Security Mobilization
Written by Peter Buxbaum
MIT 2011 Volume: 15 Issue: 9 (October)
Security issues are at the heart of the discussion as the Department of Defense considers whether and what types of smartphones and other devices to put in the hands of its personnel, including warfighters in the field.
At this point only BlackBerry devices, developed and delivered by Research in Motion (RIM), are authorized for use by DoD personnel for official business. The reason is that government-approved encryption security is baked into the solution delivered by RIM.
That is not to say that other mobile devices, such as smartphones and tablet computers, are not capable of being secured. Traffic over devices using the Android, Apple and Windows operating systems could be routed through special policy servers similar to those provided by RIM.
The Android operating system is of particular interest to the U.S. military because of its open source and open architecture characteristics. Some industry developers have already placed bets on Android by developing devices that run Android and applications compatible with that system. Others believe Windows devices have a place on the future battlefield, while RIM believes that its BlackBerry will hold its own against the competition.
“The BlackBerry is still the only mobile device currently allowed by DoD,” said Lieutenant Colonel Matt Dossman, who works in the office of the Army chief information officer. “We are looking to open things up to a device-agnostic architecture, but it must provide acceptable security.”
BlackBerry earned its current favored position because RIM “was the only one willing to work with us on the corporate level,” said Dossman. “But BlackBerry got caught a little behind the curve with mobile computing platforms like smartphones and tablets, and we moved too slowly for our own good. We would like to get other platforms out on the network sooner rather than later. We expect some connectivity with non-BlackBerry devices before the end of this calendar year.”
“The military is not the fastest adopter of technology,” said Ira Winkler, president of the Internet Security Advisors Group and a former National Security Agency analyst. “When DoD first looked at the technology, BlackBerry was the best around. It takes several years to start rolling things out, and Blackberry now is not necessarily the state of the art. But it does have the most secure connectivity.”
Security is the biggest stumbling block to the introduction of new devices, agreed John Thompson, a vice president at Motorola Solutions. “The issue is how to wrestle the security animal to a point where the military can take advantage of the speed of innovation,” he said.
Policy Server
From RIM’s perspective, the adoption of the BlackBerry by the military was fundamentally driven by the security of the platform. “We spent the last decade working with military customers learning their requirements for security and manageability to make sure it is all built into the box so they don’t have to buy third-party products and services,” said Scott Totske, vice president for BlackBerry security at RIM. “Software and hardware together provide the best security model. Software used to protect software has historically been a difficult proposition.”
The secret of BlackBerry security is the RIM policy server, known as the BlackBerry Enterprise Server, which controls the functionality of the device and provides encryption to messaging.
“Any mobile device to be used by the military must have a policy sever to add encryption,” said Brian Hajost, president of SteelCloud, a mobile technology company. “The policy server has fine-grained control of the phone and takes administrative rights away from the user. The policy server encrypts all messages going to and from a phone and also talks to the exchange server to coordinate the movement of messages. It maintains whitelists and blacklists and can turn on and off phone features such as Wi-Fi, cameras and Bluetooth, and it reroutes all Internet traffic through the DoD infrastructure.”
The Defense Information Systems Agency (DISA) has developed a set of Security Technical Implementation Guides (STIGs) that are applicable to the development and deployment of policy servers relating to devices running the Android and Apple operating systems. SteelCloud has developed an appliance that provides STIG-compliant connectivity for Apple’s iPhone and iPad, Android devices and other smartphone platforms to a secure enterprise mobility platform developed by Good Technology Inc.
The SteelCloud appliance, combined with the Good Technology policy server, “creates a sandbox, a secure area inside the phone that the user can’t touch,” said Hajost. “You can’t move any information into or out of the sandbox. This differs from BlackBerry, where the whole phone is a sandbox.”
In other words, at least from SteelCloud’s perspective, alternative mobile devices, especially Android-based devices, can be secured at an equivalent level to the BlackBerry. What remains is for the military to test these devices to their satisfaction before deploying them.
Those tests and evaluations are already underway. Brigade modernization efforts in Fort Bliss, Texas, and innovations in the military medical community centered in Fort Detrick, Md., are two examples.
According to Hajost, Android-based devices are more likely to be adopted by the military than Apple products such as the iPhone and the iPad tablet. “The robustness of Android security will eventually approach that of the BlackBerry,” he said. “The iPhone may never get there.”
That’s because the Android operating system is open source, it is more easily customized and updated to defend against emerging threats. “The Android operating system can be modified to address those concerns,” said Hajost. “Apple consumer products are not customizable to DoD needs.”
While declining to provide an interview for this article, an Apple representative provided a document setting out the company’s perspective. “IPhone can securely access corporate services and protect data on the device,” it said. “IPhone provides strong encryption for data in transmission, proven authentication methods for access to corporate services, and hardware encryption for all data stored on the device. IPhone also provides secure protection through the use of passcode policies that can be delivered and enforced over the air. And if the device falls into the wrong hands, users and IT administrators can initiate a remote wipe command to erase private information.”
It is possible that Apple does not intend to pursue the military COTS market, according to Hajost. “The government would not be a very big customer,” he noted, “when you consider the millions of iPhones Apple sells every quarter.”
Open Source
RIM’s Totske takes exception to the characterization of Android as the sole open-architecture system on the market. “Our platform has been based on Java for over a decade,” he said. “You can’t get more open than that. We certainly have the tools and the capabilities to provide users with a rich, extensible environment. The BlackBerry is no longer an email-centric platform. We understand that customers want to run a variety of applications on the platform in order to get value out of their investments. We recently acquired a company that will enable us to manage multiple devices and multiple applications on our platform.”
