Pentagon Cybersecurity Efforts Target Mobile Devices

6/1/2011
By Grace Jean

The growing use of mobile communications devices by the U.S. military and by civilian agencies is shaping Pentagon efforts to protect information networks from cyber attacks, said a senior defense official.

One of the biggest challenges in protecting the IT infrastructure is having visibility over the thousands of computers and smartphones that soldiers use daily, said Michael J. Jones, chief of emerging technologies in the cyber division of the Office of the Army Chief Information Officer.

“You can’t defend what you can’t see,” he said June 1 at an Association for Enterprise Information conference in Alexandria, Va. “That’s why we’re spending a lot of effort and energy in getting asset visibility,” he told National Defense.
The goal is to develop an "information technology asset management system" that would give cybersecurity officers the ability to see every node in the network and to screen each one, in order to prevent intrusions, he said. “When you’re talking about one out of the 900,000 assets out there and figuring out which one poses vulnerability or which one could have a bad day, it makes it a daunting task."
The State Department has a program called iPOST, a continuous monitoring and risk reporting application for the agency’s IT infrastructure. The Army is looking to adopt that same model by leveraging current "asset visibility tools," said Jones. Cybersecurity officials can pull that information back and “score” each of the devices on the network to quantify the risks that exist in cyberspace. “This allows us to then quickly identify what the next problem device is going to be so that we can get after it and then patch it,” he said. “As we look at adding more mobile electronic devices, we’ve got to make sure we have visibility of those devices. How can we make sure we control those devices? Continuous monitoring will help us — we call it ‘see, know and do.’”
Jones expects a working system to be in place by next spring.
“I’m pretty confident that within nine months to a year on the outside, the repository that we’re looking for would be at a minimum at an initial operating capability,” he said in the interview.
While pursuing these efforts, the Army also is experimenting with commercial tablet computers for battlefield use. Among the devices being tested is the PlayBook, made by RIM, which also manufacturers the BlackBerry smartphone. “We went with that device because we already had the management infrastructure in place,” said Jones. The same servers that maintain control over Defense Department BlackBerry devices are being used in a pilot program on how to employ PlayBooks. Jones said that he plans to brief Army Chief Information Officer Lt. Gen. Susan S. Lawrence on the results of the project by December.
This is just the beginning of the mobile computing revolution in the Army, he said. “Defense Department officials have been looking at how we’ve been evaluating the PlayBook and others. We’re not alone out there — other services have efforts. But the fact that we’re the 800-pound gorilla within the Department of Defense, I think we’ll get a lot of attention,” Jones said.
Regardless of how things pan out with the PlayBook, the Army’s intent is to continue evaluating other devices. “We’re going to look at trying to get the other platforms and operating systems certified to where we can provide those as a resource,” he said. “We’re looking at having a variety of things to pick from that meet the standards. We definitely encourage the competition out there in industry to provide these type of capabilities.”
The accreditation process for such commercial technologies is often a cumbersome and expensive process. The Army is looking to shorten that time frame. “Ninety days, flash to bang, ought to be a goal for us,” he told the conference. “We’re not building tanks or weapon systems here.” Industry can help by incorporating "information assurance" components into their mobile products. Doing so will add costs that some companies may not be willing to bear — at least, not initially, he said. But with hackers and spies increasingly attacking networks through smartphones, that reluctance is likely to change as organizations outside the federal government clamor for secure mobile gadgets.

“I think gradually even private companies will be more inclined to have those extra secret ingredients to secure their devices,” said Jones.

Topics: C4ISR, Cybersecurity, Cybersecurity, Infotech

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES