Military software projects are a disaster

Very interesting and sad commentary:

Re: Army Nears Completion of Migration to Defense Enterprise Email

I agree with SSG Deployed and MAJ TPU on all of their points but there is an even bigger problem lurking.

DEE WILL DIRECTLY CONTRIBUTE TO SECURITY ISSUES!

I have migrated to EE recently and can see that there are several major issues that are going to directly contribute to security issues. The first 2 are issues that will cause users to be unhappy which will cause issue 2 the security issue to happen.

Issue 1: NG/AR Have in the past used AKO email which could be accessed by password and on mobile devices this allowed mail clients and mobile devices to automatically notify users of messages. This is no longer possible and will result in missed critical communication sooner or later.

Solution: Assuming that having full mail access on a mobile platform is out there is an urgent need for Windows, OSX, iOS, Android, BB, and Windows mobile notification applications. This would allow a notice of new messages to remind the Soldier to check. Ideally the notice would include sender and subject.

Issue 2: Overly aggressive link and attachment removal. AKO attached “blocked” to url’s in messages so if you really wanted to use it you could. The new blocking strips the url entirely. This will cause issues with some training sites that are used for important additional training that happens to not be on a .mil domain. I’m hoping .gov is also white listed but I’ve seen those url’s blocked on AKO. This is really problematic for those of us in the Intelligence branch as the more sources of information we have access to the better so we have networks of sites across .mil, .gov, and several open source sites. The last of these will be highly problematic.
The other main issue, as reference by MAJ TPU in all caps TRAINING! I can’t accurately tell how much of a problem this will be because I can’t fine a list of what links or files will actually make it through.

Solution: There needs to be a way to add sites to a white list, possibly with approval, possibly by taking additional anti-fishing training. I would jump through a few extra hoops to have email I can use. File filters need to be reasonable.

Issue 3: Here is the security issue: Due to issue 1 & 2 Soldiers will increasingly uses personal free email in place of mail.mil. There is no way around it. Good security is a balance of security and usability. On this balance mail.mil has messed it up about as bad as possible.

Solution: If you want the part time force to use mail.mil you need to make it usable. Addressing the first 2 issues would be a major start. Figuring out some other type of authentication to allow mobile and client access use would be even better. Possibly a DoD VM that can be run and uses CAC authentication basically emulating a DoD computer for personal use.

I understand the need to centralize and improve the security of email, this however was not the solution. It is URGENT that these be addressed quickly before a large portion of the NG/AR stop using mail.mil and use gmail.com. Once they do it will be nearly impossible to force them back.