Securing Emerging Mobile Technology JOHN G. LEVINE PH.D. D/CHIEF ARCHITECTURE GROUP 13 SEP
UNAMBIGUOUS DEMAND SIGNAL FROM CUSTOMERS 2
SECURE ANYWHERE, ANYTIME ACCESS TO ENTERPRISE INFRASTRUCTURE 3
CURRENT MOBILITY ENVIRONMENT Unaware of potential threats Susceptible to social engineering Bypassing "inconvenient security Insider threat, leaks and sabotage Multiple points of interception Communication and Data Centers / Towers Towers, Wireless and Wireline Over the Air updates Rogue base stations Ease of use is valued over security Vulnerabilities are widespread Attacks are cheap and easy Apps available at low or no cost Minimal technical experience required 4
PATHWAY TO SECURITY Security must be integrated into components – systems approach User interfaces must be intuitive and familiar Policy needs to stay on top of technology curve Solutions should: – Support commercial functionality – Be cost effective – Align with commercial product lifecycles User Experience Security 5
MOBILITY ENTERPRISE STRATEGY 3G | 4G Seamless Transition Wi-Fi The Cloud Internet Access Gateways PSTN Gateways 6
EXTERNAL DEPENDENCIES Carrier data coverage QoS in carrier networks * Data circuits in carrier networks * 4G / LTE is expected to improve some of the user experience as carriers upgrade 7
MOBILITY GOALS Publish and update Capability Packages Minimum security capabilities Vendor agnostic architectures Residual risk assessments Establish a Mobile Enterprise Capability Policy enforcement & enterprise security Interoperability via gateways Anywhere, Anytime, Access to Unclass, Secret, Top Secret & SCI infrastructure Establish Partnerships and work with Industry Commercial development focused to meet security requirements out of the box Forecast and prepare for next generation security technologies 8
Design Security Architecture Identify Need Develop Concept Prototype Pilot Test & Evaluate CAPABILITY DELIVERY PROCESS Implement Operational Capability Requirements Guidance to Industry Capability Package Technology Gaps System Bugs 9
MOBILITY PILOTS Milestones – Unclassified Pilot Kickoff (30 Sep 2011) – Classified Pilot Kickoff (Dec 2011) – Web based Data Pilot (May 2012) UNCLASSIFIED//FOR OFFICIAL USE ONLY Architecture – Two layers of encryption (VoIP and VPN) – Gateway connection to Enterprise Infrastructure – Backend services secured in a SCIF – Delivers secure voice and data capability – Dependant on carrier QoS – Hardened handsets 10
MOBILITY CAPABILITY PACKAGES Mobility Capability Package Pilots are used to help create CPs Development and release is an iterative process between IAD experts, interested vendors, and external partners Partners IAD SME Community CSfC Package Release Customers Vendors Integrators 11 Late 2012 Early 2013
KEY ACHIEVEMENTS TO DATE Established Mobility Innovation Center (MIC) to drive/prove technology Delivered TOP SECRET voice and data pilot (FISHBOWL) Delivered NSA Campus laptop pilot (WIFIGHTER) Demonstrated tablet architecture First Mobility Capabilities Package on web at NSA.gov 12
LOOKING AHEAD Improve user experience Prototype and pilot data services to other devices Continue to perform vulnerability analysis of emerging technologies Prototype and pilot Evolved Packet Core (EPC) capabilities Continue to mature Mobility Capability Packages Continue to work with Industry Incorporate lessons learned into future demonstrations 13
CONCLUSION Securing mobility requires a new way of thinking: Use commercial standards, platforms and applications when possible Composable and layered solutions/services to achieve desired security Integrated and hardened commercial infrastructure Keep pace with emerging technologies Strong partnerships between government and industry Work early and often with Industry to get it right from the start! 14
For wa r d. Thinking.