New Mobile Device Policy Gives Options to Pentagon, Opportunities for Industry

The Defense Information Systems Agency recently approved implementation guidelines for a variety of smartphones and tablets, which will greatly expand the types of devices Defense Department employees can carry with them.
The Defense Department has long been wary of adopting new mobile platforms that could introduce vulnerabilities into its networks. Only government-issued devices are approved so far. However, the move portends a day when personnel can use their private devices for work purposes, experts said. 
DISA released guidelines for iPhones and iPads with Apple’s iOS6 operating system, BlackBerry 10 smartphones and Playbook tablets, and Samsung Galaxy platforms that carry the Knox security suite and run on the Android operating system. 
 
Industry executives believe the move is a step toward a bring-your-own-device (BYOD) policy that will one day allow employees to access department networks from their personal cell phones and tablets.
 
That these new platforms have been given the green light does not necessarily mean the Pentagon will begin buying up new smartphones or tablets. “Actual orders will be tied to identification of specific operational requirements and funding availability of using organizations,” a DISA news release said. 
 
However, greater mobility could enable telework and help employees be more productive, said Mark Neustadt, director of Department of Defense sales for Citrix, a Fort Lauderdale, Fla.–based software company that focuses on mobile and cloud computing. It also presents an opportunity for industry to design specialized applications and software for Pentagon use, he said.
 
“There will be new technologies and new companies that will emerge out of this. … I think it bodes well for business and gives creative people and thought leaders an opportunity to create products and solutions that help the mission and improve efficiencies in the DoD,” Neustadt said. Developers will now be creating more purpose-built applications for military, he predicted.   
 
BlackBerry has long been the government’s manufacturer of choice for commercially available mobile platforms, accounting for about 470,000 of the Defense Department’s 600,000 devices. Apple and Android products are used far less frequently, with 41,000 and 8,700 devices respectively, according to information from DISA. 
 
The agency has been clear that it wants to build a “multi-vendor environment,” and the Samsung Knox and iOS6 approvals could indicate fewer sales of BlackBerry 10 devices on the horizon. However, BlackBerry officials said they see the firm's long relationship with the Defense Department as an advantage.
 
BlackBerry works with the Pentagon during the development of its products in order to ensure they meet department specifications and the needs of government workers, said Michael K. Brown, BlackBerry’s vice president of security product management and research.
 
“BlackBerry is the only solution that provides all of the pieces — out of the box — to meet the needs of DoD. … Any other approval I've seen requires third-party software in addition to" the device, Brown said. Other devices end up “being more of a patchwork of solutions" that are more complex for system administrators to manage, he added.
 
Brown also pointed to features such as BlackBerry Balance, which stores personal and work-related data on different parts of the device and integrates that information within the user interface. For instance, a user’s calendar could show a child’s soccer game and a meeting at the Pentagon on the same screen, but information related to work would be more strongly encrypted in a different part of the phone. 
 
Neustadt called the approval a “stepping stone” to BYOD that indicates a broader effort by DISA to quickly test and clear new devices. Apple and Samsung have gained a new customer base at the Defense Department, but all three manufacturers soon could face competition from other companies who want a piece of the pie, he added.
 
There will be market opportunities not only for manufacturers of mobile devices, but also for companies that specialize in network security, said Tony Busseri, chief executive officer of Route1. The Toronto-based company is in talks with the Defense Department about its MobiKEY software, which allows users to access work-related data from their iPhones or iPads but keeps it behind the firewalls of secure government networks.
 
Most security breaches are not the result of cyber-attacks by foreign nations, but are triggered by employees who lose or misuse their devices, Busseri said. Any policy for the Pentagon’s mobile devices needs to be backed with security technology.
 
"If we're allowing additional devices to be approved, we have to make sure that we're not [just] telling people, 'This is the way you will use them, and this is the binder to tell you that,' because the risk with that, again, is of human error — not necessarily being malicious, but just being forgetful or making a mistake,” Busseri said.
 
DISA is set to award a contract this summer for a new mobile device management system. According to the solicitation, the chosen vendor would enforce policy, monitor mobile devices and ensure that malware doesn’t make it onto military networks. It will also manage an application store exclusive to the Defense Department.
Photo Credit: Thinkstock

Topics: Cybersecurity, Defense Department, Civilian Workforce, DOD Policy, Infotech