National security policy hasn’t kept up to accommodate technical solutions that would facilitate mobility in classified settings, said two officials Thursday at the AFCEA Washington, D.C. Mobile Tech Summit.
For example, mobile devices used in the field are often barred from secured spaces because of lagging policy, said one former CIA official. In another example, a U.S. Special Operations Command official explained that though technical solutions could be found to facilitate information sharing between the U.S. and coalition countries, policy hinders their real success.
One major effort underway in the military communications world is what is called the Mission Partner Environment, which deals with how DOD can more rapidly, but securely, share information with its coalition partners. Bill Burnham, technical director at Special Operations Command (SOCOM), says people often ask why they can’t exchange information with a coalition partner.
“At the end of the day we can enable a system that lets allows you to send information to your coalition partner,” Burnham said. “It’s the policy that says what can be shared, that holds things up. Our process before a military-to-military information exchange can occur with another country is wrapped deep into national disclosure policy, deep into Department of State agreement policy, and the military doesn’t really get a say in that.”
He added: “You have a fair amount of work going on in the DOD [Chief Information Officer] shop, a lot of great, smart people working their tail off to figure out MPE. But what they call the intangibles aren’t being worked. What’s not being really fixed is the policy, which is under [the undersecretary of Defense for policy] and [the undersecretary of Defense for intelligence], which says at what level a decision to share can happen.”
Burnham said right now some stationed overseas know they need to share information to do the right thing, “and they’re not enabled by information technology” to do so. Right now information can printed off and shared under the authority of a commander, but “it’s not done the way we want it done.”
“A lot of what we want to do is not hard, it’s not rocket science,” Burnham said. “And it’s imminently doable. The challenge comes down somewhat the policy side.”
Is mobility even necessary?
Another area where policy purportedly lags is in getting mobile devices into secured spaces like a Sensitive Compartmented Information Facility or SCIF, said Bob Flores, co-founder and partner of Cognitio Corp., and former Central Intelligence Agency chief technology officer.
“The warfighting space is controlled by the office space essentially,” Flores said. “Where I see the lack of significant progress is in the office space. It’s great to be able to provide the warfighter with all kinds of cool things, secure and non-secure, whatever’s needed. Inside the SCIF though, today, the problem has been largely ignored.”
It doesn’t make sense to be locked down from using a wireless device in the SCIF, but then be expected to use it outside of it, Flores said, adding “that’s just not going to fly over time. People have to have their ubiquitous devices.”
Flores acknowledged that some people have serious concerns about security, but he said “there’s technologies out there that can help us overcome those concerns.”
Flores was asked if everyone involved who should be in making policy decisions around and he replied no, but declined to name specific names.
“I think it’s really more types of agencies,” Flores said. “There’s a general feeling among some people that, look, this wireless thing is a nice-to-have. If it’s going to compromise security at all then nice to have just doesn’t make sense. It’s not just a nice-to-have. Yeah, 20 years ago it was, but not anymore. It’s a necessity today.”
He noted that some people are starting to do what he calls “fairly minor” proofs-of-concept, but “they’ve kind of dropped the ball on this, and there just hasn’t been as much emphasis put on it.”
He added: “And every day that they don’t do it they get further and further behind.”
Flores noted that his former agency knows how to exploit devices, and what they can and can’t crack. He said their worry is that if they can exploit something, someone else can too.
“My view is that’s all find, but instead of just hiding it under a rock, you should take that on as a challenge and say: okay well how can we overcome that? Even if it’s in such a way that you make it a state secret of how you’re doing it,” Flores said.
He later added: “My point is they’re not aggressively figuring out how to do the mobile stuff today. So pockets, yes, there is some work going on. But that work should have been going on 10 years ago, 15 years ago.”