27 January 2016

DISA test-driving smartphone encryption

http://www.c4isrnet.com/story/military-tech/mobile/2016/01/22/disa-test-driving-smart-phone-encryption/79187018/
Amber Corrin, Senior Staff Writer, January 22, 2016
Top leaders at the Defense Information Systems Agency know they’re chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today.
“We don’t seem to be working at an earth-shattering pace to get to mobile” enablement, Maj Gen Sarah Zabel, DISA vice director, said Jan. 21 at AFCEA DC’s mobile technology summit in Washington, D.C. “To have a mobile-enabled workforce, you need to want it, to demand it and to think mobile in order to bring all the different elements together.”
One piece of that is making mobility less cumbersome—that is, no Common Access Card involved. Instead officials plan on using derived credentials that are stored on the phone and provide multifactor authentication. Zabel said that’s one of the major pieces officials at the agency are working on to push mobility forward.
At the core of that effort are credentials based on public key infrastructure, or PKI, which will provide the encryption technology and governance necessary to handle secure authentication.
Zabel said DISA is partnering with the National Security Agency and other organizations to pilot a Defense Department PKI-enabled direct credentials system. The pilot is slated to go until the spring time frame, after which the direct credentials will roll out to iOS devices, then Android and BlackBerry devices.
The vice director also said she’s hopeful for future bring-your-own-device programs that can support a wide range of devices, citing the expectations of potential DISA hires—as well as current personnel—as something the agency must embrace in its culture and policies.
“If we want to have new capabilities coming into our world at a reasonable pace, we need to be able to manage some level of diversity,” Zabel said. “We have to have an underlying security basis that really protects the information and business processes that we are responsible for … as we think about mobility, we need to think far beyond.”
DISA officials are preparing for the next round of contracting for mobile device management services; the current agreement ends this summer. DISA mobility overseers have said they are working out the contract strategy for the re-compete, but sources close to the process speaking on background have said it's likely the next MDM request for proposals will be rolled into a broader contract vehicle, the Single Service Management contract, slated to be awarded in the third quarter of fiscal 2017. DISA public affairs officials did not comment on the MDM acquisition process.

No comments: