U.S. Navy Moves Toward Mobility
The service wants to mirror industry in what would be a philosophical sea change.
U.S. Navy leaders are embracing more than technology advances in mobility as they seek to bridge the divide between the military and private industry. A major philosophical change is sweeping through the sea service as leaders strive to follow industry’s lead, adopting not only technology but also business acumen.
“Here’s the bumper sticker: access to information anytime, anyplace, from any device,” says Dan DelGrosso, the technical director in the Navy’s Program Executive Office Enterprise Information Systems (PEO-EIS).
“Inside the Department of the Navy—and it probably goes the same for the [Defense Department] at large—we’re way behind in the world of mobility,” adds DelGrosso, who leads the Navy’s Enterprise Mobility Integrated Product Team, established in January to serve as the Navy’s designated advisory and action group for enterprise mobility efforts. It focuses on four areas—policies and standards, security, infrastructure and applications—to meet the Navy’s need to rapidly investigate and enhance mobile technology capabilities. Navy leaders want to capitalize on the convenience, familiarity, ease of use and productivity that mobile devices offer users, officials say.
The team has made a modicum of progress. “We don’t have that road map yet,” DelGrosso concedes. “We’re just taking baby steps right now with smartphone technology and mobility. It’s only been within the last year that we’ve really picked up some momentum in that field. Senior leadership is engaged, and they understand the criticality of this. They understand this is where the world is going.”
Mobility and the evolution of commercial mobile devices are changing the way the Defense Department and the Navy operate because the work force no longer is tied to wired computers. The trend presents challenges, and the biggest ones are managing policy and ensuring security. As a result, the Navy has set five top priorities for the near-term future, DelGrosso says, including expanding the Navy Marine Corps Intranet (NMCI) smartphone effort; issuing tablets to recruits in boot camp; making apps developed by Manpower, Personnel, Training and Education (MPTE) accessible from personal devices; integrating an administrative app for Ready to Serve (R2S) for the reserve forces; and tackling afloat mobility concerns.
Some of the blame for stalled progress on embracing mobility in general rests with overly cautious government lawyers, policy writers and security technicians squeamish about permitting unsecured devices onto networks, says Vice Adm. Ted Branch, USN, deputy chief of naval operations for information dominance. The Defense Department’s search for the right balance between mobility and network security, for example, bred tension between “those of us trying to expand the aperture and push the envelope … and the authorities who are responsible for the security of the networks and systems,” Adm. Branch says.
Needing infallible security sets the stage for gridlock in the mobile arena, says Terry Halvorsen, the Defense Department’s chief information officer (CIO), who often promotes his “secure enough” mantra when it comes to the department’s mobile policies and practices. “You’re going to see a lot of headlines here that say ‘secure mobility.’ Blank that out,” Halvorsen has stated. “I want you to insert the words ‘secure enough mobility.’ Part of what we’ve got to understand is: What’s secure enough?”
The Navy’s mobility strategy of anytime, anyplace, from any device infers the development of a bring-your-own-device (BYOD) scheme—which will happen, Adm. Branch shares. “It’s not a question of if we’re going to do it, it’s a question of to what degree are we going to do it,” he says. “It won’t be everyone bringing their own device, and we’ll have government-furnished devices, but we have areas in our service that just lend themselves … to having a BYOD kind of construct.”
This spring, the Navy launched its eSailor pilot program, distributing tablets to recruits reporting to the Recruit Training Command (RTC) in Illinois. About 300 recruits received tablets for a beta test to determine how well the devices, preloaded with the curriculum, instructional videos and textbooks, integrate into the training environment. Navy officials want to field another 1,500 tablets next year.
“As the Navy’s only boot camp, we have an opportunity to impact every sailor going to the fleet,” Capt. Doug Pfeifle, USN, RTC’s commanding officer, said in a statement. “We are an increasingly technological Navy, and our boot camp must not only reflect but precede the needs of the Navy. As the fleet continually advances in technology, our recruits and staff must embrace this shift as well. Implementing the eSailor initiative will help recruits interface with technology from day one.”
