Pentagon approves use of advanced devices from Apple and others - but don't expect quick change
WASHINGTON — Six years after Apple introduced the iPhone and three years after the debut of the iPad — devices that helped spark a revolution in mobile telecommunications and computing — the Defense Department is edging closer, ever closer, to finally integrating them into military networks.
The devices on Friday got a landmark “all clear” signal from the Pentagon’s Defense Information Systems Agency, or DISA, which approved a technical guide for securely connecting devices that run on Apple’s iOS 6 mobile operating system to DOD computer networks.
And it’s not just Apple. Two competitors for defense dollars — Samsung Android devices that run the Knox security suite and a sleek new generation of Blackberry devices that run the Blackberry 10 operating system — were also cleared by DISA accreditors in recent weeks.
The change can’t come soon enough for military users who for years have been pushing to take advantage of the advanced devices, but were hamstrung by network security concerns. Top Pentagon brass, for instance, have used government-issued iPads to read news and reports, but with wireless capability removed. And all the way down at the squad level, soldiers have tested tactical Android tablets that provide a bird’s eye view of the battlefield, but which can’t access email or the Internet.
The door may now be open for that to change.
“There’s a lot of excitement because we are finally going to be able to put the newest technology in the hands of warfighters,” said Alana Casanova, a DISA spokeswoman.
But don’t ditch your government-issued Blackberry just yet.
Android and iOS phones and tablets may be ubiquitous in the civilian world, but they are comparatively rare in the Defense Department. While tens of thousands of them are in use in a number of approved pilot programs, the Pentagon has nearly half a million Blackberries in circulation, with no plans to replace them en masse with the new systems, officials have said. And iOS and Android still have to clear a number of hurdles before they filter widely into the U.S. military.
First, the guide — called a Security Technical Implementation Guide, or STIG for short — covers only government-issued phones and tablets. With Pentagon budgets constricted by sequestration, will purchasing managers rush to buy the latest touch-screen phones to replace the current generation of arguably obsolete but still perfectly usable DOD Blackberries?
One thing is certain: DOD personnel aren’t authorized to take matters into their own hands.
“People are in no way allowed to go out and buy a mobility device and connect it to a DOD network,” Casanova warned.
Second, bringing new devices onto defense networks necessarily makes it more complicated to ward off intruders and cyber attacks. So before any of the new mobile devices can be put into wide use, the Pentagon plans to set up a mobile device management system for centrally managed security and software distribution. (Sorry, that means no downloading Angry Birds from the App Store.)
DISA officials said the contract for the system would likely be awarded to a vendor in June or July, and it will control not only the new Apple, Samsung Android and Blackberry devices, but will bring hundreds of thousands of other devices under its wing as well.
Mark Orndorff, DISA information assurance executive and program executive officer for mission assurance and network ops, said the agency hopes to make the switch to the new device management system as “as seamless as possible” for all users, but could not say when they expected it to be implemented.
“All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks,” Orndorff said.
Defense officials admit that the overriding imperative of security has often left DOD far behind the mobile communications curve.
“In the past we had to wait for the technology to come and out become commercially available, and then we would take it to our field office, which would start writing the STIG,” Casanova said. “By the time it was approved, technology had moved on.”
But DISA is putting a new process in place to accelerate approval of new systems. Essentially, the Pentagon is beginning to let technology vendors write the STIGs with oversight from DOD experts who ensure the guides meet security standards.
The security technical implementation guide for Samsung’s new Knox devices was the first to be written by a vendor, and DISA hopes to make it the model for the future.
“As the new technology is rolling out for commercial availability, we approve that STIG along with it,” Casanova said. “It speeds up the process, and we don’t have to play catch-up.”