Making Mobility a Battlefield Reality
A U.S. defense agency promotes
proliferation of mobile devices.
The widespread use of mobile devices on the battlefield, which may have seemed an improbability just a few years ago, may become an actuality within the next few. A recently released strategy document supports that pending reality, which is expected to increase situational awareness, improve operational effectiveness and enhance the operational advantage for U.S. forces.
“I don’t think it’s going to be 10 or 15 years before these devices are going to be the preponderance of what we see on the battlefield. We’re probably three to four years away from that,” says John Hickey, Defense Department mobility portfolio manager, Defense Information Systems Agency (DISA).
DISA’s recently released five-year strategic plan assists that goal. The plan covers much more than mobile communications, including the Joint Information Environment (JIE), cyber operations and nuclear command, control and communications. The target objective state, according to the strategic plan, is “an enterprise information environment composed of a secure connection to a computing environment provided by both commercial and government computing centers and big data storage, interconnected with a mesh of fixed and wireless transport, protected by a single security architecture, whose information resources held in the cloud are reachable by various mobile devices and accessible by credentialed users, eliminating anonymity from the network.”
Hickey reports that while some work still needs to be done, especially regarding security, the agency already has made significant progress. “We were tasked within the mobility program office to develop and implement an infrastructure. We’ve done that. We have an unclassified infrastructure with a mobile device manager and a mobile application store,” he reports. “That infrastructure will evolve and become more global. We started with stateside nodes. Obviously, we’re going to expand in fiscal year 2015 to Europe, Pacific Command and other areas.” In addition, the agency has established gateways to support secure communications into the department’s nonsecure and secret Internet protocol router networks, known as NIPRNET and SIPRNET.
Now, the agency’s eye is on adding more mobile devices, including Microsoft systems. “This year our focus is on getting the public key encryption components we didn’t have before for supporting Android and Apple, as well as BlackBerry 10 devices. Now we’re concentrating on the application scenarios that we can bring online,” Hickey says, citing a partnership with the Air Force on the Electronic Flight Bag initiative as an example.
The initiative essentially digitizes many of the maps, manuals and other paperwork typically found in an aircrew’s flight bag and places them on a mobile tablet. “The return on investment is obvious because many of those larger aircraft carry 60 and 70 pounds of maps and other things; they’ve digitized that, and they’ve put that on these devices, so you see a real cost savings,” the portfolio manager reports.
DISA has been working primarily with the Air Mobility Command and Air Combat Command but also with organizations within the other services so that all services might benefit. “We are piloting today the ability to connect into a mobile device manager and automatically update those devices,” Hickey states.
But the real game changer, he says, is not about the devices or the connectivity but about where the data is stored. “In the case of the Electronic Flight Bag, they side load, if you will, on a tablet the map information. Most of that information is unclassified,” he says, before pointing out that some data, such as air tasking orders, would be more sensitive. In the first phase of the pilot program, DISA and service officials are exploring how to automatically push policies and manage tablets over the air through a mobile device manager. The second phase will focus on public or private cloud computing options for storing the information so that it can be automatically updated to the devices.
The biggest challenge, of course, is how to secure mobile devices; but in partnership with the National Security Agency, DISA has developed mobile capability packages and security technical implementation guidelines (STIGs), which essentially lay out the security requirements for mobile devices. And, commercial companies have responded. “This is a new approach we started almost two years ago,” Hickey relates. “In the past, on the laptop world and the desktop world, we would wait for industry to bring us a product and we would evaluate it. Now, we’re publishing the guidelines for operating a mobile operating system. We put that out, and what we’re seeing is that vendors are coming back to us with implementation guides and then DISA reviews that,” he explains.
He credits the new approach to moving the department beyond just one brand. “We support more operating systems than we’ve ever supported on the mobile side. In the past year, you’ve seen us go from primarily a BlackBerry environment with mobile phones to an Android, Apple and Windows environment. That’s exactly what we said we were going to do about 18 months ago,” he states. Statistics within the strategic plan indicate the agency has deployed more than 1,600 unclassified and 170 classified devices to the combatant commands, services and agencies.
