Pentagon officials have a bad case of commercial electronics envy: They see all the smartphones and tablets that civilians use and they want to put those same gadgets into the hands of their troops. The problem is they cannot acquire the hardware or software fast enough through the Defense Department’s traditional weapon buying process. Moreover they face a tough challenge of securing those personal mobile devices against would-be hackers.
Attacks on wireless devices are expected to explode this year as hacker conventions home in on mobile technology. There are more than 600 variants of attacks for mobile devices specifically, said Tom Kellermann, chief technology officer for AirPatrol Corp., a Columbia, Md.-based firm that specializes in information technology and wireless security systems.
Hackers are becoming more creative in their tactics, he said during a panel discussion at an Association for Enterprise Information conference in Alexandria, Va. He told attendees that at one of the hacker conventions in Europe, a participant set up an antenna array that functioned like a cell tower. He was able to put malware code down to take over mobile devices. At Microsoft Corp., engineers erected a similar system and demonstrated how easily they could hijack 150 phones in the building.
“We know once a blueprint of that attack is created at these conferences, people can retrofit their weapons around that capability,” he said.
Protecting handhelds is a problem that the Defense Department will have to tackle after it solves the larger challenge: putting hands on the devices in the first place.
Pentagon officials spend billions of dollars annually on defense information technology, yet troops complain that the gadgets, computers and software those investments provide are obsolete or rapidly falling behind the digital curve.
That’s because the current acquisition process follows an evolutionary “waterfall” approach, said John Gilligan, president of the Gilligan Group Inc., a Virginia-based consulting firm that specializes in government information technology. Programs that follow this step-by-step procedure in which requirements are first developed and then followed by funding and finally acquisition, typically last 91 months. The process often demands the program to become budget-centric.
Gilligan’s firm conducted a study that proposes a new model for IT acquisition. Under the proposed process, projects that previously would have lasted several years would take only 18 months. The process breaks down the main requirement into smaller projects. Each would follow a template designed to expedite development by taking advantage of commercial technology, common platforms and enterprise-wide engineering, and test and integration capabilities.
The report estimates a savings of 20 percent with this streamlined process. “This is billions of dollars,” said Gilligan. “The hope is to have early adopters starting this summer,” he added.
The traditional Pentagon acquisition process is more conducive to building tanks and bombers than building IT systems and software, officials said at the conference. The system cycles too slowly to keep up with the rapid pace of IT advancements. Developing weapon systems often takes three to five years or longer, whereas developing digital handhelds and applications needs to be accomplished in “flash-bang time,” in a matter of 90 days from concept to fielding, said Michael J. Jones, chief of emerging technologies in the Army chief information officer’s cyber division.
That timing makes sense in the commercial technology world in which hardware becomes obsolete in four years and software becomes obsolete every 18 months, officials said.
Congress has acknowledged the problem. As part of the 2010 National Defense Authorization Act, lawmakers enacted a mandate for the Pentagon to speed up the IT system acquisition process.
“Everybody is screaming for this reform, and it is cultural in nature,” said Jones. “It’s a necessity and we have to make it happen.”
Not willing to wait for any new acquisition process to become formalized, the Army began an effort to deploy to senior leaders tablets called PlayBook, made by RIM, the same company that manufacturers the BlackBerry. Because the device relies upon the same management infrastructure as the BlackBerry, Army officials thought they could integrate it faster into the service and perhaps jumpstart a concerted push into acquiring other handheld systems.
“The use of Playbook was a bridging strategy,” said Jones. It was a better option than having people go out and buy tablets that the Defense Department had no control over, he said. “It ties to the BlackBerry infrastructure, which we’re very familiar with, and we know how to control and manage it,” he said.
Playbook can access the Internet via Wi-Fi, but built into it is a partition for an application that bridges back to the secure BlackBerry.
“You have a dual environment,” said Jones. On one hand, soldiers would have unfettered access to Internet, just as they do at home. But when they wanted to conduct official business, such as email, the application would draw the information through their secure BlackBerries, he explained.
“That made it the logical choice to go after and evaluate first. But we’re not going to stop there, obviously. We’re going to look at trying to get the other platforms and operating systems certified to where we can provide those as a resource but make sure we can do it in a safe and secured manner,” said Jones.