Leveraging the Military-Consumer Complex: A Thorny Panacea
Sunday, March 7, 2010
By David Kahn
American soldiers in Iraq and Afghanistan are the first generation of U.S. war fighters who are digital natives. When their military-issue walkie-talkies can’t reach their commanders, or if they need map or satellite views of their locale, many pull out their personal iPhones and use the local cellular system to reach superiors or download Google Maps.
While the advantages of this commercial gear are obvious, security and logistical challenges prevent the widespread use of these tools by our war fighters.
There was a time when only military-specific hardware provided the durability needed for battlefield use. But it came at a heavy cost. Literally. Military hardware is typically heavier and far more costly than similar commercial gear. Lengthy procurement cycles and arduous specifications have resulted in equipment that is often obsolete before it reaches the soldier.
Today’s commercially available superphones weigh only a few ounces yet offer key features such as GPS, compass, memory, storage, display and communications capabilities. Because consumer road warriors want durable computers and communications equipment almost as much as the military does, commercially available hardware is sufficient for military use in many cases.
This has generated considerable excitement that consumer devices might enable state-of-the-art command-and-control systems and personnel-level blue and red force tracking that could give our soldiers battlefield advantages. While field commanders and their subordinates have embraced consumer technology, there are deep concerns among information assurance personnel, including:
Military bandwidth is a precious asset, particularly at the tactical edge. The Defense Information Systems Agency (DISA) estimates that deploying C4ISR systems in the hands of tactical war fighters to provide them with actionable information would require 100 times as much data rate as is currently available.
Using superphones on local cellular networks would create two security risks. The unencrypted backchannel, which is used by local cellular operators to hand off voice calls between towers, allows a phone’s location to be tracked. Moreover, the Iraqi and Afghan cellular systems are based on the Global System for Mobile Communication (GSM), which has had its encryption repeatedly compromised, making it unsuitable for military communications.
In the past, the U.S. military had the luxury of keeping the number of devices small. However, achieving electromagnetic superiority requires placing many more devices in the field with an exponentially increased administrative burden. Increased battlefield communication, drones and robots already stress military communications and maintenance infrastructures. It has become routine for thousands of devices to require simultaneous upgrades to keep them working together. If every soldier carried a military-issue superphone, we would have to implement significantly better administration tools.
Solutions Are Being Tested
DISA is working to increase bandwidth and soon will be able to provide more than 1 megabit per second of bandwidth at the tactical edge. DISA already has mobile equipment that can provide broadband coverage for cell phones over small areas.
Equally exciting are new software technologies that prevent mobile device locations from being tracked. These technologies create advanced encryption standard tunnels that can safely be used on unprotected networks because their encryption relies on public-private key pairs that are known only to the endpoints.
Because intermediate hardware or network sniffers do not have the endpoints’ private keys, they cannot decrypt the data stream.
What Is the Holdup?
The biggest impediment to U.S. military forces using superphones in war zones is not technical. Rather, it is the information assurance requirements and procedures that made sense when our enemy was the former Soviet Union, a large and technically sophisticated nation that had the will and means to penetrate the smallest crack in our information protection.
Unfortunately, these requirements continue to be applied to our current enemies, who haven’t the skill or resources to mount large-scale attacks. We should reconsider the requirement for hardware encryption of classified data, as it precludes most consumer devices.
It will take imagination, energy and persistence to rethink our information assurance procedures so they can quickly deploy the latest technology and devices while protecting critical data. The alternative is to continue relying on mil-spec equipment that is outdated and often unusable, or in using consumer devices that are unprotected.
David Kahn is CEO of Covia Labs, Mountain View, Calif. Covia Labs has developed a software platform to enable secure interoperable applications regardless of operating system or hardware.
