Mobile devices are becoming the way we communicate, and the Defense Department views that change as an opportunity, the department’s deputy chief information officer for command, control, communications and computers and information infrastructure said Sept. 28.
Air Force Maj. Gen. Robert E. Wheeler told American Forces Press Service and the Pentagon Channel that National Cyber Security Awareness Month is a good time to consider what is involved in adopting mobile communications.
“There’s always risks involved in having a mobile strategy where you’re not connected directly to the network,” he said.
The Pentagon’s mobile device strategy released in June outlines DOD’s plan to maximize the potential uses of mobile devices. The plan covers three key areas: wireless infrastructure, mobile devices and mobile applications. According to the CIO website, the goal is to keep these areas flexible and secure enough to benefit the warfighter and keep pace with changing technology.
Wheeler said the CIO’s mobile implementation plan will be released by mid-October. The plan will consolidate the results of about 21 pilot programs to create a mobile device plan to apply across the enterprise. This will provide the ability to “think and acquire data [from] different directions — voice, video and data,” he said, and is another step toward unified requirements for use of all parts of the DOD network.
“So, instead of having multiple different kinds of ways … of connecting to the network,” the general said, “we’re going to have an enterprise-type model that actually buys down the risk” and that ultimately will give DOD a better understanding of problems and the ability to make decisions at a faster pace.
The mobility implementation plan is a way for DOD to take advantage of where the rest of the world is going with mobile communications, Wheeler said.
“So, for example, if we do this in an enterprise-type model,” he added, “we can go cheaper, we can buy down the risks, … [and] we can jump the productivity curve.”
The ability to make decisions while on the move versus deciding and then moving is a big change from a DOD perspective, Wheeler said. That process is being adopted more frequently in small pockets around the DOD, he added, “but now this would be an enterprisewide approach to doing business in a particular way, and it allows everyone to do this while on the move.”
DOD has several objectives as the CIO shapes mobility strategy, Wheeler said. Saving money and increasing security are important, he said, but the key objective is less quantifiable.
Young people understand the power of apps and how to use them, he said, but for “digital immigrants” like him, it’s a bit more difficult to adapt. But doing so could change the way DOD operates, allowing the department to move faster, make decisions faster, stay ahead of adversaries, and make better business decisions.
“I think this is the key piece to it,” Wheeler said. “So we save money [and] we increase the security, but the big power down there is jumping the productivity curve so we can do many more things faster and actually provide more time for our people to think — to do those things that they need to get done and to make those right decisions.”
But, he noted, if the cybersecurity thread is lost at any point, DOD also will lose productivity and the cost becomes an irrelevant issue, because security breaches have the potential to be devastating on a national level. So, Wheeler said, DOD has established three categories of devices that will move through the approval process.
The first category includes devices that never need to connect to a DOD network, he said. An example of those types of device might include tablets to replace the knee boards used by pilots to hold their paper checklists and charts. Pilots could download updated information through a commercial Internet connection set up specifically for that purpose.
The second category would cover mobile devices that connect to the unclassified network, including commercially available devices such as the iPhone or Android devices. “That’s a group of devices that will be approved, and in fact, that’s going through the process right now,” Wheeler said.
The third category is for devices that connect to the classified network. Some of those devices will meet the security requirements to allow them to connect directly to a classified network, he said, while others will encode classified information in such a way that it can travel on commercial networks.
For average users, this means that the capabilities of today’s mobile devices will be available to them while at work on either classified or unclassified networks, Wheeler said. That capability includes the ability for all approved devices to download required apps from a DOD app store.
Regardless of the type of device, a faster approval process is a key part of the implementation plan, Wheeler said.
“Historically, DOD has been slow to approve electronic devices. … If you see how the market works, in 12 to 18 months that device is no longer even available, so we have to be able to approve it.”
To make sure devices can be approved quickly, he said, the CIO took a two-pronged approach: They provided mobile device makers with DOD’s security requirements, and they incorporated a mandatory timeline into the approval process. Wheeler cited the specific example of the planned DOD app store.
“We’re requiring that if somebody needs an app for their specific mission, they provide it and [we respond] within 90 days,” he said. The applicant receives an approval or a denial, or is told that certain changes are required to the app before it can be approved.
One of the main reasons for adopting the timeline was security, the general said. “As new technology comes out we need to take advantage of that new technology and move with that new technology to keep our stuff more secure,” he explained. “So, waiting two, three, four years to approve something is something that would actually hurt our ability to do the mobility implementation plan.”
Eventually, the CIO would like to reach the point at which mobile devices are approved for use on the network before they’re even released, he said. That way, he added, devices that meet the security requirements could be put into use as soon as they’re available.
“At the end of the day,” Wheeler said, it becomes an issue of the individual user understanding the rules [and] following those rules — not trying to push the envelope and saying, ‘Well, I want this specific app’ is a prime example of that — one that doesn’t come off the approved list of apps and trying to put that on their phone.”
It’s incumbent upon everyone to make sure that they’re watching how they operate, Wheeler said, both from a cybersecurity perspective and from an operational security perspective. And that’s something that isn’t just about mobile strategy, he added, but about how DOD does business as a whole.