Accreditation Recharges Smartphone Deployments

July 2011
By George I. Seffers, SIGNAL Magazine
E-mail About the Author


Staff Sgt. Bert Finland, USA, a member of Company C, 1st Battalion, 112th Infantry Regiment, 56th Stryker Brigade Combat Team, checks his headset radio in a Stryker vehicle prior to participating in a patrol in Taji, north of Baghdad. As the U.S. Defense Department approves more mobile devices for military use, the possibility increases that soldiers could employ such devices for conducting operations.

Additional mobile operating systems and platforms are passing security muster, but challenges remain.

In a relative flurry of activity, the U.S. Defense Department is certifying the security credentials for the iPhone and Android operating systems and some devices that use them. The security accreditations come two years after the Windows Mobile operating system officially was sanctioned and brings the military a step closer to fielding mobile devices across the entire department.

Col. Earl Noble, USA, is the project manager (PM) for network enterprise services and the Army’s go-to person for shepherding operating systems and platforms through the cumbersome accreditation process. His office, which is located at Fort Belvoir, Virginia, and is a part of the Program Executive Office Enterprise Information Systems, succeeded two years ago with the Windows Mobile operating system. This year, he expects to complete the process for the Dell Streak and for the iPhone and Android operating systems. In addition, his office recently has begun working with Motorola to receive accreditation for Zoom, Atrix and Droid series devices.

Multiple factors could come together soon and create an ideal environment for the fielding of mobile devices across the military. Those factors include the security accreditation for multiple operating systems and platforms, the availability of the Defense Information Systems Agency’s (DISA’s) enterprise email, and the push by Army leaders to field smartphones down to the lowest levels.

The Army is the first service to begin migrating email users to a Microsoft 2010 Enterprise Exchange managed email service hosted by DISA. Rather than obtaining email from local servers at each installation, the Army will use email services from the Defense Department’s private cloud. The goal, according to Army officials, is to improve capabilities and security while reducing costs. Enterprise email will increase mailbox storage size, provide a Defense Department global address list, enable calendar sharing across the Army, reduce costs, improve mission success and provide users with a permanent email address. Users will be able to access their email box from any computer enabled with a Common Access Card (CAC) capability.

“I think you’re going to see momentum really pick up over the next year. Once DISA enterprise email becomes more widespread, it will be easier to adapt mobile solutions because it will be one-stop shopping at that point. You’ll have just one email to interface with, so I think it’s going to get faster and faster,” Col. Noble explains. He says that he cannot estimate how long it might take to field mobile devices to individual soldiers, but notes that it won’t be soon enough. “I don’t know how long it will take. I wish they would go faster than they do.”

Having mobile devices fielded down to the squad level could enhance communications significantly on the battlefield. In parts of Afghanistan, for example, where the mountainous terrain is inaccessible to ground vehicles, and dismounted operations are a must, beyond line-of-sight communications is an operational imperative, according to Lt. Col. Joseph Hilfiker, USA, communications director for Regional Command–East in Afghanistan. “In challenging terrain with dismounted operations for war, the need to extend the network down to the squad level using non-line-of-sight means to enable situational awareness and collaboration is very important,” Col. Hilfiker says. “What you have to have is something that’s manportable. You have to have something that will work beyond line of sight. And that’s a challenge.”

Col. Hilfiker explains that the security accreditation process is only one challenge to meet. “The other thing you have to overcome is the transmission issue, because you can’t put a cellphone tower every 17 kilometers everywhere in Afghanistan,” he points out.

To help resolve this issue, he recommends a mobile cell tower capability on a Mine Resistant Ambush Protected vehicle, but even that will not resolve the technical challenges fully. Even if squad leaders can chat with each other in little pockets of networks, they will need the bandwidth and other technical resources to connect to the Afghan Mission Network. “A stand-alone network is great because this squad leader can talk to that squad leader, and they can send each other text messages. That’s neat. But the real power is being able to connect back to the point of presence for the network and to be able to pull a full-motion video feed, to pull a picture from a portal, to be able to pull email, chat, to be able to call for fire, be able to call for medevac. You can’t do that unless you have a connection back into the network,” Col. Hilfiker insists, adding that he fully supports the effort to field mobile devices down to the squad level even though challenges remain.

Although Col. Noble’s team has made progress in moving products through the security accreditation process, experts agree it takes too long—approximately 18 months. Accreditation includes gaining approval of a board made up of representatives from the individual military services, DISA and the National Security Agency. It also includes a fair amount of paperwork, which Col. Noble reveals can take several months even after testing is completed successfully.

