When the Navy needed to quickly pivot tens of thousands of remote users off of virtual private networks because of the Ivanti security vulnerability, it managed to quadruple its use of a newer solution within the span of week. But it’s unlikely that officials would have had the confidence to make such a large move if the Navy Reserve hadn’t already paved the way.
That newer solution — called Nautilus Virtual Desktop (NVD) — started as a pilot project in the Navy Reserve in 2022. That was a logical starting point, since many of the 60,000 sailors who make up the reserve tended to be the least likely to have physical access to Defense Department networks in their day-to-day lives.
NVD makes that a nonissue. Sailors can access a virtual instantiation of the Navy-Marine Corps Intranet (NMCI) from any computer, including personal ones.
“We have Navy Reserve centers in every single state, and every sailor that is in the Navy Reserve right now is either in a fleet-concentrated area or in a non-fleet-concentrated area,” Cmdr. Stevie Greenway, the reserve’s deputy chief information officer, said during an appearance during Federal News Network’s DoD Cloud Exchange 2024. “For the sailors who are not in a fleet-concentrated area, they don’t have a lot of access to government computers and devices. So the virtual desktop is a perfect opportunity for them to be able to work from their homes and do some of their drill weekend stuff anytime they need to.”
Increased cost effectiveness
That ability has already helped the Navy Reserve cut its IT costs. Although it still maintains government computers at its reserve centers for sailors who are unwilling or unable to use their own computers via NVD, in most cases, there’s no longer a need to maintain large computer labs at those centers just so sailors can check their government email.
But making the transition also involved some up-front funding and technical challenges, said Lt. j.g. Christopher Gregory, command technology director for the Office of the Chief of the Navy Reserve.
“Our number one hurdle was kind of figuring out, ‘OK, each account represents dollars. How are we going to control this? How are we going to parse it out to our force?’ We started out with kind of a rudimentary process that involved a number of steps,” Gregory said. “I came in with that deck plate knowledge because I was the sailor coming in on drill weekends. And I thought to myself, ‘What’s the easiest way for one of my members to get online and to register and to send an email?’ So we designed an automation that removed all barriers. With a blank email sent to our addresses, a sailor is signed up, and they’re good to go with NVD.”
For the broader Navy, the eventual goal is to move about 200,000 users to NVD, which Gregory said offers sailors a better user experience than connecting directly to NMCI on a government-furnished computer.
Next step: Mobile devices
Meanwhile, the reserve is in the second phase of another pilot project to accomplish essentially the same objective with mobile devices. It’s called Mobile Application Management Without Enrollment. Much like the NVD concept, the idea behind MAM-WE is to let sailors use mobile apps to access their Navy accounts from their own devices.
“It’s another game changer,” Greenway said. “It allows you to use things like Microsoft Teams and Outlook, so you can send Navy emails from your personal device. Our big belief is we have to focus on the workforce — that’s one of the pillars in our information strategy. We have young sailors coming in, and we cannot tell them, ‘Hey, you can’t use your $1,000 device.’ We want to maximize that ability wherever they are to be able to work on their personal devices and do the Navy Reserve work they need to. We’re still getting user feedback, but everything so far has been very positive.”
MAM-WE works by keeping government applications in separate, virtualized containers on a user’s phone — isolated from other software that could pose a threat to government networks. And officials consider the risk of data spills to be very low because no government data is stored at rest on personal devices. Rather, it’s kept in a secure cloud environment.
For both NVD and MAM-WE, those types of advancements have helped make Navy security officials comfortable with bring your own device concepts that would have been difficult to swallow a decade ago.
“Honestly, it’s industry technology. The state of the market has risen, and DoD has smartly matched that,” Gregory said. “We’ve embraced zero trust in our architecture and how we build our networks, which is what the rest of the industry is going with. We have conditional accesses, which are kind of a first step. And then there’s artificial intelligence — our favorite buzzword — out there monitoring our networks autonomously and intelligently for the first time. So when a potential adversary tries to log in with a conventional conditional access token, from some area in the world at a certain time, the AI is able to identify that and shut them down. I would love to take the credit, but technology has come so far, so fast, and AI is really protecting our networks day in and day out.”