DOD mobile strategy behind the eight-ball compared to industry

The Defense Information Systems Agency plans to have a mobile apps store up and running within 15 months. This is just one in a series of steps DISA is planning over the next few months to set up standards and processes for handling the growing number of mobile devices throughout the military, according to a top executive.

In addition to building an enterprise apps store, a key part of this effort will be setting software standards for developers and vendors, according to Bruce Bennett, program executive officer for communications at DISA, who spoke at the FOSE conference in Washington April 4.

In many ways, the Defense Department's effort is an attempt to keep up with the commercial marketplace, Bennett said. Describing the mobile sector as a “brave new world,” he stated that DISA is trying to catch up with what the industry has been doing for three and a half years.

Related coverage:

DISA mobile management office to include online app store

There are currently some 17 million iPhone applications. For the agency to develop, clear and secure a large number of applications, it must set guidelines to provide warfighters with reliable and safe data, Bennett said.

DISA will include Android, Apple iOS and BlackBerry platforms as a part of these efforts. The different DOD commands and organizations have preferences for certain platforms, and it is DISA’s responsibility to support them, Bennett said. But as it does so, it will also limit the initial numbers of mobile devices, he added, a result of DOD’s need to handle classified data.

In the next few months, Bennett said DISA will take a number of steps to support the DOD-wide mobility effort, including hosting an industry day sometime in the next 60 days. When the project kicks off, DISA will rely on industry to do most of the developmental heavy lifting.

“We are not going to reinvent the wheel,” said Bennett. To facilitate this, DISA will release security request guides (SAGs) to provide developers with the agency’s security requirements for devices and the modifications necessary to meet government needs. The SAGs will be posted on the DISA website.

DISA will set up a process to let developers create applications and submit them to an agency certification authority for rapid appraisal. All of the applications accepted will be placed in a DOD-provided applications store residing securely within the DISA cloud.

The agency anticipates that the number of applications will grow quickly, Bennett said. To help with this process, DISA is reaching out to industry to help develop applications. “We have to figure out how we can adapt our needs to the best commercial applications and standards,” he said.

DISA must remain aware of new commercial applications that it can adapt for its uses, Bennett explained. Vendors also need to think about licensing strategies for applications because DISA cannot work on a pay-as-you-go model, he added.

The agency also needs to protect its data. Bennett said DISA will look for vendors to improve and embed tools for identity management and software transport in their applications.

DISA also plans to use the best commercial security methods for managing unclassified data, and it is in discussions with the National Institute of Technology and Standards to develop standards for unclassified data, he said.

The DISA apps store will be a “federated” store — users can access it from a single DOD infrastructure. Besides selecting applications from the DISA store, they will be able to access the individual services’ apps stores as well, said Bennett.