recommended reading

Air Force Special Operations Command eyes Russian security software for iPads

When the Air Force Special Operations Command decided to buy 2,861 made-in-China Apple iPad tablet computers in January to provide flight crews with electronic navigation charts and technical manuals, it specified mission security software developed, maintained and updated in Russia.

The command followed in the path of Alaska Airlines, which in May 2011 became the first domestic carrier to drop paper charts and manuals in exchange for electronic flight bags. Alaska chose the same software, GoodReader, developed by Moscow-based Good.iware, to display charts in a PDF format on iPads. Delta Air Lines kicked off a test in August for electronic flight bags and the carrier said it planned to use GoodReader software.

Originally developed for the iPhone, GoodReader won rave reviews, which helped make it the best-selling non-Apple iPad app until its developer, Yuri Selukoff, quadrupled its price from 99 cents to $4.99. PC Magazine said GoodReader "transforms your iPad into the best reader, file manager and annotator on the market."

Macworld also raved that Good.iWare, Selukoff's company, "hit a home run" when it developed the iPad version. "What adds an extra sparkle to GoodReader is that it supports most common document file types, while also allowing you to save and view Web pages (either in HTML or Safari Web archive format), and download, listen to, or view photos, audio and video files," the publication said.

GoodReader also can encrypt data files, a key selling point for federal users, such as Air Force Special Operations Command, since the iPad has not yet received Federal Information Processing Standard 140-2 certification for data stored in or transmitted to or from the tablet.

According to Good.iWare, GoodReader uses the Apple data protection applications programming interface "to make sure your data will be secure, even if your device gets lost or stolen . . . If you use it properly, it will continue to protect your files even if an attacker jailbreaks your device and uses various hacking techniques to access encrypted files."

This dovetails with the requirements AFSOC wrote into its original proposal to buy iPads: "Device must be capable of using the GoodReader application, which meets mission security and synchronization requirements. Operation of this application requires the iOS operating system and its inherent security features."

Despite the enthusiastic reviews and the software's ability to encrypt data at rest, present and former military officials question why AFSOC, which operates a fleet of specialized gunships and surveillance aircraft, would allow its pilots to rely on software developed in Russia. They also questioned the command's vetting process for Good.iWare, which one active-duty official pointed out has a website that lacks basic contact information.

Michael McCarthy, director of the Army's smartphone project, Connecting Soldiers to Digital Applications, based in Fort Bliss, Texas, questioned the plan. "I would not use encryption software developed in Russia . . . I don't want to put users at risk," he said, adding that he was concerned about the integrity of the supply chain with GoodReader. In November, he expressed similar concerns about the integrity of Apple's Chinese hardware supply chain.

Bernie Skoch, a defense industry consultant and a retired Air Force brigadier general with extensive security experience, said AFSOC's decision to use GoodReader reflects the globalization of the information technology industry, where domestic companies may no longer supply key software.

That means, Skoch said, that when it comes to mission-critical applications, every line of source code must be examined to ensure it does not contain malicious code. It does not take much imagination "to conjure the catastrophic consequences" that could result from malicious code in an electronic flight bag, Skoch said.

Command spokeswoman Capt. Kristen Duncan did not directly address questions about whether AFSOC had security concerns about GoodReader in response to a query from Nextgov. "We continue to look at each component of the [electronic flight bag] program to ensure we do the right thing for our airmen, don't introduce unnecessary risk into operations and provide the best tools available to conduct the mission," she said.

Selukoff, in an email exchange with Nextgov, bridled at the suggestion that GoodReader could pose a security risk to U.S. government users just because he is Russian. "Ha, someone's still living in 1970, aren't they?" he replied when asked about security concerns. When asked to address concerns about malicious code in GoodReader, Selukoff replied, "What is this offensive and insulting assumption based on? Are there any actual facts or complaints that such thing has ever happened?

"I am not affiliated with any government institution, neither Russian, nor any other," he added. "GoodReader doesn't have any malicious code built into it. Having said that, I am open to any security/penetration tests that anyone would be willing to perform on the app."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.