The Department of Defense has taken on the challenge of determining the safest, most appropriate way to deploy modern smartphones to warfighters while maintaining information security.
The consumerization of IT phenomenon–in particular with smartphones–has indeed posed unique challenges to U.S. federal government IT departments. While users would like to take advantage of the smart gadgets that they often also use for private use, there are substantial Information Assurance (IA) concerns regarding the use of bring-your-own-device (BYOD) initiatives. Issues of authentication, authorization, accounting and auditing are paramount.
The prevailing thinking is that mobile device security should be handled principally by third party software management applications, which seek to mitigate perceived security threats. Good Technology’s recent Security Technical Implementation Guide for the Defense Information Systems Agency, in association with the Android-based Dell Streak, is representative of this approach.
With Good, DoD personnel will be able to sign, encrypt/decrypt e-mail, utilize a secure partition on the Android device for business applications, and access information on an intranet. The solutions meets the requirements of DoD Directive 8100.2, which mandates use of secure, multipurpose internet mail extension (S/MIME) in conjunction with a DoD common access card (CAC) and interoperability with DOD Public Key Infrastructure (PKI).
There are a number of other MDM (Mobile Device Management) based solutions that seek to “containerize” information for government and industry use. In addition, most MDM packages feature functionality that provides centralized IT with the ability to monitor the health of a device, kill process and applications, turn off IR and camera ports, wipe a devices to factory state, maintain “white lists/black lists,” etc.
A different but complimentary approach taken by several industry participants is to lock down the device before it is fielded.
Fundamentally, we are talking about the notion of an intrinsically secure device “out of the box.” Essentially, a “lock-down” entails separating trusted from untrusted components while rooting security in hardware based encryption engine.
One such approach is represented by Motorola Solutions’ Assured Mobile Environment.
While I work for Motorola Solutions, from a broader perspective, it’s worth understanding how its recently announced AME works to appreciate a different way for federal IT officials to think about how federal employees might use smartphones securely.
The AME is gaining a great deal of traction especially in secure environments where there’s a dual need of protecting both the data transmission and the identity of those who transmit the information.
“The military deals with classified and sensitive information and data all the time. There’s a real need to both protect the data and it’s sources as well as the users from compromise or danger.” said Army Brigade Modernization Command Mission Command Complex and head of the CSDA program, Mike McCarthy.
Motorola Solutions’ Assured Mobile Environment has taken a “security from the start” approach where the security of a device is baked in utilizing a combination of hardware and software to lock down devices before they are even booted up.
Central to the AME solution is the Motorola Solutions CRYPTR micro encryption module. CRYPTR micro combines hardware-based encryption and key management in a microSD form factor that supports both Federal Information Processing Standard (FIPS) 140-2 Level 3 and Full NSA Suite B Cipher Suites. (More details are available here.)
Devices are pre-provisioned with the CRYPTR micro that supports encryption and key management; it also provides a secure credential store, hardware-based random number generation (RNG) and tamper protection.
A Key Management Facility (KMF) similar to those used in keyed/encrypted radio systems today is also utilized.
AME allows federal government end-users to have the highest degree of security available under the non-Controlled Cryptographic Item (CCI) classification. AME devices are dual-bootable to either “Black” (secured) or “Red” (unsecured) in an easy to understand manner via on-board client software.
Going forward, AME can be installed on any smartphone that supports Secure Digital Input Output, regardless of manufacturer. (Note that Motorola Solutions and Motorola Mobility are two separately traded companies on the NYSE.)
AME will also feature a Type 1 “bare metal” hypervisor in future iterations that separates trusted from untrusted components.
Since AME is not considered CCI and is available on COTS platforms, it is reasonable to assume distribution and widespread adoption might be more readily accomplished across interested U.S. federal agencies. It’s important to note that AME will utilize the very same algorithms as much more costly and highly controlled CLASSIFIED devices.
It should be pointed out that AME greatly aids in authentication, authorization, accounting and auditing – the so-called “4A” challenge.
AME provides for a tamper-resistant repository of information that resides on each device and which can be audited and managed quite easily using a variety of widely available configuration, directory and mobile device management (MDM) tools – such as Air-Watch, Mobile Iron, Good Technology or the company’s own MSP software.
All of which points to how smartphones can be readily secured for federal employees.
Randy Siegel is director, business development, mobile computing for Motorola Solutions‘ Federal Government Division. Siegel also spent 12 years with Microsoft Corp. where he oversaw Microsoft’s mobility strategy and worked with U.S. Federal Government C-level decision makers to improve operations via mobile development and deployment.