Ruggedization required for mobile devices on the network
Certification process delays deployment, but developers forge ahead
- By David Walsh
- Jan 03, 2012
Mike McCarthy, director of operations at the Army’s Mission Command Complex, part of the Brigade Modernization Command, is a lightning rod for small mobile devices. And he’s optimistic about configuring civilian technology for military purposes.
However, stringent military certification requirements are keeping rugged versions of civilian smart phones, tablets, notebooks and other handheld computers in the pipeline.
McCarthy interfaces with Connecting Soldiers to Digital Applications (CSDA) and Army Research, Development and Engineering Command’s communications electronics center (CERDEC), and also the engineer-testers at the Army's Network Integration Evaluation (NIE) at Fort Bliss, Texas, and White Sands Missile Range, N.M.
Commercial-off-the-shelf sourcing means the potential deployables arrive with largely military specifications from manufacturers, needing only application- and mission-specific tweaking. But no program of record for deploying small mobile devices exists — only “limited pilot projects,” McCarthy told Defense Systems in midsummer.
“What’s really holding up moving forward with deployment is the actual accreditation [of the units] to operate in military networks up to the secret level,” McCarthy said. “It’s a question of getting the full Information Assurance [IA] approval process in place.”
The Army “can’t do anything that requires a NIPR or SIPR connection environment,” he said. Approval is required to connect with the dotmil network and the SIPR/NIPR, the Defense Department's classified and confidential networks.
McCarthy lauds recent efforts to speed up approvals by the National Security Agency, which assures commercial device software and process compliance. And the National Institute of Standards and Technology established a governmentwide standard, he said. "Everybody needs to be certified only once. This is a radical change.” So industry has a good handle on requirements, he said.
But “there are no exceptions” to the demanding NSA-run IA process, McCarthy said. In October, Apple was sent back to the drawing board for additional operating-system hardening. Even after successful testing and certification, “having the authority to operate and connect on a much larger [post-pilot] scale” isn’t a done deal.
That said, McCarthy is huddling with special operations officials in theater to pilot small mobile devices on standard networks “so we can at least field proof-of-principle. We should have authority to connect to dotmil networks at the FOUO [For Official Use Only] level” relatively soon, he said.
Speaking in early November, McCarthy said 6140(2) certification testing for this would likely be completed before the end of 2012. Afterward, assuming a passing grade and the NSA’s go ahead, “the plan is to immediately go into the Suite-B [security algorithm] testing,” with completion projected for the second quarter of 2012.
His shop is also working on software that, which when attached to an Android phone, “essentially allows you to function as a Satcom.” Interoperability and flexibility are key, he said, “We keep these projects operating-system agnostic.”
McCarthy has rejected some popular civilian smart phones because of inadequate range, flimsiness or other factors. “We’re looking at groups of smart phones that do very well in our type of environment,” he said. A conventional seven-ounce smart phone is the baseline.
“For the vast majority of applications, everything from a Motorola to a Blackberry to an iPhone is more than adequate.” He said. “There’s no need spend $2,500 on special hardening for a $200 phone.”
Most soldiers know the value of handheld devices and protect them — and silicon skin kits, wrap cases, slide-lock baggies, and other accessories are available as needed. Broken devices can be discarded and cheaply replaced.
Only 40 official, fully vetted devices are now in theater, the result of McCarthy’s CSDA project. Of 12,000 phones, tablets and other devices tested in 18 months under hard conditions at Ft. Bliss, only two broke.
Although IA is the great challenge, McCarthy warns that, ruggedness and other features aside — more and better apps, longer battery life, portability, ergonomics—any tech firm hoping to be a serious contender must give security utmost priority.
He has been impressed by the frequency spectrum scanning technology from xG Technology. “It essentially continues to look for open spectrum, so if something comes on to the frequency it’s using, it moves there almost instantly,” he said.
