WASHINGTON, March 24, 2015 – Defense Department Chief Information Officer Terry Halvorsen held a media roundtable recently to discuss progress on elements of his department’s transition to an information environment that’s faster, safer and less expensive for the DoD.
The Joint Information Environment is a framework for the transition. Its newest elements include a joint regional security stack, or JRSS, and a mobility program for smartphones that DoD personnel can use for unclassified and classified work.
Halvorsen’s team is working on all the elements, but his priority is the JRSS, which he has called the first step in getting the department to the JIE.
“What JRSS will do when we have it right is enable a central view of all of the data that is more commonly shared by all the levels where we want to share it, which is a lot,” Halvorsen said.
Joint Regional Security Stack
The JRSS itself is a series of 19-inch racks in cabinets, with network applications and appliances in the racks, JRSS lead Dave Cotton said.
The JRSS technology enables “a consolidated view of the network activity and potential anomalies,” he added.
This will give defense or military command centers, “where they're worrying about networks and operations, a sense of the cyberspace piece and [the ability] to plan their operations appropriately around what's taking place,” Cotton explained.
The JRSS will offer a better picture for taking immediate action and a better picture for examining analytics, he said, to get “better future planning than we have today.”
DoD Smartphone Mobility
On the department’s mobility program for smartphones, Halvorsen said progress is being made on dual-persona unclassified Blackberry smartphones, which are now in use, and a modified commercial Android phone that DoD personnel can use to do Secret-level security work.
“I have ongoing mobility pilots and … I've got to be able to protect different levels of data,” Halvorsen told the reporters. “I need all data to be somewhat mobile and today I've got pretty good answers [about] how I can make unclassified data mobile.”
He added, “I have some pretty good answers about how to make secret data mobile, and above that I'm still working.”
The CIO said the mobility pilot programs are going very well.
Fielding Classified Devices
“We've got some new classified devices coming out and I am very happy with where they are,” Halvorsen said. “I am a little anxious about how many of them we can field on what timeline, and we’re having some very good discussions with DISA about that.”
He added, “It's a little more complicated than on the unclassified side because of the way we have to write the contract restrictions, the extra security pieces.”
On the unclassified side, he said, the department has begun fielding the dual-persona phones, which DoD personnel can use for official business and also for personal e-mail and some applications.
The phones “are in distribution today. The biggest problem I have with that is just getting the numbers up,” said Halvorsen, adding that personnel who get the phones first are “the high-demand users from a mission perspective, at all levels.”
Ramping Up the Numbers
To date, Halvorsen said, the department has distributed about 1,500 of the unclassified phones, including those that were in the pilot. “That is now going fully operational and those numbers will start ramping up fairly rapidly,” the CIO added.
For smartphone vendors on the dual-persona unclassified side, Halvorsen said the challenge is not so much keeping the wrong data off the phones but keeping the right protection levels on the phones.
“We have required the vendors to meet a set of technical requirements that provide me a level of comfort that they can protect the data and I can operate that way,” the CIO said.
“I’ve got to be very careful,” he added. “I don't require that the vendors do anything with their own devices. I require them to meet a standard requirement.”
Bring Your Own Device
This summer the CIO said he will put out a new pilot called B-Y-O-D: bring your own device.
“I'm probably going to do most of [the pilot] with the DoD headquarters staff because I think that represents a big enough user base that it will be a controllable test,” Halvorsen said.
The challenges of such a program are many, and the CIO said they include how he ensures each smartphone meets minimum security levels, “which is the first question I've got to get answered.”
If the smartphone meets those requirements, Halvorsen said, “then let them go use it.”
In that case, he added, “How do I track the security measures around that? The hardest thing on all of this is how do I assure myself that when they're [using their own devices] that I'm being secure?”
Tracking Security Measures
The CIO added, “I'm not going to lie to you — that is the parameter. How to measure [security] in meaningful ways is the one that's driving me a little crazy.”
Lots of big enterprises are rescinding their bring-your-own-device programs, he said, adding that isn’t the right answer everywhere.
“What I suspect will happen in DoD is, because of our size and all the businesses we're in, there will be places where bring-your-own-device is going to work and a whole lot of places where it doesn't,” Halvorsen said.
Halvorsen said he’s working to set up an open mobility day during which people from the department, industry and elsewhere can ask questions and get information directly from him and his team.
Special Report: The Cyber Domain - http://www.defense.gov/home/features/2013/0713_cyberdomain/