News From the DON Mobility Program
By Mike Hernon - Published, August 19, 2011
This is a very active year in the area of enterprise mobility. In the commercial marketplace, dozens of new devices, the vast majority of which are tablets, were released, or announced for imminent release, as manufacturers race to meet growing consumer demand for greater mobile performance and functionality.
The Department of Defense mobile user community is no exception and expresses great interest in deploying tablets and smart phones more broadly to support the DoD mission from the executive suite — to the tactical arena. Within the Department of the Navy there are numerous requests for these devices to support senior executives, hangar deck operations, tactical deployments, and more.
This article provides a number of updates on DoD and DON developments for enhancing mobility, summarize efforts, and look at potential future capabilities.
Overarching Policy Remains in Effect
Many Navy and Marine Corps personnel acquired smart phones and tablet devices to take advantage of advanced capabilities, such as enhanced document management. While the DoD and military departments are working to integrate these devices into the network to increase user efficiency, it is important that users understand that the overarching wireless policy, DoD Directive 8100.02, "Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG)," remains in effect.
Consequently, use of these devices, even for government-furnished equipment, is subject to the following security requirements: (1) device may not be connected to any DoD or DON network for any purpose until Designated Accrediting Authority (DAA) approval is published; (2) device may not auto-forward government account email to a commercial email account; (3) device passcode must be enabled, and the simple passcode option, if available, must be disabled; and (4) device may not be brought into any area where classified information is stored or discussed without prior approval.
The demand to use mobile devices in areas where classified information resides or is processed remains strong. The National Security Agency (NSA) is drafting new guidance on this restriction; however, given the known vulnerabilities and potential exploitation paths, a blanket approval is not expected. Users, who have a requirement to use wireless devices in areas where classified material is processed, should continue to work with their command's information assurance manager to pursue approval for a local policy.
DoD Commercial Mobile Devices Working Group
In acknowledgement of other efforts underway, the DoD Chief Information Officer chartered a working group to explore whether to allow certain commercial off-the-shelf wireless devices on the network. The working group will facilitate introducing new devices and capabilities through information sharing across the DoD community. The working group will leverage certification and accreditation artifacts produced by any DAA, conduct pilots, and speak to industry representatives with a combined DoD voice. Membership includes the DoD and service CIOs, DAAs and wireless subject matter experts.
Secure Mobile Environment – Portable Electronic Device (SME-PED)
The SME-PED is nearing its end of life for technical and programmatic reasons. Technically, the circuit-switched data service that supports the secure voice capability of the SMEPED is being phased out by all cellular providers. Circuitswitched data is a legacy, slow speed data service that has little commercial value as providers continue to move to fourthgeneration data networks. Unfortunately, a SME-PED cannot use 4G data networks to support secure voice. However, unclassified data and voice service, as well as connection to the SIPRNET, will continue to work.
Programmatically, the NSA, which led the development of the SME-PED, decided not to pursue further development on this device. While a Voice over Internet Protocol (VoIP) solution was envisioned to replace circuit-switched data secure voice, NSA decided the time and expense that would be incurred would not be cost efficient given the relatively small number of users it would serve. It is expected that much of the SMEPED capabilities will be met by the Commercial Solutions for Classified (CSfC) program.
Commercial Solutions for Classified Program
NSA launched the CSfC program to further extend COTS efforts into the classified area. NSA wants to provide classified wireless solutions in a manner that is significantly faster and cheaper than in the past. A key to this effort is implementing "good enough" security, for example, not building top secret protection into a solution that will be only used for secret communications.
As with the unclassified COTS solutions, CSfC will rely on additional software components to enhance the IA posture of COTS devices. NSA pilots are underway and broader deployment may be seen by the end of the year.
COTS Unclassified Solutions
Developing government-unique devices, such as the SMEPED,requires an enormous effort and significant resources. Given the fast-paced nature of the wireless industry, by the time a government solution is fielded it is likely to be obsolete. In recognition of this, significant work is underway to better leverage industry COTS solutions. Commercial devices still require some customizing to meet DoD information assurance requirements, such as Common Access Card support, encryption and centralized management. These requirements are being addressed by various software developers for a number of different platforms. When proven to work, a Security Technical Implementation Guide (STIG) will be released by the Defense Information Systems Agency. The STIG will provide DoD-approved, formal guidance for connecting COTS devices to Defense Department networks. STIGs are already in place for Windows Mobile and BlackBerry devices.
It is likely that devices based on Apple iOS, Android and RIM QNX operating systems will be approved for unclassified network connectivity in the coming months. Users should be aware, however, that to meet IA requirements, not all of the popular features available in the consumer model of a device will necessarily be available in the STIG-compliant version.
Apple iOS. The demand from the user community for iPhones, and even more so for the iPad, continues to be strong. The military departments are working to deliver this capability in a way that meets IA requirements. It is expected that a STIG for iOS devices will soon be adopted by DoD.
Android. There is similar demand for devices based on the Android operating system. DISA began developing a STIG for Android, and it is expected that these devices will also be approved shortly.
Research in Motion. The makers of the BlackBerry, which is ubiquitous within the DoD, also entered the tablet market with the release of the PlayBook. Because it is based on a new operating system, QNX, the PlayBook will require a more extended certification and accreditation effort than the routine release of a new BlackBerry. However, the C&A and draft STIG processes are underway and approval is expected.
The wireless work conducted throughout the DoD will not only provide improved mobility capabilities in the short term, but will also lay the groundwork for additional enhancements. Among the most exciting of these are: development of a DoD mobile apps store under investigation by DISA; allowing dualuse devices that will have both a "personal" and "government" profile that are segregated; and the potential for the government to act as a virtual mobile network operator, which would provide better IA controls across the entire communications path.
The DON CIO wireless working group remains engaged in all these efforts. To contact the group, email them at firstname.lastname@example.org.
Additional wireless information can be found on the DON CIO website: www.doncio.navy.mil/wireless.
NMCI Mobile Users Must Transition to NAVSUP Fleet Logistics Center San Diego Contracts
Users with Navy Marine Corps Intranet BlackBerrys, cellular phones or air cards must transition to the NAVSUP Fleet Logistics Center San Diego wireless contracts by Oct. 1, 2011. At that time, NMCI will phase out cellular devices and services offerings. Users who have not transitioned by Oct. 1 will have their services interrupted.
The contracts, an ordering guide and template, as well as the latest information are available on the Naval Supply Systems Command website at https://www.navsup.navy.mil/navsup/ourteam/navsupgls/prod_serv/contracting/market_mgt.
For additional information contact the FISC San Diego wireless team at email@example.com.
Mike Hernon is the former chief information officer for the city of Boston. He supports the DON CIO in telecommunications and wireless strategy and policy.