This “frequency hopping,” which McCarthy calls “a potential game-changer,” protects information sent on devices such as smart phones. During a test, a military jammer managed to shut down all the Army’s communications systems except for the xG network’s xMax solution.
xMax is frequency-agnostic and can be “flexibly deployed to the needs of the Army and other DOD agencies” here and overseas, said Rick Rotondo, xG Technology's marketing vice president.
That and other innovative network systems — some from quite small companies — that incorporate combat exercises are slated for further tests at the 2012 NIE. Multilevel biometric security solutions, based on a flexible-classification concept, are also of great interest.
“It doesn’t make sense to lock your [handheld device] so you can do only classified stuff,” McCarthy said. “You might spend only five percent of the day accessing battle command systems, mission command systems — classified levels of data” — but also need to do tasks at the NIPR (officially unclassified but controlled) or open unclassified level.
How do multilevel security mechanisms work? Motorola’s Atrix smart phone has a built-in fingerprint reader on the power button that “gives you [what could be] the first level of verification and authentication,” McCarthy said.
For checking e-mail messages that are nonsecure, Atrix uses “either biometrics or iris scan, built in so the phone knows you’re authorized. But then if you need to look at your FBCB2 or drop some data from that into another program, you can use…voice recognition, he said.” Atrix generates a random sentence and compares your rendition of it against your established voiceprint, McCarthy said.
As for other handheld devices, military leaders want tablets for briefings and demos. McCarthy said that, although a full-size tablet device such as an iPad is “the way to go” for classrooms, a seven-inch tablet is preferred in the field. Tablet devices need more protection because of their larger glass surface.
Apple doesn’t make one, so he is looking at the Android and Blackberry Playbooks. Apple and Research in Motion declined interview requests for this article.
Meanwhile, Dell’s Streak is popular. So is the Entourage hybrid, which opens like a book and has a tablet on one side, a reader on the other, and lets you do two things at once.
Operational ranges and battery lives are “about the same” for larger and smaller tablets, McCarthy said. Tests of solar solutions, less efficient for small devices, are planned. “We’re not ruling anything out. I’m convinced the solution is out there in industry. We need to keep these devices running for days or weeks at a time.”
A leading player in the small mobiles area is General Dynamics. Its GD2000 bridge device splits the difference between small tablets and handhelds. Billed as a fully rugged, ultra-mobile personal computer, it’s 1.8 inches by 6.6 inches by 4.8 inches and weighs about two pounds.
Interoperability is assured with other computers using standard operating systems such as Windows, Windows CE or Android. The units have been tested by paratroopers for shock, dirt and water resistance. For heavy communications needs, the wireless device can simultaneously run three radio frequency modems and a GPS receiver.
Multiple data and asset security features include a fingerprint reader, BIOS-level passwords, stealth mode keyboard and display settings for secure environments, TPM 1.2 and an optional smartcard.
A rugged computer comprises much more than a hardened case and durable hinges, said Tim Hill, senior product manager for General Dynamics Itronix. "For example, ours have a protective seal behind external ports. Even if the outer port cover door breaks off, the port is still protected from water, dust or other intrusion.” For delicate innards, a “composite thermal cushion” guards against impact, vibration and temperature extremes.
General Dynamics works closely with component vendors to ensure parts are free from hidden viruses, malware and other cybersecurity risks, and tests all products before shipping, he said.
Hill’s colleague, Richard Coupland, director of Strategic Business Development for General Dynamics C4 Systems, was asked what a small mobile “dream machine” might look like.
"Imagine a pocket, tablet-sized, or even smaller rugged smart phone that can seamlessly transition from Wi-Fi to cellular to tactical radio waveforms," he said. It would cost "about as much as a commercial smartphone [and] could host both personal and specialized tactical apps, separated by a secure firewall. The tactical apps could also run within a secure, cyber-protected operating system when needed."
“There would also be a military-based app ecosystem, like in the commercial world, where a military user could securely download whatever application is needed, anytime, anyplace," he added.
David Walsh is a special contributor to Defense Systems.