The agency has managed to break through a roadblock that had been giving it a considerable challenge.
The majority of government agencies find that establishing adequate mobile security is not exactly an easy process, as federal experts still battle their way through the tech to try to be able to provide the right level of access through smartphones and tablets, while still protecting their applications and data.
That said, the Department of Defense may now have broken through one of the biggest problems it had faced in this area.
Deputy chief information officer for cybersecurity at the Department of Defense, Richard Hale, has announced that a roadblock that the DoD has been facing for some time now in mobile security may now have been broken away. He explained that the department has come up with a new approach that will keep up its dependence on the Common Access Card (CAC), but that will apply it in a new and fresh way. It turns out that they will not be placing the public key infrastructure credential directly onto the smartphones and tablets. At the same time, “We will not have a separate CAC card reader or something like that,” he said.
Hale spoke of this new mobile security strategy as an AFCEA panel moderator of the D.C. chapter’s Cybersecurity Summit.
He said that there are three separate pilots underway that have already demonstrated that this mobile device security system can be implemented effectively. He did acknowledge that there remain certain security issues in the effort to bring the credentials to the device, but that the department is working their way through those. Therefore, they do not yet have a “formal program to put an issuance infrastructure in place.”
Still, Hale said that it is his belief that within the upcoming “couple of months we’ll make a decision that we have a particular path to credential issuance and then we will put a program up and start doing it.” He even went on to make a “bold prediction” in which he stated that by the close of 2015, the department would already be “issuing derived credentials on a production way on mobile devices.”
According to Hale, this mobile security effort is being examined for all of the major device vendors, including Android, iOS, Microsoft, and Blackberry.