One of the standards that must be met is the ability for a device to work with a CAC reader. In addition, messages have to be encrypted while on the device and when transmitted from the device. “Our job is to complete the accreditation process and to develop the applications the phones use to connect to the email system and integrate that with the CAC reader. So, I’m developing software and software interfaces so we can use CAC to access our email and get that through the accreditation process,” Col. Noble says. “Everything we do is CAC-enabled. This is our identity on the CAC card.”

He describes three ways to build Defense Department-level security into mobile devices. The first is the traditional route taken for the BlackBerry, the first device officially sanctioned for department use. It was created from the beginning with the defense market and Defense Department-level security in mind, but most other devices are not. Col. Noble’s office developed a secure email application for Windows Mobile and adapted it for the iPhone and Android operating systems. They developed it by working with Good Technology Incorporated, Redwood City, California, and modifying the company’s commercially available Good Mobile Messaging software.

The modified Good Mobile Messaging application is encrypted and requires a CAC reader. It looks very similar to the email system used for the iPad, but it includes some extras. For example, the colonel’s office added buttons for encrypting or signing emails. “That’s our pride and joy, that little app. It has security built into it. We like to say that what happens in the app stays in the app,” the colonel says.

His office also developed a CAC reader that works with any device that features a Bluetooth radio capability. “That’s kind of a cool acquisition thing. If it has a Bluetooth radio, I can connect to that phone. I don’t have to make a different CAC reader for the iPhone and Android. That’s pretty cool,” he says.

Although gaining security approval for products other than BlackBerry and Windows Mobile will be a leap forward, experts say that fielding mobile devices will not be easy. Industry and military officials identify the complex, confounding and cumbersome acquisition process—including the lengthy security accreditation procedure—and the relatively small military market as major obstacles.

Col. Noble agrees that the relatively small military market—which means small profits—makes it difficult to convince major mobile device builders to participate in the Defense Department’s acquisition process. “When you go to vendors that make these products, they’re making a lot of money without having to worry about DOD [Defense Department], so you have to do some convincing,” the colonel observes. “In China, for example, one vendor of a communications system has more subscribers than there are Americans. Comparatively, DOD is not a big customer. To be honest, a lot of vendors are putting products together for us out of a sense of patriotism because it’s not going to be a huge profit market for them.”

Speeding up the acquisition process, however, may be just a matter of willpower and manpower. “The acquisition process is rather lengthy, and it can be a challenge to get things through it. The biggest challenge is getting things through the accreditation process. The community needs to get together and decide to do it faster,” he says. Col. Noble adds that one person in DISA is responsible for writing the so-called security technical implementation guide for each product. “You could hire more people, add more resources. For making the system faster, in a lot of cases, you just look at what the workload is and maybe hire some more people,” the colonel suggests.

The Army chief information officer, Lt. Gen. Susan Lawrence, USA, leads a Mobile Electronic Device working group, which includes all of the military services. The group is working to determine the strategy for developing and procuring mobile devices and software applications.

If it fits into the working group’s plans, Col. Noble’s office will implement a new contract vehicle: the Mobile Device Application Development System, which is designed to speed the acquisition process by allowing vendors to compete for task orders under a single umbrella contract rather than go through the full competition process. Each task order will include the security requirements for each product and will spell out the steps necessary for accreditation.

“The goal is simply to have a contract out there that people in DOD can go to and hire contractors to make apps for them. Basically, if we have that contract in place, instead of going out and competing a contract—which takes three, six, nine months to do—all we do is send money and a task order to the PM shop, and we get started building the app in a couple of days,” Col. Noble explains. “This is for people in DOD who want a custom-made app. That’s the point of the contract.”

It remains to be seen, however, what process the military will use for fielding military-approved software applications to its users. Officials are debating the potential for a Defense Department “app store” similar to those available for commercial users. Another possibility is to persuade commercial vendors to provide a secure space specifically for military users. Col. Noble reveals that the military has been discussing the possibility with commercial vendors, including Apple and Google, but no agreements have been reached yet. Furthermore, some dissent still exists about which approach to take. “As we move forward, we’ll have to decide what we, as a DOD community, want to do for the app store.”

Policies regarding an app store and many other mobile device issues have not yet been written, which can be seen as either a challenge or an opportunity. “We are in the infancy. We are at the beginning. Those policies are yet to be written. I tell people this is the time to really get excited because it’s just the beginning. The policies are still being drafted, so this is the time to really start moving forward on this,” the colonel maintains.

He adds that no one knows what the future holds for mobile products in the military, but the commercial marketplace offers some clues. “We’ll do what the rest of the world does. Last year, there were more cell phones sold than laptops for the first time in history. Just watch society and you’ll see what DOD does because we’re going to grab that technology and adapt it for our use. I personally think things will get smaller, lighter and easier to use, and we won’t have much use for desktops and laptops.”

Army Chief Information Officer:
Good Technology Incorporated:


Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.