Security is top priority as the Defense Department continues to embrace mobility, and officials are looking at multiple paths toward an end goal that empowers troops and personnel.
While work at the Defense Information Systems Agency is ongoing to set up derived credentials that allow DoD users to have smart phones that don't require Common Access Cards to get critical information, intelligence agencies are looking at futuristic authentication measures and the Marine Corps is pushing forward with bring-your-own-device.
"How do we get mobility services in place that will allow DoD to take advantage of innovations faster rather than the government instituting a new contract every time we need a new technology or service?" Kim Rice, DISA mobility portfolio manager, said April 15 at an AFCEA Northern Virginia chapter event in Vienna, Virginia. "Our focus has been on the device; everyone wants the latest… [but] it's going to be about the information and the data. How do we incorporate all that legacy data all our users need in order to get beyond email, contacts, calendar and texting? How do we get them all of the information across the security domain so they can do their job remotely?"
Henry Costa, enterprise services leader at the Marine Corps, also emphasized it's not technology that's holding up more widespread use of commercial mobile devices in the military.
"The piece we're struggling with is the distribution of the derived certificates," Costa said. "We've proven fact we can control that capability…we're just waiting for the policy piece to support the technology and operational need to provide a user, a national security professional or a warfighter, with the capability [secure] sites, to actual email. Our leadership is pursuing that hard…to see how we can break that gate in terms of derived certs."
Rice added that at DISA officials are putting together training manuals and handling other "back-end" aspects of a pilot program that this summer will test-drive CAC-less smart phones.
"We do have a phased approach that we are using," she said. "I think many of you have heard of the DISA-first program, where we make sure that DISA eats its own dog food. We make sure the capability works first before we deploy it across the department."
In the intelligence community, leaders are looking beyond CACs and certs and instead toward heartbeats and footsteps – the FitBit version of identity authentication, said Michael Mestrovich, deputy director of the CIA's Technical Services Office.
"They measure your breaths per minute; they can measure your pulse; they can give you an electrocardiogram," Mestrovich said. "So they can pretty well, within a pretty good error rate, determine from your biometrics how you actually are breathing and how blood is flowing through your brain that you are who you said you are."
The catch? Those attributes are captured and transmitted via Bluetooth technology, which is not allowed in secure military facilities.
"That's the next frontier for us," he said.