Defence finally allows staff iPhones, iPads

21

ipad-mini

blog The iPhone first launched in Australia in mid-2008; the iPad in mid-2010. The Australian Signals Directorate (you know, the agency which has been spying on the Indonesian President and discussing handing over data on Australians to foreign intelligence agencies) approved iPhones and iPads for classified Government communications 18 months ago in April 2012. But it’s taken until now — five years after the iPhone first hit Australia and three and a half years after the iPad launched — for the Department of Defence to finally agree to allow its staff to use the devices, instead of the BlackBerry handsets they’ve been used to for a decade now. ZDNet tells us (we recommend you click here for the full article, it goes into a lot more than just this area, representing a comprehensive interview with Defence CIO Peter Lawrence):

“As with most government agencies, Defence has had a traditional reliance on BlackBerry for mobile hardware, but like many government agencies, Defence was now looking to move away from being an exclusively BlackBerry shop in early 2014.”

I wrote a little bit about this problem in my article last week about the need for a good technology policy think tank in Australia. iOS is generally considered a very secure and modern mobile platform — certainly more secure than Android and a heap more modern and functional than BlackBerry’s various offerings. Yet it has taken five years for the Department of Defence to allow its staff to procure iOS devices. As I wrote in that article:

“… the Government has suffered a constant failure of policy vision. It has missed the boat on adopting almost every modern technology, from collecting and processing Australians’ data online to cloud computing to mobile and social platforms. State Governments have been even worse, underinvesting in their basic technology infrastructure to the tune of billions of dollars and suffering billions of dollars of IT project failures.

Most government departments and agencies are horribly inefficient when it comes to their technology operations, and IT project disasters are now the normal state of affairs in our state governments.”

Sure, Defence has valid security concerns about new technology platforms. Sure, the secrecy of classified Government information is very important. But does anyone really believe that BlackBerry’s operating systems have been inherently more secure than iOS over the past half-decade? And just how much productivity has been lost in major Government department such as Defence over that period as bureaucrats and military personnel struggle with BlackBerry’s outdated technology? When you consider the scale of a department like Defence (it has more than 65,000 staff), the scale of any technology inefficiency becomes magnified massively.

In your writer’s view, Defence’s sluggishness in adopting valuable new technologies is a perfect example of failed Government IT policy. Let’s hope the department does not take five years to assess fundamental technology leaps such as the iPhone or iPad next time they come around. Experience has shown even minor technology improvements (such as allowing web browsers with tabbing functionality or deploying secondary monitors) can have a huge impact on productivity. The benefits of opening up a major department like Defence to competing mobile suppliers should obvious to all.

Image credit: Apple

21 COMMENTS

  1. “But does anyone really believe that BlackBerry’s operating systems have been inherently more secure than iOS over the past half-decade?”

    This is effectively what this entire article is about.. based upon a question you ‘assume’ an answer too. Yet write the remainder of the article as if the adoption of i* products should be a given.

    Stick to reporting on matters you either understand about, or can quote sources for.`

      • not being snarky, but i would have thought the onus of evidence would be upon the writer of the article…

        do you know for certain that iphones or ipads ARE as secure as blackberries? if not, you really shouldn’t be speculating.

        also, what would staff be able to do on their iphones that they wouldn’t be able to do on their blackberries? i would like to know exactly what ‘inefficiencies’ are present by using one over the other…

        • I’ve been tracking both for a long time now, and haven’t seen any significant difference in the number of exploits released for each. Each has a pretty inherently secure system.

          There’s plenty of articles online about this — an example here:

          http://www.techrepublic.com/blog/cio-insights/iphone-now-as-secure-as-blackberry-say-tech-chiefs/

          “IT leaders and industry experts believe that Apple now roughly matches RIM on mobile security, removing BlackBerry’s last remaining advantage over the iPhone in enterprise.”

          • thanks for the link… i guess until there is a concrete way to compare security measures, then we can only go with this type of information…

            what would defence staff be able to do on i-equipment that they wouldn’t be able to do on a blackberry? do they have specific apps that they would be able to run on iphones? i don’t really get what the possible productivity increases would be….

          • Up until BlackBerry 10, the productivity increases on an iPhone were quite obvious. Decent web browsing, for one … plus the fact that there are a stack of apps, including many corporate apps, which are just not available on BlackBerry.

