DOD to allow Android on classified networks

New security standards expected to be approved soon would let devices powered by the Android operating system use the Defense Department's classified networks, according to an Army official.

DOD and National Institute of Standards and Technology are close to approving the standards, according to Michael McCarthy, program manager and director of operations, Army Brigade Modernization Command. The standards will allow service members, DOD personnel and other government users to use the devices on classified networks, including the military’s Secret Internet Protocol Router Network (SIPRNet).

McCarthy spoke Jan. 24 at the Soldier Technology 2012 conference in Arlington, Va. He said the goal is to have Android smart phones and tablets able to connect to SIPR-level systems by the summer. This development marks a critical step forward for tactical operations and represents the high priority that mobile communications have become, he said.

“There were going to be no information assurance [standards issued] until 2014, but with the groundswell of interest and needs, the agencies responsible for certification are giving this a higher priority,” McCarthy said. “The key is that it allows users from DOD and other agencies to access databases that in the past they couldn’t get to using a smart phone.”

Those databases include mission-command tools such as the Tactical Ground Reporting system used for critical situational awareness in combat, as well as law enforcement databases such as the National Crime Information Center, he said.

“Every agency has information and data that they have to protect. Getting these certifications in place gives us the ability to move in and access and operate those using smart phones and tablets,” he said.

It has taken significant coordination across government agencies to get to this point. Now, the goal of having common standards across the government – led by NIST – isn’t far off, McCarthy said.

“We didn’t have the policies and procedures in place … the security requirements were not designed for use with smart phone technology, and it’s taken a fundamental shift in the policies and procedures to allow us to start looking at ways to do that and at the same time protect the sources, content and users of information. And at the end of the day, that’s what’s important,” he said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Mon, Jan 30, 2012 Well Informed Cyber Security Land

To clear a few things up, I know the Android OS they are taking about approving for SIPRNET won't have capability to store data outside of a secure sandbox. Stop acting like you know current policies because you don't. No data would ever be permitted to be stored locally with todays policy enforcement and practices that are in use by DoD and Federal agencies. The device would have the ability to communicate to obtain classified email at most. Browser support to the SIPRNET most likely will be set to an approved white list of sites and apps that will also require authentication with the appropriate credentials to include strong authentication. So even if someone punched you in the stomach and stole your device, which the probability of that happening is acceptable risk in the DoDs eyes. Its not like that person could forwarding the classfied info to a yahoo account. By the way SME PED has already been implemented do some research.One last thing to realize, this may also be more pressure for Apple to remove GPS tracking chips out of its technology or it will lose a decent share of the market because the government will never approve an apple device with a GPS chip certainly for classified data access.

Sat, Jan 28, 2012 Concerned Citizen Washington, DC

This is a horrible idea! According to this article, Mr. McCarthy said, “The key is that it allows users from DOD and other agencies to access databases that in the past they couldn’t get to using a smart phone.” Really, Mr. McCarthy?!?!? Those who work with classified information understand that layered security is essential to protect national security. In this case, you have defined the problem wrong: (i.e. difficult access to classified information). By its nature, this is NOT the problem...in fact, it is by design! As a result of defining the problem incorrectly, you are embarking on a fundamentally flawed solution. It seems you have removed the physical security layer (a requirement of a classified environment) by granting a handheld device access to classified information on the SIPRNET. What happens when the person holding the smart device gets punched in the face and the device is grabbed just as a bully takes a poor kid's lunch money? I'll tell you...the bully gets instant access to classified information that will result in grave danger to national security. The Federal Government needs to re-evaluate this decision.

Thu, Jan 26, 2012 Who's Looking Rhode Island

Google's bachdoor technique (Information Hacking) is natorious with Android OS. In fact I suggest the government take a more active role in supending some of googles data gathering on the consumer level. To Allow this Android OS on a secured DOD system is allowing a child to play with loaded guns! I am against this move at this time until secured methods of data collections have been made.

Thu, Jan 26, 2012 earth

My problem with the Android OS is that its security system sucks. Only at the time of installation of applications is the user asked what capabilities an application is allowed and then in an all or nothing manner. As applications are upgraded they naturally include new capabilities that open new opportunities for malfeasance. For instance in Russia, QR codes that automatically message an expensive text service are common. A QR decoder that does not have the capability of creating an address for a text service is relatively less useful than one that does, but unless it has “decode, decide” capabilities allowing the user to decide its actions at each instance after the machine has decoded the intent and projected action (and have default deny) it can become a security risk. All android applications need to have a “decode, decide with default deny” security stance.

Thu, Jan 26, 2012

As an Apple Developer, my understanding is that DISA is demanding that Apple turn over its source code for IOS and Apple is resisting doing so.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above