Dmg tem2011-0718-02 norton cmd disa mitre overview - v9

1,140 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Dmg tem2011-0718-02 norton cmd disa mitre overview - v9

  1. 1. Commercial Mobility Device (CMD)Way Forward<br />mark.norton@osd.mil<br />703-607-0711<br />1<br />DoD Mobility TEM<br />July 18 , 2011, Mitre<br />Unclassified: https://www.intelink.gov/sites/mobile<br />SIPR: https://www.intelink.sgov.gov/sites/mobile<br />JWICS:  https://www.intelink.ic.gov/sites/mobile<br />
  2. 2. The Future is Mobility<br />Go Forth & B Mobile - No Really Go …<br />2<br />
  3. 3. GIG Transport Services Tiers<br />WGS<br />Commercial <br />SATCOM<br />3<br />
  4. 4. Mobile Device Strategy<br />4<br />Mobile Strategy (Draft) Goals:<br />1. Evolve the infrastructure to support mobile devices <br />2. Establish a common mobile application environment<br />3. Enable mobile device security and information assurance <br />https://www.intelink.gov/sites/mobile<br />
  5. 5. Core Policy Issues: Emphasizing Security, Spectrum, and App Management<br />5<br />Security<br /><ul><li>Data-at-Rest
  6. 6. Data-in-Transit
  7. 7. Two-factor Authentication
  8. 8. Mobile Device Management</li></ul>Application Management <br /><ul><li>App Development / Portability
  9. 9. Data Interfacing across services/networks
  10. 10. Applications/system functionality
  11. 11. System operation</li></ul>Spectrum <br /><ul><li>Commercial and Military waveforms
  12. 12. Commercial Coexistence commercial
  13. 13. TRANSEC
  14. 14. Anti-Jam</li></li></ul><li>6<br />CMD Memo Topics <br />-CMD Memo ( 6 Apr 2011) ( https://www.intelink.gov/sites/mobile)<br />-Emphasizes the importance of adhering to existing security policies<br />-Component CIOs should thoroughly review the security requirements and consider the potential mitigations listed below before granting limited-use IATOs (Interim Authority to Operate) for devices with no currently approved STIG.<br />-Copies of IATOs, best practices, and results from completed or ongoing Component-level pilots and assessments should be forwarded to the DoD CIO Commercial Mobile Device Working Group (CMDWG)<br />-Defines Security Objectives/Challenges/Mitigations<br /><ul><li>Enterprise Management
  15. 15. Data Protection
  16. 16. Access Control
  17. 17. DoD Public Key Infrastructure (PKI) Credentials
  18. 18. Software/ Applications
  19. 19. Training
  20. 20. CMD policy goal - Update Directive 8100.02</li></li></ul><li>Selected Mobility Efforts<br />7<br />DoD CIO<br />8/11 Draft CMD Letter / DTM<br />06/2012 CMD DoDD<br />4/6/11 <br />CMD Memo<br />9/11 CMD Letter / DTM<br />Formation of CMD Policies <br />Formal CMD DoDI / DoDD Development<br />Application Development / Hosting / Certification Strategy <br />Use Case Analysis (Pilot research)<br />Circuit Switched<br />Data Phase Out <br />(In process)<br />T-Mobile (est)<br />Sprint (est)<br />Verizon (2012?)<br />AT&T (gradual rollout)<br />Reuse MCEP<br />Capabilities<br />SME PED Rolling Out?<br />Upgraded Infrastructure (Notional)<br />Adapt Infrastructure<br />Explore Additional Use Cases<br />NSA “Fishbowl”<br />Capability <br />(needs revision)<br />8/2011 Operational FOC<br />3/4/11 Pilot IOC<br />9/1/12 Service Delivery<br />3/28/11 Working Solution<br />5/4/11 Pilot FOC<br />NLCC Capability<br />Closed VoSIP Pilot <br />(In-house VoIP gateway testing, C&A)<br /> Open VoSIP Pilot<br />Connectivity to Voice GWs<br /> Data Pilot (Cellular & WiFi for U/FOUO, S, and/or TS)<br />Service Agency <br />Pilots<br />Under Evaluation to Benefit Policy Development<br />DISA STIG <br />Projections<br />09/2011 Android / Dell Streak (Projected)<br />12/30/11 NSA Phone (projected)<br />06/2011 iOS GO Mobile<br />Draft STiG<br />8/15/11 RIM Playbook (Projected)<br />
