Classified mobile capabilities, assured identity, and secure access to data from anywhere at any time ensure information dominance for the department.
Agency representatives shared how these capabilities provide the roadmap to mobility Aug. 20 during a panel moderated by DISA’s Assistant to the Director, Army Maj. Gen. Garrett Yee at TechNet Augusta 2019.
Defense Mobility Classified Capability-Secret (DMCC-S) plans to release the next generation classified-secret tablet and phone within the next 12 months.
“We know that our classified users want native email,” said Neil Mazuranic, chief, Mobile Capabilities Development describing the needs cited by mission partners. “They want to use native applications on the device, so they can actually do things. And they want to have secured data at rest on the device, so they can actually save the files and do real world work — not just view work and make phone calls … so the future of mobility is exactly that.”
The new tablet and phone incorporates this feedback with the inclusion of native email, mobile applications, and data at rest on the device.
“When Soldiers deploy downrange, much of their work — even when it’s unclassified — is processed and stored in a classified environment, so as to protect operations and soldiers’ lives,” said Mazuranic. “At DISA we understand this, and in recent years, the Mobility Program has made great strides in bringing classified data to mobile devices.”
With roughly 110,000 users, the Army represents the largest customer base of DISA’s 150,000 users of Defense Mobility Unclassified Capability devices. As early adopters, the Army helped to shape requirements while continuing to play a key role in maturing the capability.
“On the secret side today, we’ve got a device that is unclassified when it is powered off and classified at the secret level once you turn it on,” said Mazuranic. “This provides you with OWA [Outlook Web Access] to your email, and it also gives you secure voice to anything connected to the DRSN [Defense Red Switch Network].”
“Right now we talk about mobility devices as cell phones ... at DISA, we don’t see it that way,” said Army Maj. Nikolaus Ziegler, innovation officer, DISA Emerging Technologies Directorate. “We see mobility as a compute capability that allows you to be attested to in CONUS [continental U.S.], OCONUS [outside the continental U.S.], tactical, or any type of environment where your identity can be leveraged to validate the state of you or the state of the endpoint.”
Using biometric information already collected by commercial mobile devices, such as how a user walks, their iris, their face, and their voice, the capability establishes a trust score, which indicates a confidence level of an individual’s identity.
“A low trust score allows me to log into my device. A medium trust score allows me to log into an email or DoD environment. And a high trust score allows me to encrypt, decrypt, and access a higher level of information,” Ziegler said.
Contextual elements, such as a user’s Wi-Fi network, Bluetooth accessories, and patterns of life — like how a person wakes up, routes to work, and the things a person does — contribute to the decay rate of the trust score, or the length of time it is valid. The capability continually assesses this contextual and biometric information to adjust the user’s trust score accordingly.
Ziegler highlighted this concept of continuous multifactor authentication enhances the department’s security standard — Common Access Card (CAC) and pin — because CAC and pin is a hardware-based, two-factor, point-in-time capability.
He also described the privacy considerations inherent in the capability. Continuous multifactor authentication uses the trust score to access the user’s derived CAC credentials on the mobile device. The user’s CAC credentials then provide authenticated access into the DOD environment. This digital handshake ensures personal identifiable information (PII) does not leave the endpoint.
“This is not us sending your PII across an internet connection, where there can be a man in the middle taking it from you. It is all done at the endpoint, so the user controls their identity,” Ziegler said.
Three years into the program, assured identity is leveraging technology that is mature today, Ziegler said.
“This isn’t the land of the unicorn,” he said. “We’ve actually done this with a large chipset manufacturer, and we have an OEM (original equipment manufacturer) that has stepped up and has integrated it into their service offering.”
Secure Continuous Access to Data — milDrive
“A mobile force demands access to data, and milDrive gives you that capability,” said Carissa Landymore, program manager, Cloud Storage.
MilDrive establishes a 20 gigabyte or 1 terabyte storage space in the cloud for an individual or a team. Data is secured in transit and at rest, and a licensed user can collaborate with other licensed users or with unlicensed users through sharing links and access codes.
There are only two requirements to use the service: Non-classified Internet Protocol Router Network (NIPRNet) access and DOD credentials.
“As long as you have those, you can collaborate no matter where you are around the world,” Landymore said. “You can access your data through the desktop, through the web, or through your mobile device. A web client is available on the mobile device today, and we are currently testing a mobile app that will be rolled out in the first quarter of fiscal year 2020.”
MilDrive also provides a backup capability that allows users to take a local drive and sync it to DISA’s private cloud. When changing computers or organizations, the user can restore a backup from the web client. Users can also work on documents offline, and when the user regains access, milDrive will sync all the files automatically.
“We want to make sure that whether you are working at your desktop or out in the field, you can access your data, regardless of where you are. MilDrive gives you that continuous reliable access,” Landymore said.
For milDrive pricing, contact the DISA Mission Partner Engagement Office. For additional information, contact the program management office at 301-225-8401.