Defense Department Embraces 'Good Enough' for Mobile Security
Devices are not the issue: Department wants industry solutions to protect the data.
As the Defense Department dives into the mobility ecosystem and embraces the use of mobile devices by the warfighter in the battlefield up to the highest echelons of leadership, it seeks solutions too for full-on mobility at the enterprise level. Leaders still struggle over concerns from security vulnerabilities to the legal questions that impact employees workload when they’re off the clock.
“You’re going to see a lot of headlines here that say ‘secure mobility.’ Blank that out,” said Terry Halvorsen, the Defense Department’s chief information officer. “I want you to insert the words ‘secure enough mobility.’ Part of what we’ve got to understand is: what’s secure enough?”
With the question, the department is not lowering its standards to secure its data, Halvorsen told a sell-out crowd at the AFCEA D.C. Chapter’s mobile industry day held in Washington, D.C. Instead, department leaders are taking a realistic and practical approach to the paradigm shift changing the way the department conducts its business.
The devices themselves are secure enough to meet certain challenges as the department works to implement policies from conducting business with government-owned devices to letting workers access networks with their own, said Lt. Gen. Ronnie Hawkins Jr., USAF, director of the Defense Information Systems Agency.
“It’s about the data that we are sharing across the board and throughout the Department of Defense; whether it be at the business level or the warfighting level,” Hawkins said. “The technology is there. It shouldn’t be about the device, it should be about the data. It should be about securing the data and using whatever device that you have at your disposal and being able to share the information.”
The Defense Department is late in addressing the bring-your-own-device (BYOD) initiative. “We are behind,” Halvorsen acknowledged. “I thought I would have a BYOD larger pilot started by now. I do think in the DOD there will be some places we can use bring-your-own-device. I do not think that it is going to be the majority of our operations, just because of the complexities of trying to manage that, even in a secure enough vein.”
Even Fortune 50 companies struggle with the issue and have scaled back allowing employees to use their own devices on company networks, he added.
“I think there will be a niche for BYOD in DOD, but I don’t think it’s going to be our big answer,” Halvorsen continued. “I really think our big answer is going to be a hybrid where we say, ‘Here are the devices,’ and we limit the number. So if you get one, you can use it.”
Hawkins said he predicted three years ago the Defense Department would be doing mobility at the enterprise level during his tenure. In fact, he said, the department will be using mobile devices at the top-secret level within the next few months. “We are supposed to deliver our first iteration … in the September-October time frame,” Hawkins said. “We will be putting out a mobile device where we can do top-secret capabilities on it. What that does and what that says is what I call the quantum leap forward that we have done in this area of collaboration.
“My challenge to industry is: Help us determine the right type of technology that we need to secure our data … at the enterprise level and let us use whatever device we need to use,” Hawkins added.
Halvorsen said he seeks a level of collaboration between industry and the Defense Department as seen during World War II. “Those partnerships, we definitely need that now. I don’t think it’s overdramatic to say we’re in a bit of a crisis situation in terms of funding, economics [and] the world’s situation, particularly in cyber,” Halvorsen said. “We have been spending a lot of time lately on cyber and cyber incidents. It is the new warfare area. But cyber goes beyond being a warfare area. I would tell you it is the new economic area. When we look at what’s generating revenue, what are the fastest growing companies? Where are we moving forward? … It’s in the cyber areas.”
If good is to emerge from the recent massive cyber breaches of sensitive federal employee information, it is that “those types of situations are going to get us where we are securing the data in an efficient and effective manner, faster than any of us even think about right now,” Hawkins said.
The mobility issues are not centered on security alone, the leaders said. Defense Department lawyers hash out policies while contemplating legal concerns surrounding “just how mobile can you expect your employees to be?” said Halvorsen, citing as an example legal action in Germany that prompted some corporations to turn off employee access to email after the working hours as it became an expectation for workers to labor during their private time.
“The technology is there. The capabilities are there. The laws are not,” Hawkins echoed. “The laws are going to have to change in a dramatic fashion and pretty quickly. And as a result of that, it’s just going to open up the mobile ecosystem that we’re dealing with right now.”