Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
NSA's mobility mission office puts itself out of business
Thursday - 8/21/2014, 4:53am EDT
The National Security Agency is disbanding its mobility mission management office.
The 3-year-old office is going away not because it failed, but rather it was too successful.
Mark Althouse, the outgoing technical director of NSA's Mobility Mission Management Office, said over the last three years, the organization has focused on integrating mobility and security into back-end and programmatic apps.
But now with the rise of smartphones and tablets, NSA decided the mobility office can be absorbed back into the business and mission areas.
"The organization was a matrixed organization within Information Assurance Directorate, was stood up to get us on the right track on that, and we recently stood down that organization and baked that whole mobile mission across that IAD mission," Althouse said Wednesday at the Federal Mobile Computing Summit sponsored by MobileGov in Washington. "From being something that is kind of an interesting corollary to the networks that we have and our ability to do our work in a connected world, mobile is really becoming the focus. We will be doing more and more things on mobile, and really the whole communication ecosystem is moving in that direction."
Althouse said his role will change to be a technical director in an engineering unit where the mobility expertise will be combined.
NSA closed down the Mobility Mission Management Office in July, and the final pieces are coming into place over the next month or so.
"All of the particular projects and things we were doing transitioned into the line organizations," he said. "It was easier spinning it down than standing it up. Mobility will be spread across [the line organizations and] probably focused in the engineering organization, because we are developing the architectures and solutions. But we've got analysts, customer advocates and others dealing with the customers who come in and say, ‘We have a problem. I want my users to be able to connect from here to that.' And then we have to figure out if we have a solution for them."
Success with derived credentials
One such solution is the use of derived credentials for mobile devices to improve their security.
Althouse said NSA has been using this fairly new security concept for a few years with the Defense Department's unclassified Blackberry 10 devices. Derived credentials are cryptographic software stored on a mobile device instead of a smart card under the Homeland Security Presidential Directive-12 or Common Access Card.
In March, the National Institute of Standards and Technology issued a draft special publication detailing how derived credentials could work on HSPD-12 smart cards. NIST now is reviewing public comments and is expected to issue a final special publication in the coming months.
Althouse said NSA now is taking that experience and seeing how it can expand it to other devices and other classification levels.
"The challenge is making sure that credential is stored within the device in a highly assured manner, and not just encrypted and stored in software, because there are ways to find out where it is and crack that back, but actually store it in hardware," he said. "The device has to have a hardware security module of some type that can store that credential, can store the keys and ideally has the capability to do that private key generation with the certificate when it's put in the device, stored there and never leaves."
NIAP to issue mobile app profile
Althouse added NSA put these requirements for derived credentials in its mobile device fundamentals protection profile. He said industry can use that profile as it develops future devices and cybersecurity software.
Althouse said the National Information Assurance Partnership (NIAP) program, which NSA runs, soon will issue a mobile app protection profile to go along with several other mobile security profiles.
He said NIAP already issued security protection profiles for a voice over IP, virtual private network, mobile device management and email apps for mobile devices.
"The point of doing that is a company can develop a product, have it tested and certified against a NIAP protection profile and then it can be used as an element of a secure architecture that would come out of our commercial solutions for classified program," Althouse said. "We've been working hard over the last few years to get the full family of protection profiles to cover the entirety of mobile technology, so we can point vendors to say that's your certification path to bring you on to the approved products list."
The Defense Department earlier this month approved its first device using the Microsoft Windows 8.1 operating system, said Greg Youst, the Defense Information Systems Agency's chief mobility engineer.