[ The Real McCoy Online Home

September 09, 2011

Department of Defense News

Department of Defense works to boost smartphone security

By Cheryl Pellerin, American Forces Press Service

WASHINGTON, D.C. — As the Department of Defense (DoD) seeks innovation made possible by smartphones and other mobile computing platforms, it’s also working to ensure DoD users of those devices employ them securely, a defense official said.

“Because of the pervasiveness of the (mobile computing) market, everyone has one, everyone wants one, but we often don’t look at how the device works — we take it home and start loading pictures on it,” Robert E. Young, division chief of outreach and communications for the Defensewide Information Assurance Program, said during a recent interview with the Pentagon Channel and American Forces Press Service.
PHOTO: Gen. Peter Chiarelli, the Army’s vice chief of staff, views a photo downloaded on a prototype Joint Battle Command-Platform Handheld. Photo by Ashley Blumenfeld
Gen. Peter Chiarelli, the Army’s vice chief of staff, views a photo downloaded on a prototype Joint Battle Command-Platform Handheld. Also pictured is Lt. Gen. William Phillips (second from right), principal military deputy to the Assistant Secretary of the Army for Acquisition, Logistics and Technology. Chiarelli and Phillips attended a recent field exercise at Fort Bragg, N.C., where Paratroopers from the 3rd Brigade Combat Team of the 82nd Airborne Division experimented with the Joint Battle Command-Platform Handheld prototype, the first developed under an Army effort to devise an Android-based smartphone framework and suite of applications for tactical operations. (Photo by Ashley Blumenfeld)

“We do want this innovation in the Department of Defense so we don’t want to say no,” he added, “but we want to do it safely and securely.”

Issues that concern the department, Young said, include the huge memory capacities of some of the new smart devices and users’ general lack of knowledge about how smartphones and tablets work and how they could be compromised.

“With all the different operating systems out there,” Young said, “every patch, every update changes each device and the vulnerabilities within (and users) are going to have to weigh that risk.”

Young said the department is evaluating how people are really using the devices — whether they’re using smartphones to check email or tablets to read memorandums or policies.

“What are you doing with the device? Is the camera disabled, are you taking pictures of people? I take a picture of you, I upload it and now you’re tagged and all of a sudden everyone knows where you are. So it leads to a digital footprint that connects to the device — anywhere, anytime, any device,” he said.

“In a split-second it’s up and online,” he added. “And once on the net — always on the net.”

Part of the answer is to educate, and raise mobile technology awareness for military members, DoD’s civilian workforce and their Families, Young said.

As part of this effort, he added, the department is taking a cohesive approach to adopting mobile technology.

“We have a Commercial Mobile Device Working Group and we take best practices from (the Defense Advanced Research Projects Agency — DARPA), the (Intelligence Advanced Research Projects Activity) and from our intelligence community partners” and share information, Young said.

“In the working group we have Army, Navy, Air Force, Coast Guard, FBI, CIA,” he added, “ … so that as a federal government, with a federated response, we can go to the vendors and say, this is what we need.”

The department also is working with DARPA and the Army on pilot programs for using mobile computing devices innovatively while also protecting information.

“Is the data at risk; is it encrypted while it’s being worked on?” he said. “If you lose a device physically what are you going to do?”

DARPA and the Army also are looking at new applications for such devices, Young said.

“The issue is that we have to make sure the apps are safe and secure. We can’t just throw them on and then try to figure out what they do after the fact,” he added.

It’s important for a mobile device manager to have insight into all the devices on the enterprise, Young said.

Such a manager must be “device agnostic,” he added, to be able to keep track of any sort of device made by any commercial producer that’s touching DoD’s information network.

“That’s the challenge,” he said.

Servicemembers and DoD personnel can get security information or have their devices checked by device manufacturers, Young said.

On military installations, he added, information assurance program officers or chief information officers can help.

Information about smartphone security also is available from the federal government, including the National Institute for Standards and Technology, with National Initiative for Cybersecurity Education information available online at the website http://csrc.nist.gov/nice/.

[ Top of Page ]

[ The Real McCoy Online Home ]