recommended reading

Pentagon official worries about implications of British hacking scandal

The British phone hacking scandal demonstrates the need for fortified consumer smartphones that block call interceptions, said the U.S. Joint Chiefs of Staff vice chairman, noting that the Pentagon pays a pretty pound for such technology today.

While there is no evidence that reporters at the now-defunct News of the World tabloid eavesdropped on stateside mobile phones, U.S. citizens' wireless devices are penetrable by adversaries or unscrupulous journalists, Gen. James E. Cartwright told reporters July 14 after the Defense Department announced a new cybersecurity operational strategy.

Cartwright was less upset about the military repercussions of the alleged misconduct entangling Rupert Murdoch's news empire than the danger to the U.S. economy posed by most cellphones' vulnerability to industrial espionage and malicious activity.

"It did worry me, and it does worry me; more from the standpoint that, to date, industry, in the chip sets that we use in our displays, the chip sets that we use in our phones, our other endpoint devices, don't -- are not currently configured to encrypt," he said in response to a question about whether he was concerned by the wiretapping affair, given the U.S. military's recent experiments with soldiers using smartphones.

"Today, we pay a premium price to do that in the military," Cartwright said, referring to the special phones the military has ordered for classified conversations.

The BlackBerry-like Secure Mobile Environment Portable Electronic Devices that are certified by the Defense's National Security Agency for Top Secret communications with the president cost $3,150, said Warren Suss, president of Suss Consulting, a government adviser.

General Dynamics, the federal contractor providing the phones, is experimenting with a sleeve for commercial smartphones based on Google's Android operating system that would add a level of encryption somewhere between the security available on a government-issued handheld device and a SMEPED, he added.

Neighborhood Best Buys do not carry SMEPEDs or call-safety sleeves yet. But Cartwright said the protection of cellphones is "something that we're going to have to start to think our way through, because I think now the average citizen is starting to look for more secure ways to communicate and wants the opportunity to do that."

Eventually, cryptophones would cost less than a 3-D plasma television.

The reason for the steep cellphone pricing is that the Defense Department's user base is too narrow to cover the high cost of research and development, Suss said. If most American consumers bought the same products, then "the economics would change dramatically and the price point would be barely perceptible compared to today's devices," he said.

Demanding that stores stock shelves with secure smartphones could generate political opposition, however.

"There's a strong thrust in our country to allow the commercial sector to proceed uninhibited, and here we're running up against a conflict between a national security issue and a concern for overregulation," Suss said. He cited the uproar over a recent White House proposal to police computer networks that support power, financial and other critical services.

General Dynamics officials said the Pentagon awarded the firm a contract for the SMEPED devices, which are as branded Sectéra Edge, in 2005.

Unlike traditional PDAs that "use commercial, software-based encryption, the Sectéra Edge uses NSA-approved hardware and software technologies which provide comprehensive security to protect voice conversations, network access, email, file sharing, government websites" and other data, said Michael Guzelian, General Dynamics vice president for secure voice and data products.

He would not specifically comment on the trial Android sleeve but said, "Our government users expect their work devices to offer the same digital experience they have with their personal devices -- without compromising security. We are currently prototyping several solutions that will deliver both security and commercial functionality at a lower cost."

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.