Secure cellular comms could continue to be a hero
Locking down cellular communications remains critical to national defense
- By John Grimes
- Apr 07, 2011
It's been almost 10 years since the devastating terrorist attacks on our nation and its people. On Sept. 11, 2001, it became abundantly clear how critical commercial cellular and radio services are to supporting immediate response and recovery by law enforcement, emergency personnel, military, and other first responders in the public and private sectors.
That dependence extends to the top levels of government. The then-director of the Defense Information Systems Agency was in another state when the attacks on New York City and the Pentagon occurred. Circuit overload prevented him from making contact with his agency, which, together with the National Communications System, had the responsibility for restoring all Defense Department and national security communications. The director had to depend on cell phone communications to command and control his agency during his six-hour drive back to his Washington headquarters.
That scenario, though extreme, is not a singular event. Because of their ubiquitous and interoperable attributes, cell phones have played a leading role in other national disaster and emergency events, such as Hurricane Katrina.
Although the dependency on cellular telephone services has increased exponentially, so has the threat. Attacks on official wireless communications are becoming more prevalent as sophisticated hacking tools have become more accessible. A recent conference in Washington showcased no less than four ways to attack cellular calls, including a how-to guide to convert smart phones into clandestine intercept tools. Fully functional cellular interception software is available as a free download on the Internet, requiring only a laptop and commercial radio transceiver. That said, as the military and other national security agencies continue to integrate cellular communications technology and smart phones into their daily operations, the issue of security again becomes crucial, and threats limit the full potential of cellular technology.
Although the military and law enforcement agencies are equipped with secure radio communications for handling classified information in almost any form, the protection of sensitive but unclassified information transmitted via cellular telephone for official use remains problematic. Today’s SBU requirements call for secure seamless wireless interagency communication capabilities, including state and local agencies, for sharing critical information in a timely manner. Some estimate that as much as 90 percent of the communications traffic in the government includes SBU information, leaving it vulnerable to intercept and potential exploitation.
However, those communications no longer need to remain in the clear. Hardware and software systems are readily available for protecting routine cellular communications from interception. These solutions are FIPS 140-2 compliant, and some implement the Suite B cryptographic sharing suite recommended by the National Security Agency for protecting SBU information. Those commercial solutions are highly scalable and can be quickly integrated into wireless devices by using commercial software in the form of a downloadable application, making it easy to install like so many other applications on our smart phones today. Some provide the same user experience as any popular smart phone.
The benefits are clear. A government wireless policy for government personnel and contractors is needed, and it should protect SBU information transmitted via BlackBerrys, smart phones and other wireless devices. The Committee on National Security Systems, with representation from the 21 executive branch departments and agencies, is perfectly positioned to develop and implement that policy. Adding a layer of certified end-to-end SBU security protection will eliminate the gratuitous access to government communications and might just prevent giving away our nation’s crown jewels.
John Grimes, former assistant secretary of defense for Networks and Information Integration and DOD CIO, is an independent consultant.