The Defense Department unveiled yesterday its plan to equip its more than 600,000 mobile device users with the latest commercial off-the-shelf (COTS) technology such as smartphones and tablets.
The Commercial Mobile Device Implementation Plan focuses on three areas: mobile devices, wireless infrastructure and mobile applications. The plan also works to ensure these areas remain reliable, secure and flexible enough to keep up with fast-changing mobile technology. The plan establishes a framework to equip DoD’s mobile device users with secure, classified and protected unclassified solutions.
The Defense Information Systems Agency (DISA) in October released a request for proposals (RFP) at Federal Business Opportunities for its Mobile Device Management (MDM)/Mobile Application Store (MAS) program, which will establish the infrastructure called for in the plan. DISA wants the MDM to institute the policy, security and permissions that define the functions the user is enabled to conduct on the mobile device, which will ensure the security of the entire user community is not compromised by an incorrectly configured device.
MDM will also support over-the-air electronic software distribution of applications, remote data-wipe capabilities, remote configuration management and asset/property management capabilities. MAS will be an online digital electronic software distribution system that will deliver, update and delete applications on the mobile device without the user having to return the device for service.
DISA Program Manager for Mobility John Hickey told reporters yesterday at the Pentagon DoD is currently in source selection for the RFP and that more than a dozen companies have responded. Hickey said DISA would end source selection around the “late spring, early summer” time frame.
“What we’re trying to leverage is software that’s already in existence,” Hickey said. “How would you (the company) put the security requirements that are out there as part of our security requirements guide we’ve given to industry for both the MDM as well as the operating system (OS) for the devices.”
Air Force Maj. Gen. Robert Wheeler, deputy chief information officer for command, control, communications and computers and information infrastructure capabilities (DCIO for C4IIC), said the implementation plan is device and OS agnostic, meaning users could choose their own preferred mobile device and operating system. But Wheeler emphasized the plan is not to bring your own device, which he said could be available further down the line when the technologies DoD is looking for are mature enough.
“What we’re looking for is a family of devices that are available depending upon the operator,” Wheeler said. “We’re going to continue to update as they update.”
Wheeler said the OS used, and its future updates, will have to be approved by DoD.
DoD is in discussions with “the four major” carriers, which weren’t defined, but are likely Verizon [VZ], Sprint [S], AT&T [T] and T-Mobile. Hickey said DoD has more work to do, “from the telephony standpoint,” but its goal is to leverage all the carriers and not just sole source to one.
Hickey said the classified device would have two layers of encryption on it with one layer on the unclassified device. The implementation plan would deploy a new National Security Agency (NSA) security architecture for classified devices, according to DoD. This new architecture permits the use of commercial products for classified communications for the first time.
Among its 600,000 commercial mobile devices in operational and pilot use, DOD said it has 470,000 Blackberries, which are developed by Research in Motion [BBRY], 41,000 Apple [AAPL] operating systems and 8,700 Android systems. Android is developed by Google [GOOG].