The National Security Agency is launching a mobile device capability at the end of this year that will allow its personnel to securely access classified information with their smartphones and tablet computers.
The program, which is a joint effort with the Defense Information Systems Agency, could potentially provide the military services with similar secure information access capabilities.
Secure access to top secret data has been the Holy Grail for mobile device use in the military and intelligence communities. But a number of technological hurdles had prevented this, most notably the fact that commercial mobile operating systems and devices were not developed to meet stringent government security requirements.
In the last few years, the government has worked with industry to develop more secure versions of mobile operating systems. Where a commercial solution has not been available, the military and intelligence communities developed specialized software to increase the security features of civilian handhelds.
The NSA program is a hybrid approach that uses commercial handhelds and tablets, but their software has been modified to include strong encryption algorithms and user identification credentials, said Troy Lange, the NSA’s mobility mission manager.
NSA is working with DISA to roll the lessons learned from its ongoing nonclassified mobile efforts into its operational secret-level capability that kicks off at the end of this December, Lange said at a recent enterprise architecture conference in Washington, D.C.
The NSA mobility program concentrates on three components: working closely with industry, establishing a mobile enterprise capability, and publishing and updating capability packages.
Originally, the NSA had wanted a purely commercial device for the classified program, Lange said. This lines up with agency efforts to provide purely commercial solutions for its mobile device needs. But security concerns required the addition of some government-only systems, he added. For example, besides the NSA-developed encryption and security software, agency programmers developed an “exorcist” script to remove some of the commercial software daemons found in mobile device operating systems.
Daemons are subroutines in larger programs that manage a variety of tasks such as sending data such as global positioning system information, to another location or collecting information and push it to a device’s applications. It they are not removed or altered these programs can potentially allow an enemy to do things like track a user’s location via their device’s GPS updates. NSA software designers also wrote “nanny apps” to monitor mobile devices to ensure both their security and to prevent users from downloading unapproved applications.
The NSA’s most recent mobile efforts follow a number of related milestones, Lange said, including the agency’s launch of an unclassified mobile program in September 2011 and a its classified program in December 2011. That classified program is now poised to become fully operational, he said.
The NSA operates within DISA’s infrastructure, which encompasses the entire DOD. Just as it has helped the NSA with its mobile programs, DISA has been either directly managing or advising in a number of mobile device pilot programs across the military, said John Hickey, DISA’s mobility program manager, who spoke at the same event with Lange.
Meanwhile, DISA is in the third phase of a program to provide unclassified mobile access to 200 top Army officials. One of the challenges of the effort is making sure commercial smartphones and tablets used in the program meet DOD standards for security, Hickey said. That’s complicated by the fact that there are three variants of the Android operating system. The DOD is working with manufacturers and third parties to lock down the operating system in the devices to get them in line with military requirements, he said.
The Army has recently installed a wifi capability into its Warfighter Information Network-Tactical (WIN-T) communications backbone that allows officers to securely access wireless services and applications in the field. For added security, the Army is working on adding the NSA’s Fishbowl wireless security protocol into WIN-T, he said.
Besides the Army, the other services are also working on their own wireless capabilities, all under DISA’s oversight. This move to wireless in the DOD reflects a convergence between commercial technology and government applications and uses, Hickey said.
DISA now has a web site up that lists security guidelines for agencies interested in launching mobile device programs, Hickey said. This is important because DOD users want to access information anytime, anywhere and at a variety of classification levels. The department is also looking at the NSA’s secret mobile device capability to see if there are any new technologies that might be applied to the services, he added.