By Matthew Gollings and Dirk Hodgson
Ask a civilian how they imagine their government’s intelligence agencies’ communication systems work and they’ll likely conjure up a James Bond-like world of advanced gizmos that can quickly access everything from classified satellite images to the location of friendly forces in the field.
However the reality is that most Command, Control and Intelligence (C2I) agency employees literally get asked to leave all mobile devices at the door, to guard against the very real threat of information leakage.
While this is the cultural status quo in many C21 agencies, it is also a growing risk to mission effectiveness, with slow adoption of mobile technologies potentially leaving C2I agencies at an operational disadvantage, lagging behind more connected adversaries. The question is: are C21 agencies adequately protecting themselves if leaving the benefits of mobile at the door?
Is mobile worth the investment for C21 agencies?
The business case behind greater mobile adoption is strong. Mobile technology has led to a transformation of the workplace and the mobile-enabled workforce is widely regarded as the future for every organisation. Mobility has proven to provide better and faster decision making through improved access to key data and analytics. It enables employees to collaborate with ease. Clearly, these are capabilities that have the potential to deliver considerable, crucial gains to C2I agencies.
Consider, for example, a scenario where a commander has an urgent need to approve the prioritisation of intelligence targets in a classified operation. In many private sector organisations, decision support information can be pushed directly to executives’ smartphones or tablets, allowing them to make decisions in a considered, auditable and rapid manner from anywhere with the click of a button on their device. Clearly this would be advantageous for C2I agencies, and advances to technologies mean that it is also increasingly feasible.
Securing the mobile C2I world
Achieving required mobile security for a classified environment – without compromising the functionality and usability employees rightly demand – is challenging but not unsurpassable. There are a range of ways to bring government-grade security to the entire software stack on mobile devices – protecting both the data and the device itself. For example; virtualisation now allows mobile phones to support several operating systems on the same hardware, so that an agency’s IT department can securely manage a single device, rather than worrying about securing multiple devices.
Among others, the Australian government recently defined its evaluation pathway for use of mobile devices, including detailing the progressive steps towards certification in meeting security requirements. However, this is only the first step – the path to taking full advantage of mobile capabilities in C2I agencies is still being defined and will take some time to implement.
A word of caution is offered by the NSA’s Troy Lange, who notes that “the device is probably the easiest part”. All of the other components – network monitoring, enterprise services – are much harder. The NSA solution involves redundant, independently designed encryption layers. It’s also cloud based, with the device acting as a conduit to classifed data, rather than a storage hub.
Time to leave old practices at the door
The increased threat from connected adversaries coupled with advancements in classified mobile capabilities, makes now the right time for C21 agencies to make mobile a priority – designing new mission enhancing mobile services and mapping their secure path to a more digital, mobile-empowered future. In doing so, old practices – rather than mobile devices – will be left at the door.
Matthew Gollings is Accenture Australia’s Defence Lead. He has more than 20 years of defence experience, including 15 years in the Air Force as an engineer.
Dirk Hodgson is Accenture Australia’s Mission Services for Defence Lead, working with the nation’s Command, Control and Intelligence agencies. He previously spent seven years as an Intelligence Officer within the Department of Defence.