Cash-strapped U.S. Marines are still looking for secure handheld solutions after five years
Wed 28 Sep 2016
A Request For Information (RFI) posted by the U.S. Marines recently asks potential suppliers for information about emerging trusted handheld platforms in the smartphone and tablet spaces which can be adapted to military levels of security. The Marines want it cheap, off-the-shelf and customisable.
Which is fine – except that it seems to be a repeat of what they were asking for five years ago.
In 2011 the Marine Corps’ Captain Joshua Dixon said of the chief requirement for comms procurement: “Price. We have to be able to afford them.”
Back then, as now, the requirement for new equipment was that it be able to run commercial mobile operating systems, and to be susceptible to the fitting of secure and certified frameworks suitable for military use.
The current RFI specifies Google’s Android operating system, and must furnish the ‘ability to securely communicate data over tactical radio networks using a solution that can be integrated and fielded in months, not years.’
The new tech must meet the NSA’s Commercial For Classified (CSfC) specs. In 2011 Dixon commented that the new devices would need to meet over 1000 different requirements, and that the intention was not to create bespoke devices for the Marines.
The 2011 initiative represented a break from the U.S. military’s previous policy of ‘hardening’ off-the-shelf smartphones and tablets up to necessary security standards, since this process could take so long – up to two years – as to provide an obsolete product by the time of project completion.
The current RFI has a daunting feature-set for a reduced military IT budget: the wireless capabilities of the equipment must be ‘ruggedized’ against low temperatures and extreme conditions; supply a secure shortband connection to the standard issue Multiband Networking Manpack Radio (and will need to provide a physical connection port, in addition to a standard USB port, far from ubiquitous among modern smartphone and tablet designs); the provision of additional security layers to accommodate the Data at Rest Capability Package; and, if that wasn’t enough, the devices will need to use approved protocols and hardware in accordance with standards set down by The National Information Assurance Partnership (NIAP).