Progress in using commercial devices in secure work environment

As national security policy matures to catch up with need, technology companies say they are ready to facilitate the use of commercial mobile devices in a secure work environment.

Defense Department mission requirements have quickly evolved to demand the most current communications hardware and software on the commercial market. The National Security Agency/Central Security Service is responding to the need through its Commercial Solutions for Classified program. The program provides the DOD with an approved list of commercially available products, as well as methods for deploying systems.

“The National Security Agency, working with its partners, customers, and industry will develop security solutions based upon commercially available products that will enable customers to layer and compose solutions that ensures their systems and information are reliable, protected, and available,” the security agency said in its Mobility Capability Package outline.

One example of this policy is already in play through NSA’s trial using secured Android mobile phones over a secured network. The test, dubbed “Project Fishbowl,” reportedly layers voice over IP (VoIP) and IP security (IPsec) encryption over voice calls. 

“Right now that’s a top secret voice-only system, and it’s a closed system so only the people who are part of the program use these Android devices to talk to each other,” said Jon Greene, director of government solutions for Aruba Networks. “They’re adding functionality. The next big one is adding data services to the SIPRnet [Secret IP Router Network].”

Aruba Networks’ Mobile Virtual Enterprise (MOVE) architecture uses the NSA-approved security encryption technology Suite B, which is aimed at enabling commercial mobile devices on secure networks. The MOVE architecture includes Mobile Device Access Control (MDAC) capabilities that allow devices, such as smart phones and tablets, to have end-to-end security compliant access on secret-level secure government networks, as well as high-security enterprise networks.

General Dynamics has also stepped up its effort in the arena through its acquisition of Chicago-based Open Kernal Labs, or OK Labs, Sept. 10. The virtualization software provider has “Defense-Grade” mobile device solutions that can securely separate corporate data and applications from a user's personal data that might be stored or accessed on the mobile device, according to General Dynamics. “Government and corporate CIOs want the advantages of today's commercial mobile devices without having to sacrifice the integrity and security of their networks,” Chris Marzilli, president of General Dynamics C4 Systems added in a statement.

DOD may also be soon be waiting in line for the new Apple iPhone 5, which according to a Defense Information Security Agency (DISA) official, could also be on the horizon for the Joint Information Environment (JIE). “Our enterprise mobility efforts now…are very much oriented around shifting the burden of security form the device itself to the networked eco-system, from the device to the mobile-devices management, the mobile application store," RADM David Simpson, DISA vice director, said while speaking Sept. 13 at an AFCEA DC event in Arlington, Va. "We do expect that when iPhone 5 comes out we will be integrating that into our capabilities out of the box and working the security.”