Other mobile use cases provide lessons learned, Adm. Branch says. For example, sailors already employ Navy-issued tablets in reactor spaces on submarines and aboard aircraft carriers. “Having that information on a tablet is very beneficial and efficient for the work force in those spaces, and the ability to update those drawings and instructions and technical specifics online is much more efficient,” he says.
Roughly 94 percent of the U.S. Marine Corps’ work force is not mobile-enabled in any kind of official capability, states Ken Bible, deputy director of Command, Control, Communications and Computers (C4) and deputy CIO, U.S. Marine Corps. As such, Corps leaders want to leverage inventory Marines already use on a daily basis to bring the service up to speed. The Corps’ BYOD strategy is to enable the volunteer use of authorized personal devices. “Some of the hardest work is the BYOD user agreement and the rules of behavior that explain what the Marine Corps can and cannot do on [an individual’s] personal device and, alternatively, what the individual can or cannot do inside of that container,” Bible says. “But if we don’t provide them with a secure way of doing their work on that personal device, we’re probably asking for trouble. They’re going to use it.”
Finding the right secure-enough balance ashore is hard enough, and the challenge is only compounded when equipping sailors while at sea. “Afloat presents a whole different story with unique C4I vulnerabilities,” DelGrosso says of the Consolidated Afloat Networks and Enterprise Services (CANES) project. The tactical program updates the service’s five afloat legacy networks to improve interoperability across the fleet. CANES was installed in November 2013 aboard the guided-missile destroyer USS McCampbell. The Navy wants to put it on 180 surface ships, submarines and maritime operations centers and expects it to be fully operational by 2022. Researchers are probing two avenues to advance CANES mobility, including the possibility of upgrading to the BlackBerry Enterprise Server (BES) 12.2 that will allow iOS and Android devices to operate on the system, and letting users connect government-owned iOS and Android devices to the CANES network afloat via wireless access points, or WAPs. The latter addresses the lack of an approved security solution for connecting mobile devices wirelessly using derived credential solutions to the afloat operational networks, officials say. Currently, only Microsoft Windows-based laptops have connected wirelessly to CANES.
Overall, the mobility effort is critical for the entire Defense Department, states Maj. Gen. Robert Wheeler, USAF, deputy chief information officer for C4 and Information Infrastructure Capabilities. “This is not just about business processes here,” he shared during a mobility industry day hosted by the Defense Department and AFCEA’s Washington, D.C., Chapter in July. “This is about taking mobility all the way to the tactical edge and into the tactical edge.
The Defense Department is not going fast enough, Gen. Wheeler said. “We need to do it as fast as we can, as simple as we can … and at the right capability that can grow with our needs across the board,” he said.
Achieving a secure-enough resolution hinges, in part, on identifying dependable authentication solutions that use derived credentials—the cryptographic proof of identity information gleaned from personal identity verification (PIV) cards or the common access card (CAC) and carried in a mobile device, offers Bill Edwards, the integrated project team lead at the Navy. The Defense Information Systems Agency made some progress in developing a derived credential public key infrastructure (PKI) solution.
Navy officials seek solutions that comply with the requirement to use CAC-enabled authentication and PKI on mobile devices, but are not too cumbersome so as to deter usage, Adm. Branch says. “Everybody’s seen the CAC sled that goes with BlackBerry,” he says. “It’s clunky, you wear it around your neck, it’s not very fashionable and it’s hard to use. It was unpopular, and people didn’t use it. People would work around it. They just wouldn’t encrypt and sign their emails.
“At some point down the line, the technology is going to support having good-enough authentication … that I ought to be able to do that without a CAC,” he continues, citing examples such as biometrics or other forms of derived credentials.
The biggest challenges in delivering a derived certificate solution in the NMCI environment is reconciling the planned solution with policies that lag behind technology and making it available to a geographically dispersed Navy work force, officials say.
“It’s not about the devices per se,” DelGrosso adds. “It’s about accessing the information. What is our data strategy? How does it converge with mobility? And, oh, by the way, cloud is right around the corner for us.”