  21. 21. CMD Security Overview<br />‘Tactical support’ users will require unique hardware, spectrum, infrastructure, and networking requirements<br />8<br />
  22. 22. CMD /Operating System Security Matrix<br />Blackberry provides security advantage but offers limited user features<br />Alternate approaches provide greater capability with reduced security<br />New products such as Dell Streak may provide a balance of security and performance <br />+<br />+<br />+<br />-<br />-<br />-<br />+<br />Low Security Risk<br />Medium Security Risk<br />High Security Risk<br />9<br />
  23. 23. DoD LTE Security Goals and Commercial Standard Vulnerabilities<br />LTE Security Goals<br />Commercial Standard Vulnerabilities<br />
  24. 24. The Cellular Solution<br />The employment of cellular systems offers DoD with a seemingly ideal solution for Phase 4 of deployment – except:<br /><ul><li>The placement of BTS – the environment and the need to protect this infrastructure
  25. 25. The security associated with the signaling exchange
  26. 26. Spectrum of cellular assignments
  27. 27. Embedding the COMSEC
  28. 28. Identity and assured user access</li></ul>BTS structures can be housed on mobile platforms and placed on secure sites, but environmental obstructions force extensive solutions<br />Ownership of the BTS and MSC can offer solutions to signaling and the introduction of unwanted software<br />Offsetting the spectrum offers a means to resolve the license issues<br />Embedded COMSEC and potential token solutions can be employed<br />11<br />While solutions exist for cellular implementations – the offered solution set falls short<br />
  29. 29. 12<br />Military Applications of CMDs<br /> (Selected Examples) <br />Multiple vendors/Mil R&D developing CMDs for edge applications<br />Each vendor approaches CMD networking by leveraging different components of commercial architectures (i.e. operating system, closed cell based networks, commercial waveforms, etc) <br />Systems offer performance features of commercial networks and are exploring ways to mitigate security risks<br />
  30. 30. To be determined……<br />Dual Persona<br />Data Delivery Diversity (Local WLAN vs3G/4G)<br />Services of the future:<br />CMD Voice over IP, etc<br />Technology Wildcards<br />Super Wi-Fi<br />Contactless payments – near field communications<br />Application Management –<br />Metrics, Common Operating Environment<br />13<br />
  31. 31. Way Forward<br />New product evaluations<br />Update Policy<br />Re-examine security posture <br />Common Operating Environment for CMD Applications<br />Business case analysis <br />Life cycle management<br />14<br />
  32. 32. Federal Mobility Summit<br />15<br />Sponsors: Fed CIO Council/ISIMC/DoD/DoJ/Federal Business Council<br />Date/Time: 23-24 Aug /0800-1600<br />Location: UMUC, Auditorium/Conference Center, College Park MD<br />Max Attendees: 750 (USG Primarily-No Rank Requirements)<br />Focus: 6 Main DoD Mobility Issues Mentioned in TT's Memo/6 Apr 11 & Approximately 25 other Issues from the Rest of .gov<br />POA/Outcome: 1. Provide the Major Players with Our Issues B4 the Summit vs. Presentation of their Wares/Sell Products<br /> 2. Get their buy-in and/or assistance to work with us in fixing the big problems we have vs. piecemeal solutions.<br />C3PO – Collaborate, Communicate, Connect & Produce Outcomes<br />
  33. 33. CMD Policy Development Topics<br />The following lists provide the criteria definition of minimum acceptable CMDs, OSs, and Applications<br />16<br />
  34. 34. CMD Policy Development Topics (Cont’d)<br />17<br />

×