By Cheryl Pellerin
DoD News, Defense Media Activity
WASHINGTON, March 24, 2015 – Defense Department Chief
Information Officer Terry Halvorsen held a media roundtable recently to discuss
progress on elements of his department’s transition to an information
environment that’s faster, safer and less expensive for the DoD.
The Joint Information Environment is a framework for the
transition. Its newest elements include a joint regional security stack, or
JRSS, and a mobility program for smartphones that DoD personnel can use for
unclassified and classified work.
Halvorsen’s team is working on all the elements, but his
priority is the JRSS, which he has called the first step in getting the
department to the JIE.
“What JRSS will do when we have it right is enable a central
view of all of the data that is more commonly shared by all the levels where we
want to share it, which is a lot,” Halvorsen said.
Joint Regional Security Stack
The JRSS itself is a series of 19-inch racks in cabinets,
with network applications and appliances in the racks, JRSS lead Dave Cotton
said.
The JRSS technology enables “a consolidated view of the
network activity and potential anomalies,” he added.
This will give defense or military command centers, “where
they're worrying about networks and operations, a sense of the cyberspace piece
and [the ability] to plan their operations appropriately around what's taking
place,” Cotton explained.
The JRSS will offer a better picture for taking immediate
action and a better picture for examining analytics, he said, to get “better
future planning than we have today.”
DoD Smartphone Mobility
On the department’s mobility program for smartphones,
Halvorsen said progress is being made on dual-persona unclassified Blackberry
smartphones, which are now in use, and a modified commercial Android phone that
DoD personnel can use to do Secret-level security work.
“I have ongoing mobility pilots and … I've got to be able to
protect different levels of data,” Halvorsen told the reporters. “I need all
data to be somewhat mobile and today I've got pretty good answers [about] how I
can make unclassified data mobile.”
He added, “I have some pretty good answers about how to make
secret data mobile, and above that I'm still working.”
The CIO said the mobility pilot programs are going very
well.
Fielding Classified Devices
“We've got some new classified devices coming out and I am
very happy with where they are,” Halvorsen said. “I am a little anxious about
how many of them we can field on what timeline, and we’re having some very good
discussions with DISA about that.”
He added, “It's a little more complicated than on the
unclassified side because of the way we have to write the contract
restrictions, the extra security pieces.”
On the unclassified side, he said, the department has begun
fielding the dual-persona phones, which DoD personnel can use for official
business and also for personal e-mail and some applications.
The phones “are in distribution today. The biggest problem I
have with that is just getting the numbers up,” said Halvorsen, adding that
personnel who get the phones first are “the high-demand users from a mission
perspective, at all levels.”
Ramping Up the Numbers
To date, Halvorsen said, the department has distributed
about 1,500 of the unclassified phones, including those that were in the pilot.
“That is now going fully operational and those numbers will start ramping up
fairly rapidly,” the CIO added.
For smartphone vendors on the dual-persona unclassified
side, Halvorsen said the challenge is not so much keeping the wrong data off
the phones but keeping the right protection levels on the phones.
“We have required the vendors to meet a set of technical
requirements that provide me a level of comfort that they can protect the data
and I can operate that way,” the CIO said.
“I’ve got to be very careful,” he added. “I don't require
that the vendors do anything with their own devices. I require them to meet a
standard requirement.”
Bring Your Own Device
This summer the CIO said he will put out a new pilot called
B-Y-O-D: bring your own device.
“I'm probably going to do most of [the pilot] with the DoD
headquarters staff because I think that represents a big enough user base that
it will be a controllable test,” Halvorsen said.
The challenges of such a program are many, and the CIO said
they include how he ensures each smartphone meets minimum security levels,
“which is the first question I've got to get answered.”
If the smartphone meets those requirements, Halvorsen said,
“then let them go use it.”
In that case, he added, “How do I track the security
measures around that? The hardest thing on all of this is how do I assure
myself that when they're [using their own devices] that I'm being secure?”
Tracking Security Measures
The CIO added, “I'm not going to lie to you -- that is the
parameter. How to measure [security] in meaningful ways is the one that's
driving me a little crazy.”
Lots of big enterprises are rescinding their
bring-your-own-device programs, he said, adding that isn’t the right answer
everywhere.
“What I suspect will happen in DoD is, because of our size
and all the businesses we're in, there will be places where
bring-your-own-device is going to work and a whole lot of places where it
doesn't,” Halvorsen said.
Halvorsen said he’s working to set up an open mobility day
during which people from the department, industry and elsewhere can ask
questions and get information directly from him and his team.
No comments:
Post a Comment