The Defense Department plans to have an enterprise mobile network supporting classified and unclassified communications at least partially up and running by the end of the year.
Besides services such as voice and text, the network also will carry enterprise e-mail and support a mobile enterprise applications store. Beginning this summer, several pilot programs will be launched to test the network’s capabilities before a full rollout.
The lead agency assigned with planning, coordinating and carrying out this task is the Defense Information Systems Agency, which has been given the authority to rapidly set up classified and unclassified mobile services. These services will build on each other and share a single development workforce and underlying network infrastructure wherever possible, Rear Adm. David Simpson, DISA’s vice director, said in an interview.
DISA is also working with the National Security Agency to ensure that software and hardware security elements are embedded into the process. But Simpson said both organizations understand that the mobile services must be flexible enough to be usable by a wide range of personnel.
Cost is another consideration. DOD's mobile network must be affordable — roughly in the range that the department is now paying for BlackBerry or cell phone services, Simpson said. Once established, the mobile network will become a DOD-wide service. DISA expects to partner with other DOD organizations to include them in the end-to-end service, which will include enterprise e-mail, an enterprise portal, enterprise file storage and cross-domain services, he said.
These services can also be extended to support organizations that want to run their own enterprise e-mail or applications, Simpson said. These organization-specific services will be hooked into the larger DOD network. Another critical part of the DOD mobility strategy is that the enterprise mobile service will use widely available commercial mobile devices, he said.
One of the reasons behind fast-tracking the mobility plan is that standard DOD IT acquisition and development programs can be lengthy and time-consuming. It can take a year to draw up technical implementation guides for a single handheld device that would usually end up locking up many of its features for security reasons, Simpson said. This had the effect of raising the cost of devices and led to proprietary solutions such as the SME-PED handheld device, which is bulky compared to commercial devices due to its built-in cryptographic hardware. He added that users have complained about the cost, awkward size and operating restrictions placed on the SME-PED.
A key part of the new mobility policy is to use commercial devices and build the security into the communications architecture through the devices’ SIM cards at the hardware level and by using mobile device management systems at the enterprise level.
Additional security steps include revising how DISA works with vendors in areas such as the transmission part of the service, setting up a DOD-run mobile applications store, and building a back-end enterprise management architecture that supports a mobile device management system with built-in security capable of identifying and analyzing anomalous activity, Simpson said. He added that the agency is already setting up industry days to meet with vendors with the target goal of having a prototype mobile applications store running by the end of the summer.
To troubleshoot the mobility plan, DISA will set up a pilot project providing DOD users with end-to-end mobility, security and network management services. The first pilot will be modest, involving around 100 devices overseen by a mobile device management system and accessing a DOD-run applications store. Airtime may be provided by a single vendor during the pilot phase, but when the entire enterprise is launched it is expected that there will be several service providers in the U.S. and key nations where the DOD has facilities, Simpson said.
A second pilot program will layer additional elements onto the architecture created by the first effort, such as increased vendor competition. “We’re really just stitching those parts in a single instantiation of each of the required elements to do the end-to-end,” he said.
But although many of the mobile network's functions will be outsourced for the pilot programs, DISA expects key elements of the enterprise to remain under DOD control when the full network is launched. These include a number of mobile security features such as the NSA-developed Fishbowl system and Suite B encryption to support classified communications.
“We really believe that from the beginning we need to have a command and control of the integration of these capabilities to ensure that at any given time it can assess a security risk throughout [the system] and deliver the right readiness to the capability,” Simpson said.