Commercial mobile advancing for secure use

What was once considered a long, arduous road stretching between commercially available mobile devices and the Defense Department's secure world is becoming much shorter through advances in policy on the national security level.

Acknowledging that DOD mission requirements translate into a need for the most up-to-date hardware and software available on the commercial market, the National Security Agency/Central Security Service’s Commercial Solutions for Classified program is creating a process “to leverage emerging technologies to deliver more timely [information assurance] solutions for rapidly evolving customer requirements.”

Keeping current remains a major issue for DOD. “If you give me a big enough check, I can go buy 1.2 million smart phones for the Army,” Michael McCarthy, director of operations and program manager for the Army Brigade Modernization Command in Fort Bliss,Texas, told Defense Systems earlier this month. “The problem is ... by the time we got all the phones, half of them would be obsolete by the time we got them into the hands of the soldiers.”

NSA’s program provides government agencies, including DOD, with an approved list of products and methods for deploying systems for consumer technology. The product-neutral “capability packages” vetted by NSA outline architecture descriptions, lists of eligible products, overall system security details, as well as requirements, guidance and risk assessments.

"This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years,” according to the NSA.

The Commercial Solutions for Classified program has created a roadmap for how the commercial market can begin serving the emerging need, according to one network infrastructure provider. “One of the things that it requires is multiple layers of security technology as part of the system,” said Jon Greene, director of government solutions for Aruba Networks. Two layers, to be more exact. And, he added, “those two layers have to come from multiple vendors.”

Also on the horizon are applications for devices. “If you took a classified phone and you bring up an app store, you’re going to see a whole lot smaller footprint than you would in a commercial products controlled by the carrier,” Greene said. “But they do want those app stores to be out there, that anyone can write for, but that the store itself is going to be approved by the government to distribute.” he said.

The path ahead, however, still has bumps, according to Greene. “I think the biggest challenges right now are probably at the device level. If you talk to the NSA folks, they want these phones and tablets to do certain things in terms of monitoring themselves, in terms of trusting the software that’s running on them to make sure that these two layers of security that we have to implement that those don’t interact with each other in a way that’s damaging,” he said.

Ensuring that that implementing security doesn’t drain battery life for mobile devices is also another hurdle, he said.

“From the solution perspective, the two-layer, two-vendor perspective is a little bit of a challenge,” especially for those big networking vendors used to getting the whole pie, Greene said. “They’re either going to have to come around to the idea that we’re going to be open to other vendors and we’re going to talk to them and work with them, or we’re going to be shut out of the entire thing,” he said.