It only makes sense now that mobile devices have permeated every industry and almost every aspect of life that DoD wants its employees to harness their power in secure areas as well.
It seems like a farce to think of DoD employees doing everything with paper and pencil in a secure area and then walking through the unclassified world using iPhones, virtual reality and every other futuristic device, but it is the current state of affairs.
Deputy DoD Chief Information Officer for Cybersecurity Therese Firmin told Federal News Radio there is no current timeline for when the new directive allowing mobile devices will be implemented, but she expects some immediate results when the policy goes into place.
“It will definitely improve the productivity, because what it will allow for is for the users to access enterprise information from their phones or their tablets or their laptops when they are remote or in their office environments. There’s a huge productivity advantage to doing that,” Firmin said in an exclusive interview on Dec. 4. “You can also download applications that you’re comfortable with that you know help you be more productive and efficient. I think the commercial technology has matured enough now that they can meet the security requirements that we have and we make sure the infrastructure they are connected to is secure.”
The policy is a huge step in the direction DoD wants to go with technology. The department is trying to find a way to be agile, fast and technologically savvy without compromising security.
“Commercial industry is much better at letting people take notes on tablets and laptops and we are going to be in that world too where people can take their devices in and start taking notes and not have to bring the paper and pencil with them everywhere they go. That alone will help our security and our access to information,” Firmin said.
Not to mention the apps employees will now be able to take advantage of to increase productivity and draw on information.
Firmin mentioned the biggest holdup for future restriction loosening is based on the apps.
“I think we will see a lot more access to the managed and unmanaged applications. In order to be productive, [employees] need access to applications that make it meaningful and relevant to have those devices. I think the biggest growth area will be in application availability on both sides of that space, both the mission critical applications and personal productivity applications,” Firmin said.
Firmin said the next step is integrating internet of things devices.
The policy officially came out on Nov. 20 and gives officials in charge of secure areas final say as to whether mobile devices can be used in a space.
The policy requires officials to submit a justification based on mission need to the department before they can open the areas to mobile devices.
Reasons acceptable for allowing mobile devices in a secure area include command and control, counterintelligence, testing, training, research, developmental activities and, obviously, communication.
They must also officially determine the risk associated with adding mobile devices to an area. The policy requires officials to lay out vulnerabilities associated with the mobile device and the networks it connects to. The policy asks officials to submit known and potential threats to national security systems and information used in secure areas and the potential risks to spaces near the area where mobile devices are allowed.
The policy “takes into account the whole environmental aspect, also what devices you are using, what devices you intend to allow, what are the threats against those devices, what type of data do you process. There’s a whole set of things that need to be considered,” Firmin said. “It is not a blanket approval. You need prior approval, you can’t just say, ‘Hey, there’s a policy I’m going to bring my device in because the policy says.’ There really needs to be a thoughtful process and that’s what we’re encouraging.”