Intel and BYOD

The intelligence community is warming to the concept of bringing your own device to work -- except when it comes to highly classified work.

"Bring your own device is something that we need in the future," Brig. Gen. Jeth Rey, the director for command, control, communications and computer systems (J6) for U.S. Central Command.

"We're all comfortable on the daily basis when we pick up our phone, we join a bank, we look at our finances, we move money around, we take pictures of the check, we deposit the check, and we're comfortable with that -- the security level that the bank provides us. So why not build the same environment?"

Rey, who was speaking at the virtual Intelligence and National Security Summit Sept.17, said CENTCOM is looking to replicate that with the containerization of personal data, transport agnostic environment, data-centric connections, and use of personal attributes, like biometrics, as credentials to grant access even down to the document.

Greg Smithberger, the National Security Agency's CIO and director for the capabilities directorate, recently emphasized the need for proper security measures that make top-secret telework impossible, but supported the BYOD approach with the right security parameters.

"A lot of thought has to go into it, but it's viable with the right security architecture," Smithberger said, naming two-factor authentication and use of a virtual desktop that's limited to how it can "interact with the outside world and stay off the corporate network."

However, there are also serious civil liberty concerns around personal data on personal devices that Smithberger said have to be considered.

"It's all about getting the right concept of layered defenses that can be imposed upon that personal device without any possibility of getting access to their personal information," he said, "making sure that the government is not monitoring or getting access to private information of individuals which we have no right to see or to monitor."

The ongoing coronavirus pandemic has increased the need to consider BYOD, in tandem with the rise in telework, in the intelligence community.

Doug Cossa, the deputy CIO for the Defense Intelligence Agency said that while he's not sure what percentage of the workforce will do so, the agency is "architecting for an enduring level of telework."

Cossa said that telework will likely be more permanent for business operation functions, including human resources, data management, contracting, finance, training. (The latter was shifted from a classified to an unclassified network during COVID-19 response, he said.)

But when it comes to permanently allowing work mobility and flexibility, Cossa said, DIA will have to look at facilities management and new employees.

"We treat new employees coming in to where you're given a fixed workstation in a fixed location," which isn't always needed, he said. "But in many functions of the workforce they can work from within a building. Looking at can we work from tablets from laptops to where you can perhaps even go wireless and work from anywhere in one of our facilities or multi facilities," or even outside the IC.