Although no formal policy has been issued yet, it is Dossman’s perception that many in the military find Android very attractive. “It is very customizable,” he added, “but hassles arise because there are so many variations of the operating system.”
Some developers are betting that the Android operating system represents the wave of the future for military applications. Northrop Grumman’s Joint Tactical Handheld product is a software package that runs on Android smartphones. The software provides free text messages, military email and a full-color blue force tracking display.
“The key feature is that it is interoperable with the Joint Capabilities Release as it has been fielded by the Army,” said Chris Lerch, director of battle command programs at Northrop Grumman. The Joint Capabilities Release is the latest iteration of Force XXI Battle Command Brigade and Below system, currently being implemented by the Army and Marine Corps. The Northrop Grumman product has been delivered to the Army for evaluation.
General Dynamics has introduced the GD300 ruggedized wearable computer, which runs the Android operating system. “The ability to communicate and knowing where your buddies are, those are the two most important capabilities of the GD300,” said Greg Eslinger, a member of General Dynamics’ technical staff who focuses on handheld devices. “It is a rugged device built with soldiers and security in mind. With the Android operating system, the GD300 accommodates current and emerging applications for warfighters, and is capable of running tactical maps, geopositioning and TIGR.”
The Tactical Ground Reporting system, first fielded by the Army in 2007, allows soldiers to collect and share information to improve situational awareness. The Army is currently testing the GD300.
Motorola Solutions has provided an array of Windows handheld and other mobile devices to private industry government agencies. Thompson anticipates being to market variations of those to the military. “We have been selling Windows mobile products into enterprise class customers for years,” he said. “Microsoft has current DISA approvals whereas others do not. For us selling to the military will be around certifications from DISA.” He added that the company is also now looking at the market for devices running the Android operating system.
Motorola has several devices that can accommodate authentication in a number of different configurations with the government-mandated Common Access Card. The products are also supported with remote wiping of the device in the event of device compromise. “We build encryption into the devices,” said Thompson. “Building encryption into the hardware provides more security and less complexity for customers.”
Motorola devices for the industrial market include “mission built” products that are designed to withstand the environments where they are to be deployed and to provide applications that support the tasks they are expected to fulfill. In the case of the military market, Thompson anticipates taking a middle approach between providing COTS equipment and devices that are mission built.
“We are trying to help DoD find a balance point,” said Thomson. “Somewhere between COTS and mission design could be a GOTS [government off-the-shelf] solution.” Upgraded user interfaces, longer lasting batteries and a more rugged exterior would distinguish the GOTS from the COTS, he suggested.
COTS vs. GOTS
The COTS/GOTS dilemma is another issue that is currently being discussed within the military. “Those issues will have more play during the acquisition phase, and we are not there yet,” said Dossman. “But it is a topic of discussion about how much COTS needs to be in a product to remain COTS and how much GOTS should be put on top of it. The problem is that COTS products are inexpensive but by the time you get to ruggedizing them, they are big, heavy, out of date and expensive. One possibility being discussed that that not every device needs to be ruggedized.”
Might future warfighters actually be carrying COTS mobile devices? “We think it is a realistic scenario,” said Dossman, “provided appropriate management and security layers are in place.”
Hajost is bullish on Android devices taking their place in the military technology pantheon. “Android is on the cusp of being secure enough for military unclassified communications,” he said.
Some interesting approaches are being considered on how to acquire COTS mobile devices. “Some senior officials are advocating looking at an approach where soldiers will be provided vouchers to acquire their own mobile devices that meet certain specifications,” said Dossman. That means warfighters will be expected to use a single device for personal use and in tactical environments. As might be expected, however, that opens a whole new set of concerns.
“Even in the case of secure messaging on the BlackBerry,” said Winkler, “there will still be concerns with the security of other applications located on the device. When you have 50,000 or 100,000 people in a theater of operations, some of them are going to do stupid things.”
Providing a device for personal and official use will require a rethinking of the security attached to the device. “The management of the device would have to be more sophisticated,” said Dossman. “You can’t just have one setting and walk away. You need a more nuanced approach.”
“You need a bit more modernizing of security approaches,” agreed RIM’s Totske. “The previous approach was more binary—yes or no, allow apps or not. Now we have controls to get to applications at the application programming interface level. These can look at applications like Facebook or enterprise applications and give the user permission to access only certain parts of those platforms or data. We are thinking of ways to manage third party applications in a way that doesn’t expose the government to exfiltration or risks the platform. For several years we have been actively working with customers on how to modernize policies.”
Given that attitude, Android may never need to become as secure as BlackBerry to carve out its share of the market among the military, according to Hajost. “Security should be based on the risk profile and what is of most benefit to the user,” he said. “More security means less flexibility. Ultimately, the military will have to consider the tradeoffs among productivity, flexibility and security.”
Also in need of updating is how the military goes about adopting new technologies, according to Dossman. “We need a more dynamic approach to how we deal with emerging technologies, especially disruptive technologies,” he said. “We were caught flatfooted over the last few years.”
Dossman advocates greater collaboration with industry and a reform of the acquisition regulations as two of the ingredients necessary to make that happen. “We need to get the rigor mortis out of our processes,” he said, “so that we can bring new devices to the network quicker.” ♦
