The Defense Department has transitioned one of its key mobility pilot projects for unclassified use to full deployment, has started deploying new devices for secret-level data and plans to begin a “bring your own device,” or BYOD, pilot project this summer, according to the department’s chief information officer.
To date, the department has deployed approximately 1,500 unclassified mobile phones for use by “the highest demand users” to DOD’s headquarters personnel and plans to ramp up that deployment rapidly this year, CIO Terry Halvorsen told reporters Wednesday.
FedScoop has also learned that the Navy is planning a major rollout this year of up to 30,000 new mobile devices, including iPhones and Samsung phones. The service is currently running a small pilot project of 200 phones.
“We’re looking at a smart phone that will enable you to use your personal email plus government email,” said Lynda Pierce, the Navy’s acting principal deputy chief information officer.
“We’ve got what I would call dual-persona phones … where I can do my official business and where I can get my personal email on that phone,” Halvorsen said. “As an example, you could do Pandora on that phone,” he said, referring to the popular music app. “It just makes an integrated life-work balance for people. The biggest problem I have is just getting the numbers up.”
But the rollout of the new classified mobile phones also faces some challenges. “I’m a little anxious about how many of them we can field and on what timeline,” Halvorsen said, pointing to the additional security precautions that must be written into the contracts.
Halvorsen acknowledged that the department’s experience with dual-use mobile devices has highlighted the need for the department to do a better job at establishing requirements. Just as the acquisition process must be improved, the requirements generation and communication process with industry could be also be improved, Halvorsen said.
One way to do that, said Halvorsen, is “to define our requirements as outcomes and define the sub-requirements as … the protections I require if it’s a security issue … and then let industry come back to us with different approaches.”
Halvorsen would not go into details when asked by FedScoop if the department was requiring mobile device manufacturers to deliver custom configurations — an idea floated last year by Halvorsen’s predecessor, Teri Takai. The challenge facing the department for the past year has been figuring out how to streamline the certification process for not only the device and the operating system, but also for what apps are preloaded on the phone and how they are secured.
“We have required the vendors to meet a set of technical requirements that provide me a level of comfort that they can protect that data and I can operate in that way. I don’t require that the vendors do anything with their own devices. I require that they meet a standard,” he said.
Halvorsen also acknowledged that although the dual-use phones will only be allowed for unclassified applications and data, the department needs the capability to protect different levels of data. “Today I’ve got pretty good answers in how I can make unclassified data mobile. I’ve got pretty good answers for how to make secret data mobile. And above that, I’m still working,” he said.
“We absolutely have to work this problem,” said Patrick Dowd, chief technical officer at the National Security Agency, in an exclusive interview with FedScoop. “We’ve held off mobile devices for so long and now people are realizing you can’t hold it off much longer. We’re doing the exact same thing with mobile pilots. The problem is it’s not going to be you flip a switch and we get to perfect.”
One of the options NSA is considering stems from a pilot program involving Samsung devices that use data stored in the cloud. “I had a Samsung Android platform that was wiped and basically everything was run in our data center,” Dowd said. “So it was basically a thin client handset and the performance was quite good too. We’re making progress.”