          • but are defence using the web browsing much and what corporate IOS apps are they going to use now?

            it’s one thing to say that IOS has more apps (which they obviously do), but which apps are defence going to actually use?

            and where is the evidence that defence will use these IOS apps, as well as the evidence to prove that IOS is as secure as BB? just because CIO’s say it is, doesn’t make it so…

      • BB does have a lot of inherent security over iOS and Android. Both iOS and Android are monolithic kernels. BB is not.

        BB10 is a microkernel, meaning it has hardware protection preventing the vast majority of conventional software attacks. BB7 is pretty vague, since they don’t really publish what BB7 is under the hood, but from the description, it runs a virtual machine like the JVM, which would impose a sandbox on applications, adding to security.

        For example, iOS is several millions of lines of code running in kernel-mode address space (including device drivers). All it takes is a single bug for the whole system to be compromised.

        BB10 on the other hand, runs only a few thousand, and device drivers should be running in their own address space, meaning an exploit on one kind of driver can’t compromise the whole system.

        So, yes, people do believe BB is inherently more secure than iOS.

        • Technically you are indeed largely correct (although the security difference with microkernels is still debated, and has been for several decades), but we really haven’t seen any significant difference in the number of exploits for BlackBerry operating systems and iOS over the time iOS has been in the market. To my mind this is the real test — reality versus theory.

          • That’s got nothing to do with the inherit security of the platform.

            The major reason iOS has little active exploits is due to the locked-down nature of the phones. No flash, no web GL, no way to replace the default browser. That stops attack vectors being exploited, rather than try to resist exploits themselves. This is able to replicated on any platform using decent MDM, and has nothing to do with the OS itself. (I assume defence is using some kind of MDM).

            I might be pedantic, but judging the strength of a platform by number of exploits, is like judging the safety of a car by the number of times it crashes. A car with more airbags is more inherently safe than a car with less air bags. This doesn’t mean a car with more airbags is going to be involved in fewer crashes.

            Likewise, BB is more inherently secure as it has more robust sandboxes and other features. Even if practical exploits isn’t necessarily reduced. What your saying is the practical security of the systems, not the inherit security. Maybe I’m pedantic, but there is a difference.

            As an side, I don’t know anyone who would debate that monolithic kernels are more secure than microkernels.

          • So what?

            Inherent security versus practical security … I have no doubt upon which basis chief information officers make these decisions.

          • Because running BB with a reasonable MDM will provide more practical security than iOS under the same conditions, thanks to the inherent security of the OS. So for people like defence, this makes a difference.

          • Again, there’s little evidence for what you’re saying — and there is quite a bit of evidence that chief information officers in general consider iOS as secure as BlackBerry.

            I understand what you’re saying regarding the theory and I don’t disagree. But that theory has not bourne out in practice with evidence that iOS is less secure. And if you know anything about Delimiter, you’ll know I focus on evidence.

          • CIO’s thinking that IOS is as secure as BB is not evidence, it’s their opinion.

            where is the evidence that IOS is as secure as BB?

          • “And if you know anything about Delimiter, you’ll know I focus on evidence.”

            And yet the premise for this entire article is written without ANY, at all. Just ‘hearsay,’ ‘thoughts’ ‘assumptions’ and your personal non-expert opinion.

  2. hey guys,

    look, I can see this conversation is going to go on forever re iOS and BlackBerry. You’re never going to agree with me about it.

    My argument is that iOS’s functionality and productivity increases has long trumped any theoretical security weaknesses it has had — for both consumers and in the enterprise. I haven’t seen *any* Australian examples where iOS devices have been hacked and sensitive data stolen.

    Your argument is that BlackBerry’s platform has inherently better security than iOS due to its architecture and that this mediates against its adoption for certain organisations (eg Defence).

    Perhaps you’re right. Probably you’re right.

    But ultimately it doesn’t matter … BlackBerry will not be here in a few years, and organisations right around Australia are dumping it wholesale for iOS and Windows Phone right now. Defence cannot ignore that trend. No organisation can afford to. The market has clearly spoken. BlackBerry is all but dead.

    Renai

    • You wouldn’t get so much negative response, if you didn’t pass off your personal thoughts as fact, then tell me I have to prove your assumptions are wrong – yet it is you making the assertions, and then link a tech republic article as ‘evidence’.

      What is worse is you then go on to response that delimiter content is based on evidence, yet have failed to provide a modicum of it for this article, it makes the entire debate/article farcical.

      The ONLY reason defence in Aus. and elsewhere (with similar requirements) are moving off Blackberry is because of a pretty simple risk based approach. Accept lower security with a product that will exist and be supported, or accept higher security with a product that will likely cease to exist. That risk profile is moving, more and more to the the former.

      They are not moving because the iPhone is as secure as a BB, they are moving because the likelihood of BB failure is now sufficiently high that the drop in ‘security’ offsets the risk of product abandonment.

      • absolutely agree with all of the above. if BB was more secure in its position, then i doubt that defence would bother to move.

        • Mate,

          a little dose of reality here.

          Very few government departments or large organisations of any size pick one single smartphone vendor. Usually they offer at least two and sometimes three. Things might be more restricted if you’re dealing with classified communications a lot as part of your job, but a lot of Defence staff don’t.

          The fact that Defence only offers one option is quite the anomaly.

          Renai

      • hey mate,

        look, I don’t disagree with what you’re saying, and I acknowledge that my initial response was a little glib. Your response was a little offensive, but I can forgive that.

        But clearly there is a wider point here. The wider market clearly believes that iOS is ‘secure enough’ to nullify that issue in terms of competition with BlackBerry. With this issue largely nullifed, iOS’s clear featureset improvements have gotten it across the line in most other large organisations.

        Yes, you’re right, security risk is a more pressing issue in high-security organisations like Defence. And this is why they’ve stuck with BlackBerry until now.

        But this doesn’t negate the overall point that iOS has been able to largely negate the security to the point that BlackBerry is now going out of business. In the meantime, by focusing on the security issue more so than other organisations, Defence has missed out on the advantages iOS does offer.

        I’d like to see that point acknowledged a bit more widely. Not everything is about security.

        ‘Security’ is also a misleading, catch-all phrase here. As we’ve seen with the cloud computing debate, we should be talking about such issues in a much more granular fashion than this. The cloud computing discussion has moved on from the debate about whether “cloud” is good or not, to what particular varieties of cloud (IaaS, SaaS, storage as a service, etc) should be applied, and where, and how, and when offshore, and when offshore, and when from an in-house datacentre, and when an external facility, and so on. What data should be stored where, what processing loads should be conducted where, is also a discussion.

        I’d like to see this same granular discussion applied here.

        My suspicion is that Defence could have taken a more granular approach to this. Not everyone in Defence accesses sensitive data at all. Many do not. Those staff could have been trialling iPhones/iPads long ago. Instead of iPhones, Defence could have worked with commercially available ‘hardened’ Android custom installs or iOS installs. And so on.

        There are so many options here that it’s not funny. And yet, what appears to have happened is that Defence stuck with one vendor, the one they had been with for a decade, until the absolute last moment, when it appeared that vendor was about to go out of business. In the process, they lost the chance to pursue the productivity improvements which have had major organisations all around Australia migrating to iOS. No matter which way you look at it, they’re behind the curve.

        These days cabinet documents are kept on iOS devices. Board documents for major corporations are. Ministers use iOS devices. And so on. Banks. Law firms. Etc. So many organisations with high security requirements are on board with this. As I mentioned, the ASD (which has historically sat WITHIN DEFENCE) cleared iOS for classified material 18 months ago.

        What the hell has taken Defence so long?

        You can see why I’m a little frustrated. We can sit here and debate all day about whether BlackBerry is theoretically more secure than iOS. But that’s completely ignoring the rest of the context here.

        ASD answered the question of whether Defence could use iOS 18 months ago when it cleared its use for classified communications. This means that, irrespective of whether iOS is less secure than BlackBerry’s offerings, it is STILL SECURE ENOUGH for use for classified communications.

        Defence knew ASD was working on that. In July 2011 ASD released a ‘hardening’ guide for iOS:

        http://delimiter.com.au/2011/07/05/cracks-open-in-dsds-ios-shield/

        And yet it still took 18 months for Defence to support iOS. 18 months, most of which during BlackBerry 10 was not available and Defence staff were sitting on a legacy infrastructure which they didn’t need to be. Hell, even from now it’ll no doubt take another few years or so until much of the BlackBerry fleet at Defence is migrated.

        None of you are wrong about BlackBerry probably being theoretically a more secure platform than iOS. But what you all seem to have missed is that this doesn’t mean iOS is not secure enough, as defined by the Australian Government itself. And yet Defence has still only now been able to get the procurement case across the line.

        There is a bigger picture here than microkernels, and there is a bigger picture here than the technical security superiority. There is a “real life” picture here, and that is the picture which CIOs deal with constantly. It’s what I report on constantly. I’m not as ignorant as you all seem to think I am.

  3. As I said, the new comments coming in are not engaging with the wider issues I’ve raised. I’m sorry, but I tired of being attacked on the same grounds by people not debating the wider points. Comments closed.

Comments are closed.