NSA testing smartphones, tablets on safe mobile architecture

The agency is securing the cloud and stealing a page from Amazon, OnStar for data delivery systems

The National Security Agency is testing a new mobile infrastructure, largely composed of commercial tools, to secure Top Secret information on portable devices, such as smartphones and tablet computers, a high-level NSA official said.

The intelligence community, like the rest of the federal workforce, increasingly wants to access information on the go, which is creating a challenge for Debora Plunkett, director of the NSA Information Assurance Directorate. Mobility is just one of about 10 challenges-- or "opportunities" as Plunkett likes to call them -- that she has set out to tackle this year, she said in an interview with Nextgov.

Moving ahead, her priority will remain bolstering national security networks at the agency responsible for safekeeping the nation's secrets and spying on others' covert activities, she said. But the evolving threat landscape has prompted her to change tactics.

After the disclosure of thousands of pages of classified material on the WikiLeaks website, there is increased interest in the data that NSA houses. In addition, technology is rapidly advancing, and cyber adversaries are becoming more sophisticated.

To shore up mobile devices, NSA is experimenting through the summer with an architecture comprised of commercial handsets and a data delivery concept similar to one used by Amazon's Kindle e-reader and OnStar Corp.'s navigation systems, Plunkett said. So-called mobile virtual network operators, or MVNOs, lease wireless capacity owned by other network providers, including Verizon Communications and Sprint, and then repackage the mobile services with their own specialized features under a new brand name, such as "OnStar."

But "the IT architecture of the future," said Plunkett, will be cloud computing --accessing over the Internet information technology systems that are grounded elsewhere-- and virtualization, a means of segmenting one physical server into smaller servers that can be accessed remotely.

Last week, U.S. Cyber Command chief Gen. Keith Alexander endorsed this sentiment when he testified before a House subcommittee that cloud computing will help fortify military networks during the coming year.

"This architecture would seem at first glance to be vulnerable to insider threats -- indeed, no system that human beings use can be made immune to abuse," he said, "but we are convinced the controls and tools that will be built into the cloud will ensure that people cannot see any data beyond what they need for their jobs and will be swiftly identified if they make unauthorized attempts to access data."

Both Plunkett and Alexander said they believe cloud computing will reduce security risks by moving information away from desktops to a centralized arrangement that allows for tighter control over access and more rapid responses to cyber incidents.

"We're tracking, absolutely," Plunkett said of their mutual goal. "I firmly believe that cloud computing is the way to go."

Like civilian agencies, NSA aims to continuously monitor its security posture by automating the process of collecting network status indicators, such as data on anti-virus scans or software patches, she added.

Other challenges this year include software assurance --the practice of making sure "the millions and millions and trillions of lines of code" that personnel exchange "is both developed securely and that it stays secure throughout its life cycle," Plunkett said.