Devices bring new security policies

Red, black handhelds are an innovation that will require new security procedures

The advent of a new generation of handheld devices certified for handling classified and unclassified data is expected to usher in a set of new security policies governing when, where and how officials may use those systems. Existing security doctrine provides some guidance on the proper use of the new devices, but the National Security Agency has begun drafting more detailed policies, NSA spokeswoman Andrea Martino said.

Two companies, General Dynamics C4 Systems and L-3 Communications, each developed a prototype for NSA’s Secure Mobile Environment Portable Electronic Device (SME-PED) program. The agency is expected to award indefinite-delivery,
indefinite-quantity contracts to both vendors later this month for the delivery and deployment of SME-PEDs,  once they pass NSA’s certification process.

The new systems will let officials in the military, the Homeland Security Department and other agencies send classified e-mail messages, access classified networks or make top-secret phone calls on the go.

The technology is a first in many respects, said Lt. Col. Clinton Wallington, director of the Army’s advanced technology office. “It’s SIPRnet on the hip,” he said, referring to the Defense Department’s Secure IP Router Network for classified information. With the same device and the push of a button, users can operate in an insecure mode to browse the Web and send unclassified e-mail messages.
The device’s hybrid status has some observers wondering about security policies that SME-PED users will need to follow. “Can I take it home with me? Do I have to store it in a safe overnight? Can I pull it out on the Metro?” asked one DOD official.

When operated in unclassified mode, the Common Access Card-enabled SME-PEDs are considered high-value items, but storing them in a safe is not necessary, Martino said. However, using the devices in secure mode in public places, such as Metro trains in the metropolitan Washington area, is not desirable, she added.

Col. John Blaine, chief of the wireless integration branch at the Air Force Communications Agency, said he expects the next update of the Defense Information Systems Agency’s security technical implementation guidance for wireless devices to answer some of the policy questions about SME-PEDs. Blaine pointed out that although many people are still in the dark about the specifics of SME-PED security, both vendors’ devices must obtain NSA certification before such questions can be answered.

“All we can do now is wait,” Blaine said.

Martino declined to say when the devices might be certified because the schedule is still in development.

General Dynamics officials said they will ship their product to NSA for certification in August, but they will start production after NSA awards a contract later this month. L-3’s device most likely will not be certified before December, government sources say.

Martino said unit prices for the SME-PEDs are still in negotiation. As for monthly wireless costs, the vendors are having discussions with carriers to create a one-stop shop for the SME-PED under the General Services Administration’s Networx program, she said.

Wallington said the Army plans to give SME-PEDs to officials in leadership positions who need secret communications channels at all times. “We’re not going to give these to the common soldiers,” he said.

The Air Force could use the systems to quickly relay targeting information for time-sensitive strikes, Blaine said.

**********


Mobile secrecyA new personal digital assistant developed for the National Security Agency will let government officials access classified networks and make top-secret calls on the move. Its security features include:
  • Access via the Defense Department’s Common Access Card.
  • Encryption of stored data.
  • Automatic deletion of encryption keys when the system detects break-in attempts.
— Sebastian Sprenger

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.