defense missions must be developed based on predicted, rather than current hardware. This further emphasizes the importance of hardware-software co-design and rapid testing and of drawing lessons from consumer device deployment.
The expected length of the life cycle for consumer devices continues to decrease; for instance, the replacement time for smartphones is now less than a year. Comparatively slow and cumbersome Department of Defense (DOD) procurement and deployment cycles mean that units may lack access to current-generation technology. Defense organizations must balance rapid adoption for commodity technologies against more measured and careful integration and deployment of devices and technologies that are unique to defense needs. Risks increase when applying the same process and evaluation to both without distinguishing the risks and benefits.9 At the same time, proven technology—even if it is not the most current—may provide better results with cost-effective performance. Managing these tensions suggests that requirements and designs should be based not just on current technology but on projections of technology available two or even three generations ahead.
One area in which COTS has become the principal technological driver is in the ongoing consumerization of ICT and the emergence of what might be called a post-PC technological paradigm. Smartphones, tablets, cloud-computing capabilities, and other related commercial technologies are the hallmarks for this new era. Industry projections10 suggest there could be as many as 50 billion devices connected to the Internet within a decade. Global sales of mobile phones now exceed those of PCs, and the Chinese phone market alone exceeds that of the United States or Europe.11 For much of the world’s population, a phone is the primary computing device.
More generally, low-power designs, based on licensable components and created by semiconductor design firms without fabrication capabilities, along with the rise of system-on-a-chip (SoC) ecosystems are increasingly enabling new companies and enterprises to offer devices that compete with the traditional x86oriented PC ecosystem.
In both the x86 and ARM SoC ecosystems, some elements of each SoC are likely to be common (for example, general-purpose cores); others will be tailored to specific applications (for example, cryptography blocks, media encoders and decoders, digital signal processors, or network interfaces) and drawn from an array of internationally available and licensable silicon design blocks. This mix-and-match model, now prevalent in the mobile device space, challenges the traditional software development and maintenance model, where legacy software could execute unchanged (often without recompilation) as described in Chapter 1. A DOD shift to application-tailored classes of chips will require software refactoring and optimization for each new class of chips, each with different functionality, adding complexity to the software design and maintenance life cycle. Unless the software design process and toolset for distinctive defense software is adapted to this shift, the useful lifetime of the chips will be determined by software availability, not hardware.
In addition to the rise of a new and complementary COTS ecosystem, the consumerization of ICT has profound implications for how organizations manage their own ICT. The proliferation and popularity of new device functionality challenges traditional approaches to organizational technology uptake. Consumers drive adoption of technology in large organizations by forcing central ICT organizations to respond to consumer acquisition outside the organization. This socially activated disruption changes the planning and deployment of software and services. The DOD is not immune to this effect. As the perceived and actual differences between commodity technology availability and centrally mandated deployments rises, individuals and groups may circumvent best policies and practices in system security and information flow in order to access improvements in functionality.12 In addition, the proliferation of mobile devices with personally identifiable data and institutional data brings information leakage risks due to the possibilities of device loss and theft.
9A 2009 NRC report, Achieving Effective Acquisition of Information Technology in the Department of Defense calls for the DOD to acquire information technology systems using a fundamentally different acquisition process based on iterative, incremental development practices.
10CISCO White Paper, 2011, The Internet of Things: How the Next Evolution of the Internet is Changing Everything. Available at http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Last accessed on February 7, 2012.
11See http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=6871. Last accessed on February 7, 2012.
12A recent NRC report, Toward Better Usability, Security, and Privacy of Information Technology, examines some of the competing motivations for users of technology and identifies research opportunities and ways to embed usability considerations in design and development related to security and privacy, and vice versa.