Last month, we brought you the top iPhone apps for government, but since they’re mostly worthless if you can’t use them on the job, we took a look at federal smartphone policy to determine when and where government workers can use their iPhones or BlackBerrys.
In compliance with FISMA, agencies are required to assess smartphone vulnerabilities and develop policies for their use. Many civilian agencies don’t restrict smartphone usage (so long as your device isn’t agency-issued, as the FBI bans app downloads on FBI-issued smartphones), but DoD and the intelligence community don’t allow classified material to be viewed on smartphones.
Despite the successes of the Secure Mobile Environment Portable Electronic Device (SME PED) program, launched in 2005, L-3’s Guardian and General Dynamics C4 Systems’ Sectéra Edge, the two devices produced by the program, are still being evaluated by DoD. Both phones are NSA level 1 encrypted and are capable of placing secure phone calls. Ironically, though, DISA regulations that govern secure phone calls require any secure call to be made from a Sensitive Compartmented Information Facility (SCIF), and wireless devices are not allowed in SCIFs.
So one obstacle to implementing smartphone technology in a classified environment is the rule structure governingclassified environments, which is mostly a combination of late cold war and early Internet-era legal phrasing. But what about unclassified material?
If you don’t plan on connecting your wireless device to your DoD computer, you’re mostly in the clear so long as you’re handling unclassified material. However, if you plan to connect your device to your work computer, for example, planning to synch your BlackBerry or iPhone’s e-mail to your desktop, there are two conditions you have to meet: first, the DoD computer has to use the DoD Host Based Security System (HBSS) with the Device Control Module (DCM); and second, the mass storage mode of your wireless has to be disabled. Any combination of wireless devices and desktop computers that can’t meet these two criteria means you’re out of luck, as far as DoD is concerned.
In order for the government to take full advantage of these revolutionary wireless technologies, the legal architecture underpinning federal information technology security needs to be updated, because right now, the government is using dial-up rules for a wireless broadband world.