Devices bring new security policies

Red, black handhelds are an innovation that will require new security procedures

The advent of a new generation of handheld devices certified for handling classified and unclassified data is expected to usher in a set of new security policies governing when, where and how officials may use those systems. Existing security doctrine provides some guidance on the proper use of the new devices, but the National Security Agency has begun drafting more detailed policies, NSA spokeswoman Andrea Martino said.

Two companies, General Dynamics C4 Systems and L-3 Communications, each developed a prototype for NSA’s Secure Mobile Environment Portable Electronic Device (SME-PED) program. The agency is expected to award indefinite-delivery,
indefinite-quantity contracts to both vendors later this month for the delivery and deployment of SME-PEDs,  once they pass NSA’s certification process.

The new systems will let officials in the military, the Homeland Security Department and other agencies send classified e-mail messages, access classified networks or make top-secret phone calls on the go.

The technology is a first in many respects, said Lt. Col. Clinton Wallington, director of the Army’s advanced technology office. “It’s SIPRnet on the hip,” he said, referring to the Defense Department’s Secure IP Router Network for classified information. With the same device and the push of a button, users can operate in an insecure mode to browse the Web and send unclassified e-mail messages.
The device’s hybrid status has some observers wondering about security policies that SME-PED users will need to follow. “Can I take it home with me? Do I have to store it in a safe overnight? Can I pull it out on the Metro?” asked one DOD official.

When operated in unclassified mode, the Common Access Card-enabled SME-PEDs are considered high-value items, but storing them in a safe is not necessary, Martino said. However, using the devices in secure mode in public places, such as Metro trains in the metropolitan Washington area, is not desirable, she added.

Col. John Blaine, chief of the wireless integration branch at the Air Force Communications Agency, said he expects the next update of the Defense Information Systems Agency’s security technical implementation guidance for wireless devices to answer some of the policy questions about SME-PEDs. Blaine pointed out that although many people are still in the dark about the specifics of SME-PED security, both vendors’ devices must obtain NSA certification before such questions can be answered.

“All we can do now is wait,” Blaine said.

Martino declined to say when the devices might be certified because the schedule is still in development.

General Dynamics officials said they will ship their product to NSA for certification in August, but they will start production after NSA awards a contract later this month. L-3’s device most likely will not be certified before December, government sources say.

Martino said unit prices for the SME-PEDs are still in negotiation. As for monthly wireless costs, the vendors are having discussions with carriers to create a one-stop shop for the SME-PED under the General Services Administration’s Networx program, she said.

Wallington said the Army plans to give SME-PEDs to officials in leadership positions who need secret communications channels at all times. “We’re not going to give these to the common soldiers,” he said.

The Air Force could use the systems to quickly relay targeting information for time-sensitive strikes, Blaine said.

**********


Mobile secrecyA new personal digital assistant developed for the National Security Agency will let government officials access classified networks and make top-secret calls on the move. Its security features include:
  • Access via the Defense Department’s Common Access Card.
  • Encryption of stored data.
  • Automatic deletion of encryption keys when the system detects break-in attempts.
— Sebastian Sprenger

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group