The Pentagon has approved security protocols that will let it start deploying its first-ever Android mobile devices to DoD employees.
The Defense Information Systems Agency has granted approval for a final Security Technical Implementation Guide (STIG) for Android version 2.2, allowing the platform to be put into immediate use on DoD’s Global Information Grid (GIG).
But the STIG does not grant blanket permission for DoD users to hook up just any old Android device to Defense networks. The guide requires the installation of mobile device management software made by Sunnyvale, Calif.-based Good Technology, which locks down many features of the device, including Bluetooth, Wi-Fi and access to Google’s Android Marketplace.
Also, the STIG applies to only one device for now, the Dell Streak, though DoD and its vendors are hoping to see approval for more devices soon. Additionally, DISA and Good are working to implement sufficient security measures to allow a STIG to be approved for Apple’s iOS-based devices. iPads and iPhones are currently being tested in various corners of DoD under a DISA-approved Interim Security Configuration Guide which only allows the devices to be used in a pilot phase.
Good officials said the Army already holds 80,000 licenses to use its software on mobile devices — currently, they’re being used primarily on Windows Mobile devices. They said it was too early to tell how widely the Android platform would be deployed across the department.
“There’s a little bit of a chicken and the egg problem,” Chris Roberts, Good’s vice president for public sector said in an interview. “The 80,000 Army licenses could be used for these Secure Android devices, but I’m certain that some people will want to hold out for the iOS STIG. But the licenses could be used for any approved STIG platform. There will be other interest outside of the Army for sure, and we’re already starting to see that now that there’s a STIG approved.”
The Secure Android platform, enabled by application programming interfaces created by Dell and Good, lets users digitally sign and encrypt email, save and manipulate data on a secure, FIPS 140-2-certified partition on the device, and access secure DoD websites.
And since DoD security rules require devices on Defense networks to be able to access the department’s PKI infrastructure, users have to swipe their Common Access Cards through a wireless card reader in order to use the device.
“I think many in the DoD would like to solve that bulky extra hardware problem once and for all, and hopefully we’ll go in that direction with near-field communication technology or something else in the near future,” Roberts said. “For today, the guidelines are still pretty clear. We require that there’s a CAC reader, and we work closely with a company, Biometric Associates. They’ve designed a wireless Bluetooth card reader that works with both the Android and iOS devices that’s NSA-approved.”
Roberts said Good was able to gain approval for the Android platform ahead of iOS primarily because of the open source architecture of the mobile operating system.
“Apple’s made incredible progress in terms of continuing to harden their operating system and their devices, but the ability to meet the DoD guidelines is a lot easier when you’ve got an open operating system and you’ve got a willing device manufacturer,” he said. “We can quickly plug the holes and provide the DoD with precisely what it wants in a much faster time frame.”