As a Federal law enforcement agency focused on combating violent crime and regulating the firearms and explosives industries, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) is a highly mobile organization with a nationwide footprint and a need to operate effectively outside of a traditional office environment. As a result, over the past several years, we have moved aggressively to explore and adopt emerging commercial technologies with the potential to provide more-capable support to our mission. Given the nature of that mission, security of devices and, more importantly, data has been a primary concern – along with ensuring that security does not compromise utility and usability when information is time sensitive and critical to life and safety.
The Mobile Start
ATF’s exploration into commercial mobile devices began in 2009 along with the emergence of prevalent and increasingly sophisticated consumer smartphones. Our initial attempts to reproduce a “BlackBerry-like” experience on consumer devices were not terribly successful — the victim of relatively immature mobile operating systems, primitive tools for managing and securing devices, and a dearth of available mobile applications.
As mobile OSes rapidly matured in the 2010-2011 timeframe, and with the increasing availability and sophistication of platforms like mobile device management (MDM) and mobile application management (MAM) and solutions like secure containers, our experimentation (and user satisfaction) accelerated.
At the same time, the Federal CIO recognized the exploding mobility space and the need for a Federal government strategy to address issues like device and data security, maximizing the government’s buying power, and adopting common approaches to embracing mobility. Many of these issues – along with the broader challenges of delivering better digital services – were addressed directly in the Digital Government Strategy released in May 2012, “Building a 21st Century Platform to Better Serve the American People,” which laid out an aggressive year-long agenda of milestones and deliverables. The work accomplished under the auspices of the strategy established some important government-wide foundations, especially related to security approaches for mobility and defining common security baselines across agencies.
With some of those foundations in place, 2013 saw many agencies — including the Department of Agriculture, the Department of Defense, and (somewhat less visibly) the Department of Justice – moving to deliver mobility infrastructure like MDM and MAM as enterprise services. In addition to achieving efficiencies and economies of scale, delivery of these common, commodity-type services at the department or agency level frees those of us at the bureau or component level to focus more on maximizing productivity and mission effectiveness through more extensive use of mobile applications.
Our initial efforts within ATF focused on adopting existing commercial or consumer applications wherever possible — for office document editing, use of voice over IP (VoIP) and VTC, and virtualized access to legacy client/server applications, among many possibilities. Use of a VPN with multi-factor authentication provides an easy and secure means for allowing such applications access to enterprise resources. Our colleagues in the Executive Office for U.S. Attorneys took a similar approach and have achieved remarkable levels of functionality and productivity.
We are now looking at technical options (such as certificates or derived credentials, building on work done by NIST) for making the secure connections on these devices more seamless for the user and more manageable – improving usability without sacrificing security.
For those organizationally unique business processes and systems — in our case, criminal investigations and industry regulation – off-the-shelf applications can’t always provide the needed capabilities. In those cases, we, like many other agencies, have turned to custom application development to meet mission needs. We started with simple yet compelling mobile needs for our first applications: capturing, reporting and distributing basic incident information for notification purposes.
Those efforts allowed us to understand better the considerations every organization must weigh in mobile application development: Web vs. native development; integration with mobile device functions like GPS and camera; cross-application integration for access to contacts, email, etc.; need for an “offline mode” and local data caching; and methods for securing the application connection. Ultimately, we need to move nearly all of our case management processes — and our entire legacy case management system — to a more mobile-friendly and truly “mobile-first” platform. In the interim, we continue to look for opportunities to deploy new mobile applications that address pressing mission use cases.
Even in the application development area, we are seeing a shift to common services and platforms where possible. For example, the Department of Homeland Security has created a shared capability for testing and evaluating mobile applications – their “mobile car wash” – which we also hope to leverage.
Within DOJ, we’ve recently stood up a shared application development environment. These innovations will lower the barrier to entry for components and bureaus in mobile application development, enabling us to share code, reuse solutions and approaches, learn from each other’s lessons, and move much more quickly to meet the mission needs of our organizations.
In a few short years we have moved at a previously unthinkable pace to adapt to a rapidly changing mobile technology landscape and adopt commercial, consumer technology into the Federal enterprise. Our ability to achieve and sustain that pace depends on a spirit of collaboration and a willingness to share solutions and services, both of which have reached unprecedented levels. That continued leadership and partnership will enable us to move collectively more quickly than we could individually in the mobile space.