The Pentagon is often thought of as one of the most secure spaces in the country, and for good reason, since it’s the headquarters of the Defense Department. However, it’s now potentially easier to use a smartphone inside such a secure building — and to the DOD, that’s a good thing.
Users with smartphones will now be able to ask the official in charge of a secure space whether they can use a mobile device, thanks to a new policy directive that was signed by Essye Miller, who was then the DOD’s CISO and is now its acting CIO.
The goal of the new policy is to make workers who operate in secure areas more productive by allowing them to access critical work information without having to retreat to a different area or access it on another device.
As FedScoop reports, the new policy was issued by the Committee on National Security Systems, which consists of top information security officials from defense, intelligence and national security agencies. The publication notes that it “lists a minimum set of requirements that must be met before a senior security official can decide whether mobile devices can be used in a controlled area that contains national security systems.”
Importantly, as Federal News Radio notes, the new policy does not apply to sensitive compartmented information facilities (SCIFs), which are rooms used to access sensitive compartmented information (SCI) types of classified information and where mobile devices are forbidden.
New Policy Offers Mobile Users More Freedom
Therese Firmin, the deputy CISO of the DOD, said at the Nov. 29 Armed Forces Communications and Electronics Association's Mobile Tech Summit that the new directive simply allows for the use of mobile devices in secure spaces, but “it doesn’t mandate that these devices be allowed [there].
“It sets out a whole list of criteria, and you need to document your risk acceptance decision behind that,” Firmin said, according to FedScoop.
The directive applies to all department or agency employees, contractors, agents and visitors who have access to secure spaces where national security systems are employed. The policy accounts for environmental and device-specific considerations, such as the known vulnerabilities of a device or uncontrolled adjacent spaces, FedScoop adds.
However, once the basic criteria are satisfied, it comes down to a judgment call on whether to allow the use of mobile devices in secure spaces based on the mission need.
“So what mission are you wanting to promote by bringing devices into your secure area?” Firmin said, according to FedScoop. “Things like counterintelligence, cover, testing, training, research and development are all valid missions, but it’s up to that security authority in consultation with the authorizing official to make that final decision on whether or not they’re going to allow that to happen.”
Firmin told Federal News Radio in early December that there was no timeline for when the new directive would be implemented, but she thinks it will boost productivity and give users more flexibility.
“It will definitely improve the productivity, because what it will allow for is for the users to access enterprise information from their phones or their tablets or their laptops when they are remote or in their office environments,” she said. “There’s a huge productivity advantage to doing that.”
For example, she said, a user could download applications that he or she is comfortable with and that could boost productivity.
“I think the commercial technology has matured enough now that they can meet the security requirements that we have and we make sure the infrastructure they are connected to is secure,” Firmin said.
The DOD wants to infuse mobility into more aspects of its operations and the new policy is a clear step in that direction. “Commercial industry is much better at letting people take notes on tablets and laptops and we are going to be in that world too where people can take their devices in and start taking notes and not have to bring the paper and pencil with them everywhere they go,” Firmin told Federal News Radio. “That alone will help our security and our access to information.”