The Energy Department is modernizing its technology infrastructure in layers.
The cloud makes up one layer. A new security operations center makes up another.
But it’s the move to mobile devices that will bring all these layers together.
“We are looking at how do we create sets of services we can truly share with each other. Today, we still have too many email systems, too many customer relationship management systems and things like that,” said Bob Brese, Energy’s chief information officer. “And by consolidating these things, we are confident that we can use a brokerage model to take single services and deliver them into enclaves that are appropriately protected for each of our various missions, whether it’s science, energy, nuclear security or the general functional administration of the department.”
He said broker approach would deliver each of the services from each of the clouds into a secure enclave where the employee uses the application, but doesn’t know or care where it comes from.
And that concept is setting the stage for Energy’s increased use of mobile devices and applications.
Strategy coming in 2013
Brese said he hopes to complete a mobile strategy by the end of fiscal 2013 to lay out how Energy will implement mobile computing, and most importantly remove device dependency on apps.
“That’s going to be a challenge. We’re all fighting that battle, and it’s difficult. But I think we are all coming to the realization is that the end device, the end point, can’t be the thing we are focused on,” he said. “We will focus on a mobile device management solution that gives us control on data and limits the amount of data that can be resident on a device.”
The goal of the strategy is to create a risk-management approach to using both devices and applications.
Brese said, for example, if an employee believes they need to work off line and have data reside on their tablet computer or laptop, then the program office where that employee works would have to make their case.
“We want to create more of a glove box type approach to working with data from a mobile device,” he said. “I don’t want to have to worry about whether you’re on an iPhone, whether you’re on an Android phone, whether you’re on an iPad or whether you’re on a laptop, I want that data in my control, in my cybersecurity wrapper, in the appropriate enclave for the mission you are working on and the device of your choosing and the location of your choosing.”
Security remains the biggest challenge for mobile
Brese said there are a number of challenges to this concept, including whether the agency issued the device the employee is using, and how they are coming into the network, through a Virtual Private Network or through a cellular or wireless connection.
“The level of assurance, the level of authentication that goes into that session may be different,” he said. “It’s very complex, but I don’t want to worry about end points as much as we deploy this strategy.”
Energy is conducting a pilot with Virtual Desktop Interface (VDI) software. About 500 employees are logging on through the application and working on the network without any risk to the data.
“We are finding VDI in our current pilot to be very functional and very useful, and the folks who are in the pilot really enjoy it a lot,” Brese said. “I see that rolling out to more users in fiscal 2013. Our goal is by the end of fiscal 2013 to expand that to at least 2,000. VDI will be the primary way people will access [our network]. The mobility piece will be dependent on how far we can get on this strategy. Our goal is by the end of 2013, we will have something that we can begin deploying that will be acceptable for all he mobile devices. I do think VDI is going to be, if not the critical enabler, one of the most critical enablers to freeing our employees from a specific desktop.”
The third layer to this effort is the Joint Cybersecurity Coordination Center, where Energy has consolidated its reporting and information sharing across all of DoE, including its labs and offices.
Brese said the next step is to bring together all the analytics virtually so the cyber workers can integrate their efforts.
“The goal is as we get to the end of fiscal 2013 and it might be into fiscal 2014 to be able to do real time collaborative incident response,” he said. “In the past, we’ve had to put people on an airplane or had to mail physical assets around, but in fiscal 2013-2014 we want to be able to do that incident response online and in real time.”