The Department of the Navy’s chief information officer, Terry Halvorsen spoke with reporters on November 26 about efforts the Navy is making in data center consolidation and mobile technology. Halvorsen didn’t provide specifics on new platforms from mobile providers for the Navy, but he did indicate that the service is interested in moving in a more mobile direction. This could include, he said, implementing Windows Phone 8, to augment or replace Blackberrys.
The Navy has long been a Windows-based organization, and adopting a mobile platform that shares an interface and applications with desktop Windows makes sense. However, the Navy has also been looking at the Android and iOS platforms.
The biggest issue, not surprisingly, is security. What kind of security does a mobile platform need to have to land a sensitive military contract?
The current Department of Defense standard, Blackberry, just had its new Blackberry 10 FIPS 140-2 platform certified, even before it’s been officially launched. FIPS 140-2 is a crucial certification for any device hoping to land a government contract because it means that the device is secure enough to handle encrypted data.
NIST Guidelines
The National Institute of Standards and Technology (NIST) put together a set of guidelines that outlines the standard security capabilities devices must have to be secure enough for use in business and government. Evelyn Brown’s article in the NIST Tech Beat Newsletter about the Guidelines on Hardware-Rooted Security in Mobile Devices(PDF), lays out the three security capabilities devices must possess to deal with known mobile device security challenges:
- Device integrity
- Isolation
- Protected storage.
It all boils down to something the NIST calls the “roots of trust.” For device integrity, we’re talking about a combination of hardware, firmware and software designed with security in mind – along with solid constuction. For the other issues, the key is to create isolation capabilities that keep personal apps and info separate from the organization’s data.
Windows Phone 8 A Good Fit?
Windows Phone 8 devices would seem to be a good fit for the Navy. Via email, Greg Sullivan, Senior Marketing Manager at Microsoft, pointed to the phones’ information rights management technology (IRM) for data leak prevention, SSL 3.0 encryption and a private application store as features that are attractive to the Federal Government. These features seem to line up pretty well with the NIST guidelines. While Windows Phone 8 does include an encryption feature similar to BitLocker, the full disk encryption found on the desktop implementation of Windows 8, it doesn’t have FIPS certification. According to the mobile tech MobileJaw, Microsoft’s encryption is backed by TPM 2.0, and is currently seeking certification.
When asked about the possibility of a Department of the Navy contract, Microsoft representatives replied with a polite “We do not comment on specific projects.” And a source from the NIST said that, as of right now, they are no plans to work with Windows Phone 8 for the Navy. The Department of the Navy did not return calls or emails.
Still, But when the CIO makes it clear to a group of reporters that the Navy is looking for a new mobile platform, you can be sure that Microsoft – along with Apple, Google and RIM – will be doing everything it can to make a good impression.
Image courtesy of Shuttershock.