The U.S. Army's drive to put educational tools on soldiers' mobile devices is being slowed by the risk of security breaches. (U.S. Army)
One minute, a U.S. Army recruit uses a smartphone to learn how to zero a rifle sight before hitting the range; the next, he browses a digital maintenance guide before changing an armored vehicle’s tire. Then he watches a video of a forced entry on his smartphone before kicking in a door and clearing a building. There’s a world of training at his fingertips, assuming there’s an iPad or smartphone beneath them.
Army officials outlined that dream scenario two years ago in a YouTube video. Called the “Army Learning Concept 2015,” it’s actually about catching up with the mobile technology revolution that began in 2007.
But the Army cannot realize its mobile training dreams until it figures out how to securely tap into the consumer devices driven by Google’s Android and Apple’s iOS operating systems.
“I have a dream, and the Army has this dream, of operating in a mobile environment, but we are concerned about the lack of security,” said Maj. Gen. Steven Smith, director of the Army Cyber Directorate.
The Army has its sights set on a concept dubbed “bring your own device,” or BYOD. Meant for the garrison and not the war zone, soldiers would use their own personal devices to access information for training and day-to-day business tools such as email, contact lists and calendars.
Moving training from actual equipment or expensive simulators to phones or tablets would likely reduce costs, but would also have the added benefit of being accessible 24 hours a day.
“The ramifications [of using mobile devices] are how we’re able to take advantage of the war fighters’ time breaks that they might have,” said Chester Kennedy, vice president of engineering at Lockheed Martin Global Training and Logistics. Such students would “be able to get some portions of their exercises completed in what would have otherwise been down time for them.”
The concept of BYOD is rooted in the recognition that smartphone manufacturers are making too much money in the consumer market to have an incentive to tailor-build a secure smartphone for just the Army, according to Smith. At the same time, the federal government’s processes for granting new security certifications for consumer mobile devices are being outpaced by technological advances, he said.
The Army is pursuing a solution that sidesteps the security issue in a sense, one that ensures that these consumer smartphones access data without storing it. This way, if a device winds up in the wrong hands, it cannot be hacked into and exploited.
“The process of trying to certify a hardware device and an operating system — that old process can’t keep up,” Smith said. “We need to be able to control you in the cloud. I’ll know it’s you, but we’re not going to let you keep anything on the device. When the session’s over, the session’s over.”
The Army and the Defense Information Systems Agency plan to issue a broad agency announcement by early summer for a third-party approach to securing mobile devices.
You Say You Want a Revolution
While the envisioned mobile world of training has not emerged, the Army has started to take advantage of the smartphone revolution in other ways.
To assist the Army, the defense research nonprofit Mitre has formed a Government Mobile Applications Group aimed at expanding the service’s various mobile technology pilot programs and finding security solutions.
“The U.S. soldier is the most adaptive, innovative-thinking soldier in the world, but smartphone technology isn’t yet part of standard-issue gear,” said Bob McKee, a senior principal systems engineer in Mitre’s Army Program Directorate. The key word there is “yet.”
Already, the Army’s Connecting Soldiers to Digital Applications program has launched some pilot programs through which soldiers can access apps on iTunes and Google Play. These provide publicly available information.
“Trainers are saying, ‘Give us tools and technologies and ways to train wherever we are, whenever we need it,’ ” said Gabe Batstone, CEO of Ngrain, a company that makes 3-D software for training. He notes that current and future service members come from a generation of digital natives. “They grew up with Nintendo and Xbox and mobile technologies. They expect and need those things, frankly, to train.”
The Army’s own marketplace, launched as a prototype in March, includes a variety of apps, many of them mobile versions of open source printed materials. Among the most popular are Pashto language materials, a tracking app for shipping containers, and the Army Social Media Handbook. However, many of the mobile apps based on generic uploads of documents miss out on the true potential of mobile, interactive technology.
“Converting software onto an iPad does not create an iPad application. You have to look at the user interface,” Batstone said.
Mitre is examining how to expand these pilot programs to get more training information into the hands of soldiers and employ the efficiencies smartphones provide. Of particular interest are the BYOD-focused pilots mentioned earlier.
“BYOD has made some early pilots and got some great data back, and I think we’re getting thumbs up to move out on it,” McKee said.
McKee called it “an innovative way to work within the system,” noting there is still concern about protecting soldiers’ identities and information, the data the soldier is accessing and the network the data reside upon.
Separate from its BYOD efforts, the Army is still pursuing the means to secure devices it has issued.
In October, the Army published a formal request for information about software to manage government-owned mobile devices remotely. The idea, according to the notice, is to take advantage of mobile devices that lack the security needed for Army use. The Army would track and monitor the devices through a central point, retaining the ability to control access to Army data and a provision to remove applications.
Among other capabilities, the solicitation expressed interest in the ability to remotely wipe or lock devices, filter Web content and disable functions like the Internet browser, Bluetooth and GPS systems.
Again, these are government-issued devices. “If we define you as a threat and erase your data, it better be the government’s phone, so you don’t sue the government for erasing your family photos,” McKee said.
Adapting the Tech
Until the Army’s smartphone future arrives, one place to get a glimpse of how it might look is the service’s Mobile Applications Branch, headquartered at the Signal Center of Excellence at Fort Gordon, Ga.
For the last few years, branch chief Lt. Col. Greg Motes and his team have been adapting training materials for iPhones, iPads and Android phones for use within Training and Doctrine Command.
Motes said the school’s Captains Career Course has been using iPads on a limited basis to access course materials. To be successful, such efforts need big commitments, Motes said, meaning local network connections, buy-in from leadership, loads of apps and a broad distribution of the devices.
“It’s a real chicken-and-egg situation,” Motes said. “Until everybody has a device, it makes it hard to expend the time and resources it takes to get any material translated, or any sort of simulations translated onto a smartphone or tablet.”
In the meantime, one of the more innovative apps Motes’ team has created is one that can read QR codes — essentially, square barcodes — placed on objects or landmarks to provide a video or text in a “museum-type learning environment.”
Instead of flipping through the pages of a manual, a soldier being trained to repair a generator might scan a cable on the generator to determine where it goes. The QR code would then link to that information.
“They’re essentially hyperlinking an object, which I find fascinating,” Motes said. “The next step is to scan a QR code on a cable from a router to a switch, and not only see where the cable goes, but — when authenticated — control the link.”
This, too, raises the unresolved question of security.
For Motes, one of the most promising efforts in the Army is to link mobile devices to the network using a Defense Department-issued Common Access Card and a card reader, just as some soldiers do using their home computers. The Army is sorting through how to create a secure connection like this for mobile devices, and Bluetooth CAC-readers have started to become available, Motes said.
“If we can get CAC authentication on smartphones, I think that will set the stage for being able to access more information,” Motes said, “but right now, to be clear, that is not allowed.”