9 September 2015

DoD's top secret smartphone expected in the fall

Amber Corrin
September 4, 2015 

Government agencies have made significant strides in incorporating smartphones and tablets into their offices and missions, even at the Defense Department. But the caveat always has been that those devices could only be used for non-classified purposes. That's changing.
A program allowing military officials to use smartphones on classified networks is gaining more momentum, with a top-secret-level option expected this fall, according to DoD CIO Terry Halvorsen.

The top secret classified smartphone comes on the heels of the secret classified smartphone unveiled earlier this year by the Defense Information Systems Agency. A new pilot reportedly will test devices for use within top secret/sensitive compartmented information, or TS/SCI, classification.

DISA this summer announced that their Defense Mobile Classified Capability-Secret (DMCC-S) is fully operational after an expansive pilot program test-driving the offering. Now, the goal is 3,000 users by the second quarter of fiscal 2016, which triples the number of users previously supported.

Halvorsen counts himself among the current 760-plus users of the DMCC-S, which connects to the Secret Internet Protocol Router Network, or SIPRNet.

"It's a great time saver…and very well-fielded," he said Sept. 2 at AFCEA Warfighter IT Day in Vienna, Virginia. "Come this fall we'll be fielding a [top secret] version of that, so that's going very well."

The Samsung KNOX-enabled Galaxy S4 smartphones make secure phone calls and access classified email. It replaces the earlier Motorola Razr Maxx and the maligned the Secure Mobile Environment Portable Electronic Device, or SME PED, which officially was shut down on July 30.

DMCC-S has "been our biggest recent success," Jack Wilmer, DISA infrastructure development executive, said at the event. "This really leverages and depends on the Commercial Solutions for Classified program…senior leaders can answer emails and make phone calls without being tied to their desks. So we've gotten a tremendous amount of positive feedback about the capability."

One of the key benefits of the commercial-based device DMCC-S offers is that it allows DISA to deliver secure mobile capabilities faster than ever before, according to Kimberly Rice, DISA DoD mobility program manager. That's one of the overarching goals of NSA's Commercial Solutions for Classified (CSfC) program, under which DISA's devices – and those in many other DoD and intelligence community organizations – are vetted and made available.

The NSA program "provides a mechanism to securely access and deploy new technology with significantly reduced deployment cycles," Rice said. "That's important because it enables us to scale the capability," including the tripling of current secret-level users expected in the near future.

CSfC is not limited to DMCC-S, or even to mobility – it also includes solutions for secure site-to-site communications, protection of data at rest and secure campus wireless.

"NSA has a mission to protect classified information, and we're looking to commercial technologies to help us do that because it provides us the capability to enable customers to field solutions much more quickly than if we were to develop our own within the government," NSA's Andrea Roddy told Fox Business in an interview last year. "Using commercial devices…also provides customers more flexibility and agility to complete their mission and foundationally changes the ways people can access their classified information."

As a result, security in mobility and the smart-device arena is an emerging area of focus at NSA, Roddy noted.

"People need to be aware that mobile devices are a target. It's no longer the case that people are only trying to hack into computer networks and desktop machines," Roddy said "They're trying to get onto mobile devices as well as attack the enterprise where all the communications take place."

For industry products to be considered for the CSfC program, they must be validated by NSA, and the vendor must use open standards and agree to quickly remedy any problems that crop up.

The shift toward commercial products is a newer approach for NSA. In the past the agency maintained a tight grip on the hardware and software it deployed for various communications applications, Roddy noted.

"With commercial technology we can't be that involved, but what we do is layer these commercial solutions so there's not that single point of failure," Roddy said. "We also develop capabilities packages which are system-level specifications to tell customers how to compose a solution, how to configure it, what kind of components to select and then we work with the technical communities to develop specifications at the component level."

No comments: