COVID-19 News

COVID-19 leads Air Force to reconsider its mobile computing future

Two months into the COVID-19 pandemic response, the Air Force is slowly addressing its telework capability needs and considering its mobile future -- a move that could put a spotlight on its T2 partnerships with software factory BESPIN (Business and Enterprise Systems Product Innovation) and mobile security testing company NowSecure.

Air Force CTO Frank Konieczny cited a laptop shortage and an inability to secure network connections at scale as two big problems that emerged as the service tried to spin up telework as part of its COVID-19 pandemic response.

"That was the biggest part: we were trying to connect everybody but we didn't have enough capabilities in terms of VPNs or hardware to actually do that," Konieczny said May 19 during a virtual event on C4I (Command, Control, Communications, Computers & Intelligence) hosted by AFCEA International and George Mason University. "We're looking at other mobile things we want to do like BYOD [bring your own device] or something else that actually support the capabilities that we actually need now."

"I think the COVID situation has actually helped to highlight the fact that the Air Force has no mobile capabilities," Lt. Col. Paul Cooper, BESPIN's CEO, told FCW. "We're hoping that translates to budget allocation so that we can go out and build an organic mobile development capability."

BESPIN's acronym is yet another Defense Department Star Wars reference -- the name of a gas planet that's home to Cloud City. It followed in the path of Kessel Run, a pioneering Dev Ops program at USAF (also a Star Wars namecheck). BESPIN got its start with just a five airmen in 2018, according to Master Sgt. James Crocker, BESPIN's CTO and lab director.

"Let's take a few airmen, let's lock them in a closet off base -- literally like a closet, it was a really small room -- find some problem sets, throw them at y'all see what you can do," Crocker told FCW of the early days.

The first problem was taking the task of ordering of parts and putting it in a mobile device, reducing the protocol to six screens and nine button clicks in six weeks from idea to prototype.

BESPIN now boasts near 100 personnel – double its size from just September 2019 – and is working on 14 development efforts, 12 applications and two platforms. But the timelines for those projects could accelerate because of current needs.

BESPIN works with a $17 million budget -- $14 million from SBIRs and $3 million from the Air Force budget. BESPIN is also hoping to scale its mobile interface used by maintainers to order parts to the entire Air Force by 2023.

"Right now as we built this out, we realized that there was a lot of other hurdles and everything that we had to go through from the Air Force policy to getting access, remote access via iPads," Cooper said of the project, adding that they were still wrestling with mobile platform access and legacy system challenges.

The group also wants to scale capabilities, such as mobile-delivery-as-a-service, its enterprise mobile and business platform which hosts applications and improve delivery times and help deliver on that mobile workforce.

Wake up call

But the trick is getting senior leadership bought in. Crocker said he's frequently made the pitch, but it's a hard sell because the assumption is that mobile capabilities exist in the Air Force -- just as they do in the civilian world -- and are cheap to make.

Andrew Hoog, founder of NowSecure, which specializes in automated mobile security testing, told FCW "traditional controls that have been in place to go test web apps or traditional apps are simply not effective testing mobile apps. It's a different architecture...there's a whole bunch of sensors that sit on your phone and they don't sit behind firewalls."

NowSecure partners with BESPIN to run automatic security testing on the apps it builds. The company was one of the first to be awarded an Small Business Innovation Research contract, and later a follow-on contract, via one of the Air Force's first Pitch Day in 2019 to support continuous mobile security testing for BESPIN. The result was taking the company's off-the-shelf product and tweaking it for the Air Force's needs.

"Mobile basically runs the economy now. To a large degree, the federal government and DOD have been left behind those waves of mobile innovation because of stringent security requirements," Brian Reed, NowSecure's chief mobility officer told FCW.

But getting the Air Force to scale its mobile efforts will require a policy shift -- including subverting the notion that mobile devices are inherently unsafe.

Jason Howe, the Air Force's CTO and chief cloud architect for manpower, personnel and services (A1) said as much during a May 11 panel discussion on identity management.

"In the DOD, I truly believe that if we can start securely authenticating users on their personal mobile devices to interact with A1 systems on government devices to interact with A1 systems, that we will see growth occur. But you've got to get past that first step," Howe said.

And that comes down to culture and policy.

"Policy doesn't reflect mobile capabilities," Crocker said, such as "how we secure and vet DOD-owned data versus public data. If we publish an application that's a government-only application and our men and women our airmen download it and they put government data on there and there's a breach between the two, that phone is now compromised. And so those capabilities are major hurdles to [bringing] your own approved device."

Read more: https://fcw.com/articles/2020/05/31/bespin-usaf-mobile-williams.aspx