Pentagon’s Untested Mobile Security System Holds No Water for the USDA
Under most normal circumstances, when it comes time to bring in new software just about anywhere—especially something as important as mobile security and adware removal—there’s a modicum of testing involved before the system gets installed. One building may get the system, or one division, or the like. Not the case, at last report, for the Pentagon, which acquired a new mobile security system geared toward protecting military-issued consumer smartphones. The United States Department of Agriculture (USDA) turned to the same vendor and discovered that there are plenty of problems with this new security system, almost as many as if there were no security at all.
The whole thing, at last report, started back in June, where the Defense Department set up a deal valued at $16 million for three years, among three different contractors, in a bid to secure 300,000 devices ranging from iOS hardware to Samsung (News – Alert) and BlackBerry 10 models. The USDA, likely figuring that what’s good enough for the military is plenty for the USDA, went with the same contractors, this time in a $20 million package. But eight months later, the USDA is discovering a wide array of issues with the software that should be protecting its systems.
The system in question, led by DMI as the prime contractor, was set to include aMobileIron mobile device management system, an app store, and Fixmo e-mail and Web browsing protection, which sounds like a pretty complete package. Cyber analysts indeed suggest that the kinds of protections selected are commendable, making the whole package look like a sound bulwark against outside incursion.
But what’s happened so far, based on reports, is anything but sound. The Fixmo container for e-mails and browsing is said to be incompatible with the network security infrastructure at the department. Indeed, the original solicitation required that—within 30 days of the award in November 2012—the program be not only fully functional with vendor support, but also ready to support, at a minimum, 3,000 devices. The schedule has been pushed back to fall of 2013, though it’s been upgraded to supporting 4,500 devices. Currently, the system is supporting about 1,370 devices, and the overall system is looking to jettison the Fixmo system, or use it as a hybrid along with the MobileIron tools.
Naturally, many wonder if the Pentagon is having similar issues with its own mobile hardware, and on this point the Pentagon is staying somewhat quiet. Indeed, reports indicate that the Defense Information Systems Agency (News –Alert)—which actually awarded the contract—didn’t use past performance or current demonstrations to settle on a product, instead using a “comprehensive evaluation” to ensure “that the technology proposed will perform in the manner as proposed by the awardee.” Lt. Col. Damien Pickart further stated to Nextgov: “The documentation and processes used in source selection, other than that which is required to be publicly disclosed, is protected as source selection information” under normal rules, adding “We do not disclose the specific details of the source selection process.”
Hopefully, of course, the program is working much better at the Pentagon than it seems to be for the USDA, though given that some reports indicate it’s much the same program, it’s worth wondering if, in fact, the programs are having any better effect with one than the other. It’s a distressing development to say the least, and it’s hoped that the Pentagon’s security is doing better than its counterpart. Perhaps more testing in the future would be the appropriate response, but at the end of the day, it’s all about the security and malware removal.