In the movies, it’s easy: the federal agent answers his phone and receives a tip, then calls his wife and apologizes for missing dinner, then dials his boss and discusses urgent matters of national security, all with his personal mobile phone. But that’s the movies. In real life, there are reports of fake cellphone towers in Washington D.C. scooping up conversations indiscriminately, and easily available $20 thumb drives that can turn a laptop into a listening device. Mobile phone conversations are remarkably easy to capture. It can be dangerous for federal employees and contractors to discuss even unclassified sensitive information via mobile phones, much less nuclear launch codes.
But BlackBerry is trying to change that.
BlackBerry has a phone application called SecuSUITE® for Government that enables government agencies to make highly – encrypted secure phone calls both mobile to mobile, as well as mobile back to a landline within the agency’s network. NATO Communications and Information (NCI) Agency has recently deployed BlackBerry’s SecuSUITE® for Government to encrypt the conversations of its technology and cyber leaders on standard iOS and Android devices.
The main issue with secure communications up until now has been complexity. Satellite phones are large, heavy and must have line of sight to the satellite, meaning they can’t be used indoors. Other custom systems designed for classified use are expensive and require multiple components to be used in concert with the phone. Some federal executives even have to have special assistants to manage their secure communications when they travel due to the complexity and size of the systems.
But BlackBerry’s system is much simpler.
“It’s basically an app that looks just like a standard cell phone dialer,” said David Wiseman, Vice President of SecuSmart, BlackBerry. “You make your phone call, you have your contacts, you have your call history, you have your text messages, if someone knows how to use a cell phone to make a phone call, they know how to use the system. So it really lowers that barrier in terms of end user adoption.”
BlackBerry’s system secures a call by running it through a centralized server owned and operated by the agency. It’s a completely private, IP-based system, so the message traffic is still secured even if the phone is on WiFi. BlackBerry’s system is certified compliant with the National Security Agency’s National Information Assurance Partnership (NIAP) and Commercial Solutions for Classified (CSFC) program as wells as with the NIST 140-2 standard. And this is done in a manner that allows agencies to remain fully compliant with existing audit and record keeping regulations.
“The way it works is, there is a centralized server, and all of the activation of the client software on people’s cell phones, or tablets, is done in conjunction with that server in an out of band manner. So you are able to establish a clear chain of trust,” Wiseman said. “And that’s how you can be confident when receiving a call or message that it is actually from real trusted member of the network, because they have a properly certified and activated copy of the application on their device. And then whenever you make a phone call, it routes between the phones through that server with fresh encryption keys established for each call. The server’s also monitoring for any potential security, voice quality or signal quality issues and addressing them. The server also has the ability to connect the mobile calls securely into the existing office phone networks so you can speak with someone as their desk.”
And it was not built just for encryption purposes, but also to protect from phishing and other social engineering attempts, like number spoofing.
“There was recent news about some congressmen receiving texts that they thought came from the Vice President’s office based on caller ID, but they didn’t,” Wiseman said. “We protect you from those types of social engineering attacks. Using our secure app, you can have confidence that who you’re talking to is who they’re supposed to be, and that what you say, is properly protected.”
Wiseman said BlackBerry has a few use-cases in mind for this kind of secure system. For one thing, any U.S. government employees who are stationed or operating overseas, from diplomatic staff to inspectors to law enforcement, needs a secure way to communicate with their coworkers and headquarters, especially if they’re dealing with organized crime, adversarial governments or other national security concerns. Similarly, federal employees, even those working domestically, who feel as though their role might cause them to be targeted for information gathering purposes could benefit from this technology. And finally, it could allow federal employees who have to work with classified or sensitive information to telework more easily, without having to have special communications equipment installed in their homes.
“There’s a lot of risk right now, in terms of mobile communications, even with the latest, new LTE and 5g networks currently being deployed or planned, even those have published vulnerabilities on a large scale,” Wiseman said. “People are aware of that, but they just kind of ignore it. And a lot of the reasons they ignore it is because alternatives are pretty expensive or complex to use, so what we really focused on is providing security that mitigates all of those known risks, but doing it in a way that someone is just using a regular phone, they’re making a regular phone call, and they don’t have to do anything special in learning how to use the system.”