timeline for setting up the system. 

At USDA, the Fixmo container that safeguards emails and browsing is incompatible with part of the department's network security infrastructure, according to Agriculture officials.

The department's solicitation required, within 30 days of the November 2012 award, "a fully functional 30 day pilot with vendor support" that is "ready to support a minimum of 3,000 mobile devices." Now, the schedule for standing up the app store and rolling out the safety technology to 4,500 devices has been pushed back to fall 2013, according to Agriculture officials.  

This month, USDA is testing the container and will either abandon the Fixmo software and use MobileIron's container or go with a hybrid solution, combining the Fixmo and MobileIron tools, department officials said. As of late July, about 1,370 devices were hooked-up to the mobile management system and officials expected to connect the remaining devices by September.

Due to the challenge of coordinating installation across diverse agency IT backbones, deployment of the mobile management system and app store are behind schedule, Agriculture officials explained.

Pentagon officials this week would not comment on whether they asked Agriculture about the progress of USDA's project while vetting potential suppliers. 

The Defense Information Systems Agency, which awarded the contract, did not judge past performance or require demonstrations before settling on a product, officials said last week. 

Based on a “comprehensive evaluation, DISA is confident that the technology proposed will perform in the manner as proposed by the awardee," a Pentagon spokesman said. He added that officials required "products that have a proven track record in the commercial sector.”  

Regarding evaluation of the product’s record at USDA, Lt. Col. Damien Pickart said in an email this week, "The documentation and processes used in source selection, other than that which is required to be publicly disclosed, is protected as source selection information" under federal acquisition rules. He added, "We do not disclose the specific details of the source selection process."

When the contractor team asked government officials for permission to comment for this article, they were advised not to, said Jay Fiore, DMI vice president for marketing.

Pentagon officials last week defended the decision to pick vendors before running trials, claiming the manner in which the product will be deployed is unprecedented. And they wanted to simplify the procurement process. "Past performance was not a key discriminator in this competition and it would not have been worth the considerable effort for contractors to propose past performance efforts or for DISA to evaluate those specific efforts. This streamlining allowed the government to shorten the procurement process and thus field critical capabilities in an expedited manner," a Defense spokesman said. 

(Image via Centurion Studio/Shutterstock.com)