It takes DISA 3.5 hours to activate a single classified mobile phone -- here's why
Over-the-air provisioning remains a challenge for classified mobile devices.
The National Security Agency recently added the Samsung S4, S5 and a few other devices to its list of off-the-shelf gadgets approved to store and transmit classified information. But getting encrypted devices activated and into the field is a bit of an ordeal.
According to Gregory Youst, CTO and chief mobility engineer at the Defense Information Systems Agency, the military component that manages mobile devices on classified networks, the NSA generates encryption keys on a hard disk. At DISA, the keys are manually entered into the device, and then the disk is destroyed. In all, Youst says, it takes three-and-a-half hours to provision a single phone.
"We know it's not scalable," Youst said at an Oct. 22 meeting of the Information Security and Privacy Advisory Board. "We have to get to where we can make it scalable and working over the air."
Right now, Youst said, there are only about 500 phones approved for classified use out there, and the intention is to scale up to 1,500 in the near term. Overall demand, Youst said, is about 25,000 devices.
That number might seem low, given government estimates that about 5.1 million individuals hold a secret or top secret security clearance. But Youst noted that from the Defense Department perspective, classified networks are for command and control, not the soldier in the battlefield.
To that end, DISA and the NSA are working with Google, Apple, Microsoft and other equipment and operating system manufacturers.
"The [manufacturers] are going to have to make some changes and open up some APIs," Youst said, to allow devices to generate encryption keys derived from information embedded in military Common Access Cards -- a smartcard deployed under the 10-year-old Homeland Security Presidential Directive 12. The phone will generate the key, Youst explained, and will never leave its secure container. Current policy militates against relying on build-in encryption, because there's no way to be sure that "those who generated the credential didn’t put in a back door."
The NSA is still getting used to the idea of mobility, according to Troy Lange, chief of systems and technologies analysis and a leader of the NSA's "commercial classified" program. "Us talking about anything other than risk avoidance is quite amazing," Lange said.
The agency has moved from designing its own devices and delivering detailed specs to contractors -- a process that took up to three years -- to adopting commercial devices for classified use. But Lange noted that "the device is probably the easiest part." All the other things -- network monitoring, enterprise services -- are much harder. The NSA solution involves redundant, independently designed encryption layers, and it's cloud based, with the device ideally acting as a conduit to classified data, but not as a storage hub.
Other security measures under consideration include limiting access to data when a user is out in public. Access to data could be compartmentalized by need, with full classified access being granted to subject matter experts as the need arises -- for instance, in the event of a national security crisis. "The enterprise might be able to make some decisions about that," Lange said.