DoD & Industry Pursue Secure Commercial Cloud for Mobile Devices

“It used to be that you needed a secure briefcase to transport secret information.”

Video Above: DARPA Approaches Massive New AI, Machine Learning "Breakthrough"

By Kris Osborn - Warrior Maven

--When a forward operating unit is taking casualties from heavy incoming fire real-time intelligence data can of course, in a matter of seconds, decide the difference between life or death… victory and defeat --

(Washington, D.C.) -- If a US Army infantry unit, engaged in massive mechanized warfare, were suddenly ambushed by a large number of enemy fighters attacking from multiple angles -- location information or intelligence about air support would hinge almost entirely upon timely access to information.

This would be of particular relevance to dispersed, mobile, dismounted units in combat relying to a large extent upon hand-held devices… or small boats, fighter jets and other combat “nodes” needing access vital secret information while in transit.

Given all these variables, what would it mean to have instantaneous access to secure commercial cloud technology during heavy combat? At the tip of the spear? Most of all, could there be a technology able to perform this cloud-centered data-sharing function -- while reliably maintaining the security of classified information?

“Pushing capability into cloud infrastructure, if done securely, will make where you are or whether you are in transit less important but will enable analytics to create a better understanding as to what is happening in real time and also enable better information sharing," (Ret.) Lt. Gen. Alan Lynn, Vice President of Engineering, Cisco -- and former Defense Information Systems Agency, DISA director -- told Warrior Maven.

Significantly, when Lynn was leading DISA several years ago, he explained this phenomenon succinctly by telling reporters - “it used to be that you needed a secure briefcase to transport secret information.” At the time, Lynn was addressing a joint DISA-Army program called “Unified Capabilities” intended to bring cloud-enabled SIPRNet to mobile devices.

Changing intelligence information often requires ground troops, ships attacking fighter jet change targets while en route to an objective? What would it mean to the combat scenario if, on a hand-held device, tablet or other portable system, every warfighter could instantly access secret intelligence using commercially-developed, yet secure cloud computing applications? Moreover, what about the possibility of having newly gathered, yet secret information of importance to a combat operation securely uploaded to the cloud for others to access?

These kinds of scenarios, all too familiar to a US military hardened by 15-years of ground war, has inspired the creation of an emerging cloud-migration technical system -- called “Mission Mobility.” The technology, which now involves a consortium of silicon valley major developers to include Cisco, Apple, Verizon, Samsung and Amazon, is moving quickly to simultaneously enable widespread cloud access across mobile devices while ensuring the security of secret information. While still in its early phases, “Mission Mobility” developers are amid ongoing discussions with the US military services and members of Congress regarding the potential impact of the effort.

The Air Force is among those now showing a decided interest this kind of technology. Air Force officials tell Warrior that, as of February 2019, The Air Force has moved dozens of applications and systems, including the Air Force Portal, to a commercial cloud -- thus reducing infrastructure and power requirements.

“From a combat operations vantage point, getting to the cloud means the Air Force is less impacted by points of failure. Having our industry partners host Air Force systems and applications in the cloud offers a high rate of availability, visibility, security, and scalability,” Maj. William “Bryan” Lewis, Air Force spokesman, told Warrior. “The opportunity to take advantage of cloud-native services will lead to enhanced analytic and artificial intelligence capabilities through improved enterprise data sharing.”

Native applications, developed for a particular platform or devices or an individual device, allow for rapid technical upgrades and an advanced User Interface (UI) with specifically engineered apps. Many of these can function on a device in the absence of a web browser or internet connectivity, due. So-called “Hybrid” apps can both leverage the best commercial technology built into Native apps, yet also at times connect when needed to a web browser enabling cloud connectivity. Native apps are compatible with a device’s hardware, a circumstance which allows for a broader range of activity on a device when compared to web-based apps. When it comes to cloud migration, “Mission Mobility” seeks to combine the advantages of commercially-engineered Native apps, with a secure, web-enabled cloud experience.

Data linked to a Native apps is stored on the device itself. Web-enabled apps, by contrast, stores data on the cloud. “Mission Mobility” seeks to do both, by blending standardized security protocols with next-generation,commercial technology into a secure, web-based cloud experience.

An interesting 2018 essay in a publication called the DEV IT Journal - offers the following detail:

“Native apps are developed using their own development platforms for iOS and Android such as Java(Android), Objective-C(iOS), and Visual C++ (Windows mobile), whereas, the mobile cloud apps are written in HTML5, CSS3, and JavaScript along with server-side languages and web-application frameworks such as PHP, Rails or Python.”

While all the US military services, and the US intelligence community, are now migrating to cloud systems at lightning speed …… an ability to enable widespread cross-platform secure access to mobile devices used by forward units on the move in combat, represents yet another developmental frontier. Also, despite its known advantages, cloud migration is also characterized by a two-fold trajectory -- or something which could be called somewhat of a paradox; while commercial cloud can bring networks unprecedented advantages and enable fast technical upgrades, quick access and more ubiquitous reach, it can also potentially increase vulnerability. Mission Mobility seeks to resolve this problem, by engineering devices and networks with new algorithms, specific coding, strengthened encryption, standardized IP protocol standards and virtualized security.

