Jeffrey Alan Love

No Dead Zones

The Army wants to protect brand-name smartphones and tablets on the front lines.

A  U.S. military officer in Seoul, South Korea, texts another officer across town on his government-issued iPhone—the same model his Boston-based teenager uses. An hour earlier, the father and son spoke on their twin gadgets using a commercial cellular frequency. Now, the officer is about to share geospatial maps of allied troop coordinates using an insulated Secret military mobile network.

Such communications on consumer smartphones could happen within a year under the Army’s commercial smartphone plan.

Across the globe, from the barracks to the battlefield, service members are testing the reliability and safety of non-BlackBerry devices, such as iPhones, iPads and Android-based products. Their efforts coincide with plans outlined earlier this year by Defense Chief Information Officer Teri Takai to support smartphones on classified and unclassified networks.  

There are kinks in the wires to smooth out. The Army, for instance, does not yet have a way to combine networks carrying Top Secret information with administrative applications, such as streamed distance learning courses and supply order forms, says Mike McCarthy, head of the Army’s smartphone project.

“Right now my office looks like Best Buy because they haven’t converged yet into a single solution. I can’t do classified on the same device that I do unclassified on. So we’re working on those kinds of solutions,” he said during a Webcast presentation hosted by Government Executive Media Group in March.

McCarthy, who spoke with Government Executive in April, doubts the Army ever will reach the point of accessing Top Secret information on commercial handhelds. “But Secret and below is something that I am confident will be realized within months, not years,” he says. 

Another disconnect: Sometimes overseas soldiers literally hang up on each other when commercial Internet service is unavailable or vulnerable. But there will be apps for that. Mobile tools for scrambling texts and calls already are in use at other U.S. military organizations. And the Army might procure air-based cellular stations—even drones mounted with hot spots—as workarounds.

“The answer is not just putting up towers,” McCarthy says. 

An Empty Smartphone

The most secure approach would be a phone that shows no traces of its owner when not in use.

“One of the solutions we’re looking at, truly, is keeping everything off the devices—or as much off of it as we can,” he says. All communications would take place in a secure cloud network anchored to a remote data center. That way, “we don’t have anything stored on the device itself. When you need information, you’re able to reach into a cloud environment and pull that data in so that it is accessible while you need it. When you’re done with it, it goes away,” McCarthy explains. If the device is lost or falls into the wrong hands, there’s nothing to hack.

Separately, several military organizations, including Special Operations forces, are using a set of apps that code voice and texts. The software suite was developed in part by former Navy SEALs at security firm Silent Circle. “When it hits the Internet of [whatever country the user is in], it’s already encrypted. So it doesn’t matter if you’re on Iraqna or you’re on AfSat or you’re in China,” says company co-founder Mike Janke, referring to various foreign Internet service providers.

“Forget just war zones. I’m talking first-world countries that monitor their communications. How do you protect that?” he asks. The security, Janke explains, relies on disposable keys that encrypt communications as soon as they leave the device. When an officer dials or texts, the encryption happens instantly on the handset, so there’s nothing a host-nation service provider or interceptor can grab.

And the technique works on any telecom channel officers might use, on devices ranging from older cell phones to those using 4G. The apps’ encryption protocols create a unique key each time the user makes a call or sends a text. “Then, after the call, the keys are deleted. There’s nothing there. There’s no history of calls,” says Janke, a former SEAL sniper. 

The group of apps for mobile calls and text messages costs nongovernment civilians $20 a month. Defense personnel receive bulk discounts that vary depending on the size of the user base, company officials say. 

A Hybrid Model

Another method of making private calls really private: toggle between two types of phone connections. The local Internet service would be sufficient when commercial infrastructure is available and considered secure. When a host nation’s infrastructure is unsafe, a separate backup line would be used.

Take Afghanistan. The main service providers there are an Afghan government-owned system influenced by opposition forces and a system maintained by a Russian company, McCarthy says. So, the best choice would be to “take us off the commercial frequencies and put us onto frequencies that are controlled by the military,” he explains. These include drone hot spots. Unmanned aerial aircraft are one of many affordable proposals, McCarthy says.

“The solution is not to just lease a phone from Taliban Bell,” he adds.

One more kink: making sure every device and human user complies with these safeguards. How do organizations enforce security policies on devices that, by nature, are not centrally controlled? They work with vendors to develop so-called enterprise mobile management tools.

The Air Force Space Command, for example, has contracted with Good Technology to let employees download smartphone and tablet applications that control personal apps and allow managers to control military data. The company would not disclose the size of the contract. According to federal business databases, the Defense Commissary Agency in 2012 spent $8,009 on 45 Good Technology licenses for a “bring your own device” experiment in which employees used their personal devices.

McCarthy says the Army is considering Good’s products for Android-based phones. 

According to a June 2012 Defense mobile device strategy, counter-hack techniques must work on any mobile brand and any operating system. “This is supposed to be a device-agnostic, OS-agnostic program,” McCarthy says. By the end of 2013, between 20,000 and 25,000 gadgets of various makes and models powered by various software programs should be under evaluation servicewide, he expects.

The Insider Threat

Ultimately, military mobile security comes down to personal hygiene. A Pentagon internal investigator recently chastised the Army CIO and service members for disregarding the rules on thousands of devices.

The service’s CIO “was unaware” of more than 14,000 commercial mobile devices that were in use, Alice Carey, a Pentagon assistant inspector general, wrote in a March report. 

The audit reviewed a number of smartphone initiatives, including a trial that substituted handhelds for pen and paper to coordinate disaster aid. Participants could snap photos of hurricane-ravaged areas, capture the latitude and longitude, and upload the data to a military server. Security lapses occurred during these activities and others because managers did not realize the devices were connected to Army networks and storing sensitive information, according to Carey. 

Meanwhile at West Point, U.S. Military Academy phones were not configured to require passwords for access. Instead, officials left it up to users to add that security layer, so 14 out of 48 mobile devices had no password protection. Also, the Military Academy and U.S. Army Corps of Engineers’ Engineer Research and Development Center failed to devise a way of wiping data drives remotely if lost, stolen or assigned to another employee. 

“The Army CIO did not develop clear and comprehensive policy” for commercial devices, Carey wrote. These errors “left the Army networks more vulnerable to cybersecurity attacks and leakage of sensitive data.”

In a letter responding to the investigation’s findings, Maj. Gen. Stuart Dyer, head of the Army CIO/G-6 cybersecurity directorate, said the organization agreed with the observations and “in many cases, the Army has already begun implementing improvements.” 

McCarthy says the auditors did not talk to him or his program team during the inspection. But, now, his team, the Army CIO, the Pentagon’s National Security Agency cryptographers, and Defense Information Systems Agency support staff are working closely to resolve the concerns highlighted.

A key goal of the smartphone project “is to find the kinds of solutions that will provide that safe and secure environment,” as well as managed access, he says. And one day Best Buy might just carry it. 

NEXT STORY: Tech Roundup

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.