The Defense Department in 2005 took up development of a smartphone that could access both classified and unclassified networks anywhere in the world.
The resultant Sectera Edge, made by General Dynamics, would have revolutionized the way military personnel — down to individual troops — access and share information.
Instead, Pentagon officials got a lesson in what happens when their sluggish acquisition practices go up against the commercial market’s swift innovation.
“It would have been a phenomenal device had the iPhone not been introduced before it,” said Debora Plunkett, information assurance director at the National Security Agency. “It had been overtaken by technology by the time it was actually delivered. The government can no longer develop and build products in time to make a difference.”
Plunkett is among other officials who are seeking to make the Defense Department’s workforce more mobile.
The Sectera, which took five years and millions of dollars to develop, has become an oft-mentioned example of the commercial market’s consistent ability to outpace government research-and-development programs. At more than $3,000 a copy, the outsized Blackberry-like device with a physical keyboard and external antenna was overshadowed by Apple’s sleek, $300 iPhone and other increasingly capable and less expensive commercial devices it inspired.
By 2012, half of all U.S. mobile consumers owned smartphones, with that figure projected to grow to 70 percent by 2013, according to a recent Nielsen survey. The trend toward mobile computing and a reliance on real-time data has been no less dramatic within the military, said Robert Carey, the Defense Department’s principal deputy chief information officer.
“The only thing not influenced by information are dumb bullets coming out of handguns and rifles,” he said at a July 20 Armed Forces Communications and Electronics Association symposium on mobile devices in Washington, D.C. “You’re seeing a growing trend … of us not being chained to our desks. I don’t care where our people are, I care that they’re doing work.”
For that to be a reality within the Defense Department, “the dismounted soldier or Marine in Afghanistan has to have the same kinds of connectivity” as someone working stateside, Carey said.
The explosion of commercial mobile devices occurred so quickly in fact that the Defense Department and other national security agencies are scrambling to adjust network infrastructure and security policies to handle their sudden ubiquity.
The proliferation of smart devices caused “cataclysmic confusion” within the Defense Department, with a legion of personnel carrying mobile computers abutting outdated policies that disallow their use inside some military facilities, said Air Force Lt. Gen. Ronnie Hawkins, commander of the Defense Information Systems Agency.
Most Defense Department higher-ups are what Hawkins termed “digital immigrants” — they grew up without smart devices and have had to adapt to the digital age as it progresses. But 70 percent of current military personnel were in middle school on 9/11, making them “digital natives,” said Hawkins.
“They are asking, they are demanding that we bring this type of capability to them so that they can exploit it and use it in their jobs day-in and day-out,” Hawkins said. “We have got to make sure we can provide this type of technology to the war fighter.”
At the AFCEA conference, John Hickey, DISA’s mobility program manager, asked the 400 or so attendees to raise their hands if they were carrying a laptop. A few arms went up. When he asked who had brought smartphones, nearly every person in the room reached for the sky.
Many of those present were digital immigrants who have increasingly taken to mobile devices for business and personal communication. Hawkins said he has challenged senior DISA officials to begin immersing themselves in mobile devices, to use them as much as possible on and off the clock.
“We initially simply restricted the use of mobile devices to outside the building and you could not use them inside,” Hawkins said. “We have since changed that policy and are working toward making sure that we can get those devices not only inside the building, but into our workspaces all the time.”
To speed the process of transitioning to a mobile working environment, DISA officials are hoping to create a cloud-based application store by fiscal year 2014. Prior to that deadline, they will be loading some specially designed apps directly onto Defense Department employees’ personal smartphones for use at work, though none will be able to access classified networks.
“Putting secure applications on smart devices right now — we have done that, riding on the wireless environment that we have right now,” Hawkins said. “Starting with a small group, we will build fast and build big as we go along.”
By October, there will likely be 300 or more devices with pre-loaded applications and access to Defense Department enterprise email. Hawkins plans to have a secure, hardened smartphone in the hands of 1,500 Pentagon employees by the end of 2013.
Plunkett said the acquisition of commercially available hardware with “baked-in” security features will be critical to achieving a mobile computing environment.
“It has to be secure for [troops] whether they are in a disconnected environment or whether they are in a fixed environment, whether they are home or in their office,” she said. “The device and information on that device needs to be secure. We need to do that on the front end, versus bringing your device and then wrapping the security around it.”
The plan is to use commercial technology for both the hardware and the software, so that Defense Department systems and devices can be upgraded at the same pace as commercial products. Those devices could be smartphones that are on the market currently, though new designs are preferred to allow for built-in security. An existing cell phone retrofitted with security measures will likely never be allowed to access classified networks, Plunkett said.
Though allowing Defense Department employees to outfit their personal phones with work-related applications is safe — even desirable — in the short term, Hawkins and Carey agreed that “bring-your-own-device” or BYOD, would not be an option for access to classified domains.
“BYOD brings with it a lot of different issues that we’ve got to still work,” Hawkins said. “I look at it from the perspective of security. For instance, how do we clean up a classified spillage when you’ve been working on your personal device?”
Army Col. Clint Bigger, commander of the White House Communications Agency, wants to arrive at a single end-user device that can provide voice, video and data communications over both classified and unclassified networks.
“We know that that’s a long time coming,” he said. His agency is willing to settle for two devices — one for classified, one for unclassified access — until a single device could be fitted with adequate security features, Bigger added. But neither would be achievable if the Defense Department did not put technological development in the hands of commercial smartphone manufacturers, he said.
“If we are so hardened in our acquisition approaches and are sticking to that traditional defense acquisition system model for development … that doesn’t keep pace with technology and it certainly doesn’t keep pace with our users’ demand,” Bigger said. “We have to depend more on [commercial-off-the-shelf] — not only for devices, but also for security solutions and how we protect the information that we pass.”
The National Security Agency is taking the lead on a pilot program using the commercially available Droid Pro to access classified networks. A small group of NSA employees have been issued the phones that at present can only communicate by voice and data and only with each other. Because placing sensitive information on devices and in remote data centers creates vulnerabilities, the NSA is concerned about the potential for a network intrusion.
“We very much endorse having a mobile workforce,” said Plunkett. “We need to be able to use [mobile devices] and move around with them in some way that allows us real-time access to data and the network, but we’re not there yet.”
That sentiment is a 180-degree turn from 2009, when NSA and the Secret Service balked at allowing President Obama to carry his personal Blackberry because of cybersecurity concerns. He was eventually allowed to keep the device for personal use and now the administration routinely issues hardened iPad tablets and smartphones of various types.
The most pressing security issue — then and now — is how to protect sensitive information. Accessing data stored in a cloud could allow devices to hook into the network, then be automatically disconnected if they become compromised, said Plunkett. An upgrade to national security computing systems will be necessary for that vision to become reality.
A first step — while industry develops the physical devices that meet Pentagon security requirements — is to build an infrastructure that allows universal access to data and apps and that “mobile devices and the capabilities they provide can ride on,” Hawkins said.
The next major step is to revise Defense Department policy to allow a mobile computing environment to flourish — something that is currently stifled by security strictures.
“We have policies that have been developed during an analog timeframe,” Hawkins said. “We also have many policies that have been developed during the digital timeframe, but they’re still focused in on ratcheting down and tightening down security such that we’re not able to put those devices in the hands of our war fighters.”
Forging more permissive policies could prove difficult, given the number of ongoing efforts to study the benefits and drawbacks of using mobile technology.
Within the Air Force alone, there are 25 pilot programs studying the use and integration of mobile devices. The Army and Navy each have programs in the double digits, as well. Other national security agencies have implemented their own programs. Under DISA and NSA, these various cats are being herded to where they can share data and work together, Hawkins said.
There are other issues about whom should be issued what device at what echelon, especially at the tactical level, said Capt. Josh Dixon, systems engineer and project officer of technology transition for Marine Corps Systems Command.
“In some cases, it’s a philosophy issue,” Dixon said. “Some services don’t want to [extend mobile connectivity] down to the individual level and just want unit-level reporting. Other services want to know where every single person is.”