There’s been a lot of movement around Google’s Android mobile phone platform recently, especially involving security and its usefulness in classified sectors such as government, healthcare, and defense. For a while now, RIM’s BlackBerry has shored up much of these operations by providing a stable environment with security measures to prevent outsiders from easily tapping into communications—however, it looks like Android is poised to knock Blackberry off that perch.
Recently, Henry Kenyon at GCN.com ran an article about how the National Security Agency got together with Google and George Mason University in order to expedite accreditation for the Google Android platform so that it could be used for those purposes. He writes that the kernel is in the final stages of certification testing and once certified will open the way for the military to deploy smartphones and tablet-like devices to the troops.
The biggest problem facing the military from deploying such devices so far has been the lack of overall hardening and security on them. The networks and communication protocols that smartphones and tablets use are not very secure and could put lives in danger if enemy electronic surveillance or hackers managed to tap into the communications. As a result, the accreditation process is somewhat rigorous.
One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited.
“We have to have a way to verify the identity of the user of the smart phone. So it’s a triple-level security measure that we have to deal with,” he said.
There were delays in getting the operating system accredited until NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from NSA and the National Institute of Standards and Technology.
The Android kernel is now being tested for a Federal Information Processing Standard 140-2 certification, which is expected by mid-October. “That’s the first level of security that we’ve got to get before we start moving onto being able to ultimately do secret [communications],” he said.
BlackBerry has been a long-time favorite of banks and governments because they offer an encrypted communication network for both consumer and enterprise level customers. However, the recent massive UK-wide outage that struck RIM’s services has put a bit of wet-blanket on the enthusiasm of many of their clients.
BlackBerry taking a Back Seat when it comes to security?
Back during the London riots, I also mentioned that RIM would co-operate in the investigation by Scotland Yard involving the role of smartphones in the riots; but also that hackers threatened RIM with retaliation if they co-operated with the authorities—however, RIM couldn’t do much because they don’t have direct access to the encrypted network their customers used. However, it has since come to light that while Blackberry may encrypt their network the first layer of encryption happens to use the same key everywhere meaning that should it be broken once (by a government or authorities) it can be broken for any BlackBerry. This may not be the same for their enterprise level offerings, but it explains the next section thoroughly.
In addition to the Army’s plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry devices to Android-based phones. The reason is because Android devices with the new kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said.
Although news of President Obama’s “super-encrypted” BlackBerry may have been cute at the time when he got to keep his phone after being sworn into the Presidency—it’s not something to bank actual national security on.
Once the Android kernel is sufficiently hardened and certified by the agencies required, we may see a proliferation of Androids into government operations to begin to supplant the success of BlackBerry in that market.
If RIM has anything up their sleeve, we’ll be seeing them pulling out all the stops in first quarter 2012 in an attempt to restore confidence in their network and possibly also to show that they’re as ready for prime time as Android.
Recently researchers at Virginia Tech also developed their own location-based control scheme that could be implemented to protect data on Androids in sensitive environments. These developments, combined with classified accreditation and a hardened kernel, are a real coup de grace for Android; a platform that has a lot of open community and open source running for it, but still faces many questions about overall security and commonly targeted by the media for indications of malware and worms.