An all-of-government tendering process has begun for mobile data and services, but at a preliminary presentation there appeared to be a preference for BlackBerry as the sole approved handset.
Computerworld understands some vendors are concerned that handsets other than BlackBerry may be excluded. A request for proposal (RFP) for the project is due to be issued on October 21. However BlackBerry handsets are only the preferred handsets for the most confidential categories of information, says Victoria Dew, for the Department of Internal Affairs, which is handling the tender. The security evaluation is in the hands of the Government Communications Security Bureau (GCSB), she says, and it does not discount the possibility that a supplier with another device will be able to satisfy GCSB that the handset they offer is secure enough for the tender’s purposes.
The tender fits within the all-of-government guidelines known as Directions and Priorities for Government ICT and is founded on an instance of the All-of-Government Common ICT Capability Roadmap, which puts those directions into practice, says material for the supplier presentation.
The first phase of the tender will cover devices and voice and data traffic for as many as 215 government agencies and 78 councils. Future phases still being evaluated are likely to include services such as 0800 inbound calling, international voice and eventually “unified communications as a service”.
Overall aims include reduction of total cost of ownership across government, productivity improvement and lowering of “barriers to cross-government communications and collaboration”.
Security and privacy commentators have pointed to possible risks with the BlackBerry, owing to traffic being handled by vendor Research In Motion through Canada, and have expressed surprise that few users seem as bothered about this as they are about more overt forms of cloud computing.
Assessment of the BlackBerry handset as appropriate for information classified up to the grade of “restricted” is part of the worldwide “common criteria” system whereby government agencies dealing in confidential data test and approve equipment as appropriately secure, says Barry Brailey, head of the National Cyber Security Centre’s consultancy services division.
The assessment does not relate simply to the handset, he says; any secure environment would also have to use an appropriately “hardened” BlackBerry Enterprise Server.
Currently the BlackBerry is the only mobile handset family to have gained such approval, he confirms. The Australasian common criteria panel – a joint Australia/NZ effort - has other mobile devices under consideration for approval, Brailey says; but those considerations are at present commercially confidential.
As to the recent dropouts – now worldwide – in the BlackBerry network, this may prove to involve other parties, such as communication service providers, he suggested – it currently appears it was the fault of inadequate disaster-recovery procedures at a Research In Motion datacentre. That aspect is beyond the current brief of the NCSC or the common criteria panel’s assessment, Brailey says, so he cannot comment.