recommended reading

Marine Corps Bypasses Defense Mobile Phone Plan; Wants Commercial Options

A Marine takes a smartphone photo of military enlistees as they line up before taking their oath in front of Dallas City Hall

A Marine takes a smartphone photo of military enlistees as they line up before taking their oath in front of Dallas City Hall // LM Otero/AP File Photo

While the Defense Information Systems Agency slowly rolls out its custom-built mobile phone system that offers secure access to defense agencies and the military services, the Marine Corps is seeking a cheaper, quicker commercial alternative.

The Marines are counting on three phone companies, Verizon, AT&T and Sprint, to manage the military-grade security of the smartphones and tablets its members use. 

In a four-month experiment, the three companies have provided the Marine Corps with about two dozen Apple and Android smartphones and wireless service that includes mobile device management. Essentially it’s the commercial equivalent of the new security service DISA began offering defense agencies and the military services Jan. 31.

To protect data, the phone companies create secure partitions within smartphones where sensitive information can be sent and received, handled and stored. System administrators can set policies so that only certain activities can be conducted within the secure partition of the phone. If the device is lost or stolen, data in the partition can be deleted remotely.

The systems were developed so that companies can let their employees use their personal smartphones and tablets for work without jeopardizing the security of company information. The question the Marines want to answer is whether the commercial security systems are good enough for military purposes.

DISA’s Mobile Device Management system works much the same way, using a secure “container” within a mobile device to keep information safe, and enforcing policies that restrict what users are allowed to do. DISA also provides applications that have been deemed safe for military users.

The Marine Corps estimates that if the commercial systems prove trustworthy enough for military use, they could push the cost of security for mobile devices to as little as $60 a year.

That compares to DISA’s cost of $7.36 a month per device ($88.32 per year) for access to unclassified defense networks and $126.63 per month per device ($1,519.56 per year) for access to classified networks. DISA’s price list also notes that there is an additional 2 percent service fee.

But there are other expenses as well. For example, DISA charges $39.22 per year per user for DoD Enterprise Email. In addition, defense agencies and branches of the military have to buy their own voice and data services and their own mobile devices. 

DISA touts its Mobile Device Management system as a new way “to deliver unclassified and classified mobility capabilities to the DoD enterprise in a manner that significantly reduces cost,” but agency officials were unable to answer questions about the total cost of secure mobile services or cost comparisons between DISA’s mobile device management service and mobile security alternatives.

Lt. Col. Valerie Henderson, a spokeswoman for the Pentagon's chief information officer's office, said it is difficult to estimate potential savings for the entire Defense Department associated with DISA's mobile device plan because of differences in organizations' requirements. Nextgov requested on May 15 that the department provide information supporting its contention that the plan will save money, but she was unable to provide that information by May 21.  

Meanwhile, DISA’s mobile device management program has signed up some 2,000 users over the course of three months. Its goal was to accommodate 100,000 users by Sept. 30.

This story originally misstated why Defense officials could not make cost-savings comparisons between mobile security alternatives for the Defense Department. The difficulty relates to differences in organization's requirements, not variables in setting prices. The story has been corrected.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.