Army to march with Androids, and other feds could follow

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Henry Kenyon
 

Connecting state and local government leaders

By Henry Kenyon

|

The Army's mobile device efforts are gaining momentum, and the effort could potentially reach across the entire federal government.

The Defense Department is taking the point in the federal government’s campaign to deploy mobile devices. But in its role as trail blazer, DOD must also wrestle with a number of issues key to a successful rollout of approved smart phones and tablets.
 
Among those issues are security, authentication and the logistics of managing many devices with varying degrees of access across the DOD enterprise.

Recent developments make government officials confident that high levels of security can be achieved for devices running on the Android operating system, but verifying who is using a particular piece of equipment remains a challenge. The department is looking at a range of identity verification techniques, from biometrics to physical and software user certificates to ensure that person sending that text or phone call is who they say they are.

Related coverage

DISA OKs secure Android mobile system for DOD

Despite trepidations about security, all of DOD’s service agencies are going forward with mobile programs, with the Army as the lead organization. One of the biggest motivators behind the move to handheld devices is money, said Greg Youst, mobility lead for interdisciplinary systems at the Defense Information Systems Agency’s Office of the Chief Technology Officer.
 
DISA is providing the strategic-level planning and strategy to coordinate the services enterprise mobility efforts.

“The services are really pushing [mobility] because they want to be able reduce their costs,” said Youst at an enterprise mobility conference in December 2011. “They want to be able to hand a soldier a tablet or a smart phone and take the PC and a wide percentage of the phones off the desk to try to save on cost.” He added that this is a necessary approach as the services look at more than $1 trillion in potential budget cuts.
 
One effort underway is working with DISA, the National Security Agency (NSA) and the National Institute of Technology and Standards (NIST) to help develop and define some key notions for large-scale mobile device deployments in the military.

Mobility-as-a-service is an approach led by the Navy’s Space and Naval Warfare laboratory. SPAWAR’s program is trying to determine how to provide warfighters with access to unclassified information from their handheld devices, said Bill Edwards, integrated project team lead at SPAWAR’s Atlantic System Center, in Charleston, South Carolina.
 
Mobility-as-a-service is a subset of software-as-a-service, platform-as-a-service and information assurance-as-a-service, Edwards said at the December conference. All of these services work within a structured cloud-based model. Much of this capability has already been proven by President Obama’s BlackBerry, which has been modified to allow him to securely access data from the device, Edwards explained.
 
Authentication Hurdles

Encryption is not a problem, as capabilities such as Suite B, Advanced Encryption Standard and the public-key authentication infrastructure are being embraced by DOD, said Edwards. The main obstacle to deploying mobility-as-a-service is authentication. “The key here is with soft certifications versus hard certifications — do you want to use a CAC [Common Access Card] slide on your mobile device? I sure don’t,” he said.
 
Security for mobility-as-a-service is provided in layers using multiple information technology protocols such as FIPS and a variety of encryption types. SPAWAR is working with DISA to develop the policies and techniques to solve these issues. “What we’re bringing to the table as a solution will allow users to authenticate to an unclassified network in their own manner, with their own devices,” Edwards said.
 
One important issue is defining hard and soft certifications. Hard certifications are typically used with laptop computers and desktops with a built-in chip. Soft certifications are software-defined user identities. But their exact properties and what they will do are still undefined, said Tao Rocha, who works on tactical wireless networks for SPAWAR. “We need to do a little more homework in that space to say what exactly you are talking about when you say “soft cert.” he said.
 
Despite the need to pin down what exactly constitutes a soft certification, SPAWAR is pressing ahead with its efforts, working with DISA and NIST to help establish a firm definition for its certificates. The goal is to use hard certifications for devices accessing classified networks with the use of cryptographic modules, Edwards said. He added that it is unnecessarily complicated to use a hard certification to authenticate and access an unclassified network.
 
SPAWAR’s mobility-as-a-service effort is working with two protocols to provide security: HTTPS and TCP. The service uses a wireless transport layer security tunnel at the session layer — what Edwards refers to as a mobile virtual private network. He is confident that this layered security approach will meet authentication concerns among the various DOD groups working on mobility as a service. 
 
The Navy is also working with Good Technology to make Apple iOS compliant with DOD standards.

“It’s not about devices, it’s about the platform,” Edwards said. By managing devices via the platform and with the right governance and policy, SPAWAR’s goal is to push soft certificates across the network to a user’s device without the need for a CAC card slider in a hard certification mode. This process is similar to what Good Technology is working on with its secure/multipurpose Internet mail extension messaging server, he explained.
 
SPAWAR is moving its mobility effort ahead with a combination of rapid prototyping, and when it is fully defined, a soft certificate approach using commercial devices backed up by research activities shared with groups such as NIST and DISA, ha said.
 
Android Rising
 
Another recent development has been the creation of a hardened kernel for the Android mobile operating system, which opens a whole range of mobile options for both civilian and military agencies. Created by a team of researchers from NIST, George Mason University and Google, the kernel provides a secure software base that will allow developers to add increasingly more sophisticated layers of encryption onto the operating system.
 
Security and information assurance is critical for military applications, and the kernel would allow soldiers to connect their smart phones to tactical and mission command and control systems.

“There’s great work being done with that [area] and it’s really moving along quite well,” said Michael McCarthy, operations director of the Army’s Brigade Modernization Command’s Mission Command Complex and head of the CSDA. Much of this work is being pushed by the DOD’s and the Army’s mobile efforts.
 
The secure Android kernel was evaluated by NSA and issued a Federal Information Processing Standard (FIPS) 140-2 certification in Dec. 2011. In the first quarter of 2012, the team plans to move its development work up to the next level, which would allow devices to connect into military networks at the secret level, an effort McCarthy said he expects to be completed by April 2012.
 
Achieving FIPS 140-2 status is important because it will allow the kernel to go in for Suite B encryption certification, which would allow the modified Android operating system to plug into classified-level networks. “That is a potential game changer,” McCarthy said.
 
A key driver for project is the need to access information stored within military mission command systems such as the Force XXI Battle Command Brigade and Below (FBCB2) and the Advanced Field Artillery Tactical Data System (AFATDS), he said. FBCB2 is the Army and Marine Corp’s mobile command and control system and AFATDS is the DOD’s primary tool for battlefield fire support.
 
This would be a two-way process, with devices being able to pull information from these systems, but also pushing information onto the networks. “That’s where a smart phone gives a soldier a tremendous advantage,” McCarthy said.
 
After FIPS certification is achieved, the program will pursue its Suite B certification. However, the NSA cannot conduct the second certification before the FIPS process is complete, expected sometime in the first quarter of 2012.   “Unfortunately it’s not something you can run in parallel,” said McCarthy.
 
At the end of the process, the Android operating system will have Suite B certification, which allows the CSDA to begin connecting its devices into the government’s classified networks. “It then gives us the ability to move outside of the test realm and get into the operational environment,” McCarthy said.
 
The Army’s strategy is to not lock itself into a single device, but instead to create a system where soldiers’ data can be poured into new mobile devices as needed. That’s only prudent, say Army executives, as even if the service decided to field a new device next week, the speed of mobile technology development is such that new devices and software must be reviewed and evaluated continuously.
 

NEXT STORY: Will competitive coding replace in-house development?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.