Many members of the Marine Corps who currently have access to a government- issued BlackBerry had better start weaning themselves off.
The Marine Corps’ internal budget shakeout for 2015 was particularly unkind to Headquarters Marine Corps’ operating and maintenance budget for mobile devices, which pays for not just the phones issued to the top brass, but for about one- fifth of all of mobiles issued to Marines around the world.
That budget had seven figures in 2014. It will be a five-figure budget in 2015.
Rob Anderson, the chief for vision and strategy in the Marine Corps CIO’s office laid out the scenario in those somewhat-imprecise terms at AFCEA’s mobile technologies symposium in Washington on Wednesday. While he didn’t offer exact dollar figures or specify the number of devices that will be taken away, the point is that there will be a significant reduction.
“Those devices that are currently issued to people who are considered privileged users, a large percentage of those devices will be retracted, and those individuals will no longer have the ability to do what they do with their mobile devices today,” Anderson said.
The cutback is all the more reason, he said, to get rolling with a program that could allow Marines to begin connecting their personally-owned devices to government networks as soon as 2015. The bring-your-own-device approach is still in its early stages, but the Marine Corps believes it could dramatically cut its wireless bills. Each government-issued phone costs the service roughly $480 per year. On the other hand, officials estimate they could outfit a Marine’s personal device with a secure container certified for government data for about $40 per year.
Anderson said the pilot and the research his service conducted in preparation for it has left him very optimistic that they can solve any serious security concerns associated with a BYOD approach using, for example, an iPhone.
“The sandbox, which is 256-bit encrypted and FIPS 140-2 compliant can be placed inside this device, so I’ve got encryption on the device, plus an organizational container with another layer of encryption and protection,” he said. “And what we’ve found with our penetration testing of some of these organizational containers is that even if you take a compromised device, you cannot extract usable data from that container. There ought to be a way we can leverage this technology for individuals so they can get access to at least their personal organizational data. We have to have a solution. We have to come up with something that we can present to leadership.”
Anderson said the use of containers might also help solve one of the nagging problems that has remained a barrier to the adoption of BYOD in government — namely, if a user’s device is compromised, can or should the government confiscate or wipe the entire device, including personal data?
“I stipulate that because the encryption is so good now, that when we remove that government container, maybe that should meet the requirements for cleaning that spillage,” he said.
This post is part of Jared Serbu’s Inside the DoD Reporter’s Notebook feature. Read more from this edition of Jared’s Notebook.