U.S. Defense Department Gives iOS 6 Security OK
In a vote of confidence for Apple's iOS devices, the U.S. Defense Department has given the all-clear for employees to use iPads and iPhones for work. But only those running the latest operating system, iOS 6, and only if issued by the government.
The Pentagon previously approved the Samsung Knox and BlackBerry systems as secure enough for its employees, and made the decision after allowing some to use Apple devices during a trial period.
In announcing the decision, the Defense Information Systems Agency said it had approved the Security Technical Implementation Guide (STIG) for iOS 6, allowing government-issued devices to be approved for connecting to DoD networks "within current mobility pilots or the future mobile device management framework. "
Pilot Program In Place
Employees won't be able to use devices they acquired on their own, however.
DISA is the agency responsible for a Mobile Device Management (MDM) system, which is in source selection now and expected to have a contract awarded in early summer, the statement said. That protocol will manage and distribute mobile applications and fend off persistent cyberattacks that have been targeting private and government computers in search of secrets.
"All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks," said Mark Orndorff, program executive officer for Mission Assurance and NetOps, and chief information assurance executive at DISA, in the statement. "DISA is running a pilot program today where we bring this all together."
Chester Wisniewski, a senior cybersecurity analyst at Sophos International, said approving STIGs is a common procedure for nearly any type of technology or operating system. "Everything that is in use must have a STIG defining how it is to be deployed, which options must be enabled/disabled, etc.," he said. "While it is certainly a good thing for Apple, I imagine there are or will be STIGs for Android Ice Cream Sandwich (4.2) and others. There are already STIGs for Blackberry and Samsung."
Samsung's Knox is a mobile solution that "addresses mobile security needs of enterprise IT without invading the privacy of its employees," the company says on its Web site.
In 2010, the Army announced it was looking at issuing STIGs for iOS and other devices, including Android, for personal use by its personnel.
"We're looking at everything from iPads to Kindles to Nook readers to mini-projectors," Mike McCarthy, director of the mission-command complex of the Future Force Integration Directorate at Fort Bliss, Texas, told the Army Times at the time.
The Army said it would need to install its own Common Access Card readers for security.
Goal of 100,000 Devices
The DSIA on Friday said its goal was to create a "multi-vendor environment, supporting a diverse selection of devices and operating systems," by validating a range of devices that meet it security standards, so that employees can take advantage of the best technology available.
The statement said it has yet to be decided how many iPhones or iPads would be ordered for Defense employees. (Sequestration cuts may have an impact.) "Actual orders will be tied to identification of specific operational requirements and funding availability of using organizations," the statement said.
The Commercial Mobile Device Implementation Plan's mobile enterprise solution will ultimately support approximately 100,000 multi-vendor devices by February 2014, the agency said, and Defense already has more than 600,000 commercial mobile devices in operational and pilot use: That includes approximately 470,000 BlackBerry devices, 41,000 iOS devices and 8,700 Android devices.