- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - NATIONAL HARBOR, Md. -- The National Security Agency, America's high-tech spy agency which also plays a key role in approving hardware and software for use by the Department of Defense, wants to be able to outfit military personnel with commercial smartphones and tablets -- but based on a NSA security design.
The forces in the Department of Defense, including the U.S. Army and Air Force, today are piloting several different commercially available smartphones and tablets which the NSA is working to harden and secure, said Debora Plunkett, director of the NSA's information assurance directorate, speaking at the Gartner Security and Risk Management Summit 2011 here today. "It's not our intention to rely on any one platform," she said. The goal is to have perhaps four main devices, plus a couple of infrastructure support services, and let U.S. forces pick the one they like best, she said.
MORE ON SMARTPHONE SECURITY: Military wants full disk encryption for iPhone, Android smartphones
Right now, commercial smartphones and tablets are seen as carrying considerable risks from a national-security perspective, but the NSA is working to figure out how to add its own security to compensate for the risks.
"We are not saying there are no vulnerabilities in COTS [commercial off-the-shelf] products," Plunkett said. "The intention is to be able to layer the commercial products and alleviate and obviate the vulnerabilities."
For the NSA, it's all adding up to an evolving concept of "'good enough' security," Plunkett said, based on the idea that there are situations where information is highly "perishable" and retained only in minutes as compared with days or years, and that it's worthwhile taking the risk to use COTS products that themselves may be regarded as more perishable as well.
Certainly, though, for many of the more traditional NSA strategists who advocated the agency build network equipment and security products itself as was the practice in the past, "it's almost blasphemy," she added. Going to commercial products takes "a lot of control out of your hands."
NSA firmed up its mobility strategy last August, Plunkett said, and there are now several pilot tests in the armed forces of many of the leading smartphones and tablets. The goal is to find ones that can be approved, with specialized NSA security controls, for analysis and network use all around the world.
In its future secure mobile capability, now referred to as the "Mobile Virtual Network Operator," the NSA wants to be able to establish a way that sensitive content can be provided to the military and intelligence in a way that roughly emulates what Amazon does with Kindle, Plunkett said.
The NSA plans to have specific types of integrity checks, among other security measures, for authorized mobile users in the future. In addition, the fundamental idea of relying on the cloud for storage is part of the current strategy. "We use the cloud for storage," she said, with the idea that content is sparingly held on a device, so if it's lost, you simply "move on" to another device.