When I ask colleagues in the military about use of their personal smartphones and tablet computers at work, the most common answer is “it’s banned!” I argue that this is very dangerous, as illustrated by this short (fictitious) story.
General Willi Smidt was reflecting on an interesting six months commanding the Logistics Corps of a major European army. This was Willi’s first command since promotion and he was keen to make an impression – he certainly achieved that, but for all the wrong reasons!
Willi is passionate about the use of Information Technology. He has been thrilled by how easy it is to organise his complicated home life with his new tablet computer; the powerful scheduling, social and communication apps allows him to balance being a good father to his twelve year old twins with his passion for football & tennis.
On taking command of the Logistics Corps, Willi was keen to transfer these benefits into his work environment. He knew that use of personal smartphones and tablets is banned in the army, but it was easy to persuade one his junior technicians to connect his tablet to the on base wireless network and hook him into the army databases that he needed for his job.
Willi was quick to see real work benefits. His tablet computer allowed him to spend valuable time travelling around the base whilst also being in touch with his staff. He was able to access the information he needed when & where he needed it. In short, he was much more productive. His team were impressed too, and Willi was starting to encourage them to bring their smartphones and tablets to work.
But then disaster struck! The head of cyber security operations called Willi one Monday morning to inform him that the central logistics database had become corrupted and that a rapid response team had been dispatched to recover the database and investigate the breach.
After a day on site, the Captain leading the cyber response team informed Willi that the database corruption had resulted from a malware infection on the network originating from Willi’s tablet computer. Further investigation revealed that the malware infection probably came from one of Willi’s twins using his tablet to play an online game, and was transferred to the army network when connected to the base Wi-Fi. Willi was very embarrassed and worried that disciplinary actions would follow.
By luck, since the incident was quickly discovered the database corruption was minor, and recovery was simple but time consuming. Thankfully, Willi’s superiors took an enlightened view and commissioned a study and pilot project to adapt industry best practice for “Bring Your Own Device” (BYOD) for the military. For now, Willi’s new tablet computer is restricted to home usage!
Industry has realised many economic and efficiency benefits from a proactive approach to Bring Your Own Device (BYOD), as shown in the figure below.
Military organisations would reap similar benefits – but it’s more than just that. Without a proactive, informed approach to BYOD, personal device usage will happen anyway introducing vulnerabilities to cyber attack, or unintended malware infection. The military NEED policies for BYOD now, and can learn much from industry – see here for IBM’s cross industry BYOD offerings.