“Gaining access without security would be considered a failure - you cannot just protect the end devices, you have to protect the cloud itself and the end devices that connect to the cloud. Devices and applications are only as secure as the underlying pieces and parts are secure,” Ashit Vora, Vice President, Acumen Security, told Warrior Maven.

The issue of cloud security is taken up in a 2017 essay in The Journal of International Technology and Information Management, which specifies some of vulnerabilities woven into the cloud experience.

The essay, titled “Cloud Computing Technology: Leveraging the Power of the Internet to Improve Business Performance,” describes it this way:

“The cloud infrastructure is always, to a certain degree, an open and shared resource. Therefore, it is major targets for cyber attackers. Cloud computing systems and services are subject to malicious attacks from both insiders and outsiders. Side-channel attacks, identity hijacking, and distribution of malicious code have all been observed. Therefore, management of security in cloud environments needs to be carefully analyzed and maintained.”

Recognizing these phenomena, developers of “Mission Mobility” seek to bring new security dimensions to the equation. To do this, “Mission Mobility” aligns cloud-enabled web interfaces and Native apps with DoD and NSA security standards. Chris Gorman, COO & Founder of Monkton, explained that Mission Mobility uses dual-encryption on all data transmissions to help accomplish this. This Native-app, web-based synthesized approach is referred to as a “Hybrid” in that it utilizes the technical advantages of upgradeable Native apps while leveraging web-based mobile cloud technology as well, Gorman explained.

“It boils down to what algorithms you are using to secure the protocol. Certain protocols are better than others for communication,” Vora added.

Vora explained that a variety of different protocols could work, such as Secure Socket Layer, Transport Security Layer or MACsec. “Hybrid” approaches are intended to optimize benefits of the cloud by, for instance, allowing tablets, smartphones and other devices to access the same sensitive documents and information -- at the same time. Increased virtualization is fundamental to this, as it affords software upgrades, patches and new security applications to have a more ubiquitous impact.

“Mandatory standards are delivered by running a virtualization,” Sean Frazier, Federal CISO, Duo Security Business Unit, Cisco, told Warrior.

“Mission Mobility” developers -- which also include smaller developers such as a division of Cisco called Duo Security, Monkton, Acumen Security and others -- seek to break new ground by extending more secure cloud availability with mobile devices. As opposed to sending insecure attachments or documents through web-based cloud- technology, Mission Mobility “networks” secure cloud access across a range of otherwise incompatible devices, using a common web interface. Web-based cloud applications are not new, as things like webmail have been drawing from if for years. “Mission Mobility” seeks to expand this and bring networked data-sharing across a much wider sphere of applications, while taking new steps forward when it comes to standards and security.

“Mission Mobility is a first of its kind avenue, where people are going to the same web interface. Hundreds of thousands of devices know how to code - none of them address security for organizations that need serious security for their data - that is the big differential,” Frazier explained.

“Mission Mobility” is now networking its cloud-access formula with military devices, intended to draw from “Software Development Kits” (SDK) to increase security for the cloud environment, secure the devices themselves and - of great significance - secure communication between the two. `

These mobile cloud parameters, intended to manifest with “Mission Mobility,” are anticipated in a 2015 essay in the “International Journal of Computer Science Issues.”

The essay, titled “A New Secure Mobile Cloud Architecture” writes:

“Basically the security issues in mobile cloud computing is associated with (1) security issues in the cloud, (2) security of the mobile device and (3) the security of the communication channel between the cloud resources and the mobile device.”

************

Osborn previously served at the Pentagon as a Highly Qualified Expert with the Office of the Assistant Secretary of the Army - Acquisition, Logistics & Technology. Osborn has also worked as an anchor and on-air military specialist at national TV networks. He also has a Masters Degree in Comparative Literature from Columbia University.

More Weapons and Technology -WARRIORMAVEN (CLICK HERE)

--- Kris Osborn, Managing Editor of WARRIORMAVEN (CLICK HERE) can be reached at krisosborn.ko@gmail.com--

Comments
No. 1-3
Ironbutterfly
Ironbutterfly

Here is my question. Say a soldier is captured on the battlefield and in the fog of war its not even realized for some amount of time that he has been captured. He has a mobile device on him and the enemy is able to extract his access code. How much info can they obtain?

agariogames
agariogames

Thank you for the information, may be useful for all people of course who read this article

Kris Osborn
Kris Osborn

Editor

Great question Iron Butterfly - appreciate you noticing Warrior Maven. The developers described the phone itself as a "brick" meaning it had so many security features and authentications on it that and enemy would not be able to access any information.... at the same time - you put your finger on a huge huge concern that developers are still trying to address