recommended reading

Coast Guard Aviators Shop for a Course-Plotting iPad App

The U.S. Coast Guard wants to buy a navigating app, similar to those already used by civilian pilots, for service members who are substituting iPads for flight bags, according to a government solicitation. But the software specifications omit certain safeguards to prevent hackers from hijacking the cockpit, some information technology specialists say.

The section of the Aug. 14 work order pertaining to security requirements states, "There are no special security requirements.”

Today, with paper-based aviation charts, it's hard, if not impossible, for bad guys to corrupt directional guides. But, as flight planning migrates to software-based resources, it is critical that agencies ensure those programs do not contain malicious code, said Bernard Skoch, a retired Air Force brigadier general and government IT consultant. 

"It doesn't take much imagination to envision a horrible scenario in which a bad actor corrupts every Coast Guard cockpit with a few keystrokes," he said.  

The service's purchase plans do not require that the app's code be developed in the United States or that it be subjected to penetration attempts by hired hackers. "I think that opens up a significant risk area. The software will become mission critical and should be domestically written, or as a minimum it should be provided only by programmers in countries friendly to the U.S.," Skoch said. 

Coast Guard officials did not respond to a request for comment. 

The app will display confidential government information, such as maps and charts collected by the National Geospatial-Intelligence Agency, but stolen secrets are not the main concern. 

The sensitivity-level of that NGA data does not require special data protections, Skoch said. But that data and all the other code in a navigation app, regardless of content, should require that the software be designed stateside and undergo thorough testing and validation, he said, because digital vulnerabilities can be exploited to manipulate aircraft. 

The Air Force Special Operations Command canceled an iPad procurement in February 2012, after receiving a query from Nextgov about its stated plans to use Russian-developed GoodReader software for mission security and as a document reader.

There is room to enhance the Coast Guard’s security requirements, but this expected IT buy is "a good sign" for the federal acquisition process, said Warren Suss, a government telecommunications analyst. "In recent years, the security cops have really stood in the way, by being absolute, looking for the 100 percent security."

Now, civilian agencies, and even the Pentagon, are deploying “mobile device management” systems to reduce the risk government-issued consumer electronics will compromise agency networks or leak information.

The Coast Guard is probably considering, “How likely is it that these maps either could get in the wrong hands or could be changed or compromised, and how do you weigh that against the potential benefits of giving these fliers a better solution for getting their geographic information? I believe that is a legitimate tradeoff,” Suss said.

During potentially four years of use, the app will support between 200 and 1,100 iPads, according to the contract documents.

The tool, described as "critical to USCG aviation's operation requirements," will feed the service's personnel terminal instrument approach procedures, arrival and departure instructions, and en route navigational charts, officials said. Like a consumer iPad app, it must understand finger gestures, such as pinch-to-zoom, as well as incorporate "night settings" for easy viewing during operations in the dark. 

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.