Furthermore, while improvements are still necessary, the agency is better able to keep up with rapidly changing mobile technologies. “We’ve seen quicker turnaround on some of those operating systems as they upgrade,” Hickey offers. “We can’t just be happy with iOS 7 because we know iOS 8 is coming. We can’t be happy with Android 4.3 because 4.4 is coming. We can’t be happy with Windows 8 because Windows 8.1 is coming. What we see is a faster, more agile process, really by publishing security standards.”
In mid-May, the agency announced implementation of its 2.0 release for an unclassified Android/Samsung KNOX capability. The incremental, agile implementation of 90-day spirals provides enhanced and assured mobile capability to the warfighter. It also ensures the agency methodically addresses the complexities involved in integrating a secure interface with department networks. “Samsung KNOX is a secure container located on the Android devices today that separates the information you’re using on the personal side and the information on the corporate side, like the BlackBerry 10 concept does. Therefore, what we have are similar security requirements guides. We were quickly able to evaluate the KNOX capability and then, as part of our enterprise contract, our integrator was able to offer us that capability on the Android devices,” Hickey relates.
The Apple and Google devices approach security differently. “On the Apple devices, we’re using a capability for signing and encrypting email, but we also offer flexibility to the customer. If they don’t have a signing and encrypting requirement for their day-to-day email, they can use native email. That is secure because Apple and iOS 7 came out with a managed side for apps and an unmanaged side. So, we’re able to leverage that,” he reveals.
Hickey asserts that the department already has a bring-your-own-device (BYOD) environment, especially for laptops, but that environment will always be limited. BYOD restrictions include limited access to apps. “On the Android side, we can lock down the Google app store because there’s a lot of software out there we don’t want on those devices,” Hickey declares. “We can vet the apps that are important, and we can even vet the apps that some people want that have a lower level of risk.”
Additionally, personal devices will require some Defense Department software. “We would put an application on that device that will allow access back to the enterprise, whether the information is in a public cloud or a private cloud,” he asserts. “Do I believe that we’re going to let everybody do everything they want on their own personal devices and store information on there? No. I don’t believe that’s where we’re going.” The reason, he says, is that there are “too many flavors of Android and other applications out there,” as well as legal issues and other complexities.
Defense Department customers seek a cloud solution that will allow mobile device users to connect to the enterprise via a browser with a “derived credential,” or cryptographic credentials leveraging the Common Access Card. “In the future, I think you’ll potentially see that turn into a mobile application doing a similar function but having a lightweight capability to enable users back into the enterprise, or in a disconnected mode,” he states. DISA and the Army have partnered on a broad agency announcement and currently are testing potential solutions.
The DISA strategic plan aligns with the overall Defense Department mobility strategy and implementation plan. It also fits the department’s efforts to move to the JIE, in part, because when the services have separate networks, mobility is more challenging. “When I’m trying to do a mobile enterprise, mobile device manager, and it needs to talk to the services’ exchange server, I’ve got to create a trust into that network. If I had JIE, I wouldn’t have to create that trust. My mobile device management capability automatically trusts all the other networks because it’s all one network,” he clarifies. “Today, it’s multiple networks. That’s what makes it harder to defend, and it’s also what makes it harder to interoperate.”
Additionally, DISA’s mobility efforts can benefit the JIE by providing voice-over-Internet protocol, chat collaboration and other capabilities. “We do that pretty easily just with a mobile app that ties back into the enterprise through the gateway. We do that today on the unclassified side. On the classified side, we tie it all the way back into our classified, legacy phone system. It’s packet switch as well as a secure voice-over-Internet protocol system, so if senior leaders want to call on a DISA-provided mobile classified capability, they can call just like they’re calling from their office in the Pentagon,” he says.