By Claudette Roulo
American Forces Press Service
WASHINGTON, Oct. 2, 2012 – Mobile
devices are becoming the way we communicate, and the Defense Department views
that change as an opportunity, the department’s deputy chief information
officer for command, control, communications and computers and information
infrastructure said Sept. 28.
Air Force Maj. Gen. Robert E. Wheeler
told American Forces Press Service and the Pentagon Channel that National Cyber
Security Awareness Month is a good time to consider what is involved in
adopting mobile communications.
"There's always risks involved in
having a mobile strategy where you're not connected directly to the
network," he said.
The Pentagon’s mobile device strategy
released in June outlines DOD’s plan to maximize the potential uses of mobile
devices. The plan covers three key areas: wireless infrastructure, mobile
devices and mobile applications. According to the CIO website, the goal is to
keep these areas flexible and secure enough to benefit the warfighter and keep
pace with changing technology.
Wheeler said the CIO’s mobile
implementation plan will be released by mid-October. The plan will consolidate
the results of about 21 pilot programs to create a mobile device plan to apply
across the enterprise. This will provide the ability to "think and acquire
data [from] different directions -- voice, video and data," he said, and
is another step toward unified requirements for use of all parts of the DOD
network.
"So, instead of having multiple
different kinds of ways … of connecting to the network,” the general said,
“we're going to have an enterprise-type model that actually buys down the
risk" and that ultimately will give DOD a better understanding of problems
and the ability to make decisions at a faster pace.
The mobility implementation plan is a
way for DOD to take advantage of where the rest of the world is going with
mobile communications, Wheeler said.
“So, for example, if we do this in an
enterprise-type model,” he added, “we can go cheaper, we can buy down the
risks, … [and] we can jump the productivity curve."
The ability to make decisions while on
the move versus deciding and then moving is a big change from a DOD
perspective, Wheeler said. That process is being adopted more frequently in
small pockets around the DOD, he added, “but now this would be an enterprisewide
approach to doing business in a particular way, and it allows everyone to do
this while on the move."
DOD has several objectives as the CIO
shapes mobility strategy, Wheeler said. Saving money and increasing security
are important, he said, but the key objective is less quantifiable.
Young people understand the power of
apps and how to use them, he said, but for "digital immigrants" like
him, it's a bit more difficult to adapt. But doing so could change the way DOD
operates, allowing the department to move faster, make decisions faster, stay
ahead of adversaries, and make better business decisions.
"I think this is the key piece to
it,” Wheeler said. “So we save money [and] we increase the security, but the
big power down there is jumping the productivity curve so we can do many more
things faster and actually provide more time for our people to think -- to do
those things that they need to get done and to make those right
decisions."
But, he noted, if the cybersecurity
thread is lost at any point, DOD also will lose productivity and the cost
becomes an irrelevant issue, because security breaches have the potential to be
devastating on a national level. So, Wheeler said, DOD has established three
categories of devices that will move through the approval process.
The first category includes devices that
never need to connect to a DOD network, he said. An example of those types of
device might include tablets to replace the knee boards used by pilots to hold
their paper checklists and charts. Pilots could download updated information
through a commercial Internet connection set up specifically for that purpose.
The second category would cover mobile
devices that connect to the unclassified network, including commercially
available devices such as the iPhone or Android devices. “That's a group of
devices that will be approved, and in fact, that's going through the process
right now,” Wheeler said.
The third category is for devices that
connect to the classified network. Some of those devices will meet the security
requirements to allow them to connect directly to a classified network, he
said, while others will encode classified information in such a way that it can
travel on commercial networks.
For average users, this means that the
capabilities of today’s mobile devices will be available to them while at work
on either classified or unclassified networks, Wheeler said. That capability
includes the ability for all approved devices to download required apps from a
DOD app store.
Regardless of the type of device, a
faster approval process is a key part of the implementation plan, Wheeler said.
"Historically, DOD has been slow to
approve electronic devices. … If you see how the market works, in 12 to 18
months that device is no longer even available, so we have to be able to
approve it."
To make sure devices can be approved
quickly, he said, the CIO took a two-pronged approach: They provided mobile
device makers with DOD's security requirements, and they incorporated a
mandatory timeline into the approval process. Wheeler cited the specific
example of the planned DOD app store.
"We're requiring that if somebody
needs an app for their specific mission, they provide it and [we respond]
within 90 days," he said. The applicant receives an approval or a denial,
or is told that certain changes are required to the app before it can be
approved.
One of the main reasons for adopting the
timeline was security, the general said. "As new technology comes out we
need to take advantage of that new technology and move with that new technology
to keep our stuff more secure,” he explained. “So, waiting two, three, four
years to approve something is something that would actually hurt our ability to
do the mobility implementation plan."
Eventually, the CIO would like to reach
the point at which mobile devices are approved for use on the network before
they're even released, he said. That way, he added, devices that meet the
security requirements could be put into use as soon as they're available.
"At the end of the day,” Wheeler
said, it becomes an issue of the individual user understanding the rules [and]
following those rules -- not trying to push the envelope and saying, 'Well, I
want this specific app' is a prime example of that -- one that doesn't come off
the approved list of apps and trying to put that on their phone."
It's incumbent upon everyone to make
sure that they're watching how they operate, Wheeler said, both from a
cybersecurity perspective and from an operational security perspective. And
that's something that isn't just about mobile strategy, he added, but about how
DOD does business as a whole.
Posts
No comments:
Post a Comment