US DoD looks to fence-in "unconstrained" mobile pilots

Looks to build case for rapidly deployed apps and improved mobile comms.

The US Department of Defense (DoD) will begin implementing amongst “small populations” its future enterprise-wide model for securing mobile devices, applications and networks.

The DoD has given a rough outline of how it may eventually secure desirable commercial mobile devices, and also provide a template for controlling the “unconstrained” mobile piloting already occurring in pockets.

The pilots that have occurred have shown some success, DoD’s CIO, Teri Takai outlined in a new strategy document, but they have “also resulted in the lack of security and interoperability across products”.

The document canvasses the mismatch between DoD processes and requirements and those that make commercial practices more desirable.

While commercial devices and application development processes hold promise for the DoD, the organisation is, in many ways, not equipped to adopt it, Takai notes.

Today, for example, the DoD’s certification process for new apps does not support the timely release of new apps, constraining the device’s effectiveness. On the other hand, none of the commercial devices meet DoD standards 'out of the box'.

The DoD is looking to implement application signing to ensure the integrity of apps loaded on to devices while supporting faster development cycles with a “common mobile application development framework”, aimed at secure development and testing for a multi-platform environment.

The framework may offer guidance on how to use commercial SDKs, testing criteria, how to port applications to supported platforms, and how to sign apps with the right key.

The overall aim is to prepare the DoD’s network and information infrastructure, policies and web application processes in such a way that they enable mobile devices to “untether” its forces while keeping their data, connections and devices secure.

Other mismatches between a deploying mobile at an enterprise-wide level and the pilots that have occurred include “bandwidth limitations” caused by current methods of securing tactical communications. Takai notes the DoD will need to invest in its networks consistently with existing commercial networks that comply with the IEEE’s 802.11 WLAN standards and 3GPP LTE-based 4G. Continued investment in VPN technologies will also be critical.

Another mismatch occurs around how DoD should enable apps and devices to securely interface between its own networks and commercial ones, as well as communicate over short range networks like Bluetooth. PKI and mobile device management (MDM) services are considered essential to ramping up mobility.

The DoD is looking at over-the-air patching and device configuration, federated identity/device management, and enterprise essentials such as device access control, encryption, remote wiping, routine backups, regular device scans and malware detection.

Results from the targeted trials will be used to build a business case that may support scaling out mobile devices to the wider enterprise, according to the report.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about IEEELAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts