DoD’s Mobile Device Strategy Considered: Two Challenges to Adoption
The evolution of an enterprise DoD mobile computing solution is already well underway. Now the question is when will the contract dollars materialize?
Last week, the DoD Office of the Chief Information Officer (OCIO) released its mobile device strategy. Weighing in at a slight 7 pages long, this brief document was produced in compliance with the 2012 National Defense Authorization Act. It outlines the DoD CIO’s vision for mobile device usage and computing across the Defense establishment. Pieces of this vision have appeared in other places, including last year’s DoD IT Enterprise Services Roadmap and this year’s recent DISA Mission Partner Conference, but this is the first time DoD has provided a relatively unified picture of how it would like to see mobile devices deployed across the department.
The vision outlined acknowledges the ability of mobile devices to enable productivity gains and real-time decision making, in addition to freeing DoD employees from the confines of their offices. Coupled with the right applications, mobile devices can also supplement increased communication and situational awareness with mobile computing, which is probably the overriding motive behind the DoD’s mobile device strategy.
The mobile strategy document outlines three goals: 1) advancing DoD’s Information Enterprise (i.e., networks) to support mobile devices, 2) instituting policies and standards for mobile device usage, and 3) promoting the development of mobile and web-enabled applications. All three of these aspects of the strategy are worthy of discussion in their own right, but in this piece I would like to tease out two of the challenges that DoD faces in seeking to make this strategy a reality.
First, concerning changes that are required to the DoD Information Enterprise. At the center of this effort is expanding DoD wireless networks. This is a considerable undertaking that is time, labor, and resource intensive. Not only would many DoD networks currently in place require engineering to render them mobile device accessible/compatible, the DoD also requires the expansion of wireless networks into places where these do not currently exist (see the DoD Information Enterprise Strategic Plan, 2010-2012). How this can be accomplished in a fiscally constrained environment is not clearly understood. The question remains if the proper level of funding and resources can/will be allotted to the effort. One suspects it will be given the importance that the DoD has placed on mobile computing. One possibility is to take measures securing the data on DoD approved devices that will enable use of those devices on commercial networks already in existence. I believe, however, that this is a remote possibility given both the DoD’s security requirements and concerns about bandwidth availability. Also, the practical effect of following this path would be to “militarize” a commercial carrier network, which may not be a palatable option to either industry or government.
Second, concerns about the security of devices, data, and wireless networks run prominently throughout the mobile strategy document. Of course the importance of security should not be minimized, but security is not a challenge without precedent or solutions. In fact, the DoD has so many security policies and programs in place already that it is possible to determine the shape that security measures eventually will take. The adaptation of Public Key Infrastructure (PKI), Common Access Card, device encryption, and anti-virus/anti-malware measures to mobile platforms will likely all be part of the solution that is eventually adopted. After all, DoD does have experience with BlackBerry mobile devices, which have been deployed for years already.
The real challenge as far as security is concerned appears to be standardizing the Security Technical Implementation Guide (STIG) process of approving mobile devices, but even this is in the process of being overcome. The Defense Information Systems Agency (DISA) will be the DoD’s enterprise mobile service provider. DISA is also the organization that will “STIG” mobile devices for use on DoD networks. DISA is working to streamline the STIG process in an effort to put it on a FedRAMP-like “do once, use multiple times” footing.
In the new reality of DoD enterprise services, the military departments will be required to accept DISA’s seal of approval and refrain from placing their own STIG limitations on mobile devices. This will further enable applications to be developed and used on DoD-approved devices. Even now, therefore, without a formal mobile device implementation plan in place, the STIG process is being simplified across DoD and is enabling more applications to be activated on DoD approved BlackBerry devices. In short, the evolution of an enterprise DoD mobile computing solution is already well underway. Now the question is when will the contract dollars materialize?
There are no comments for this entry.
[Add Comment]