Who says Android is the most insecure mobile OS around? Not the National Security Agency, which is conducting a pilot of 100 Motorola smartphones running the Android OS that it says are already good enough for its employees to make top-secret and classified phone calls from the field.
“There are vulnerabilities in every OS,” said Margaret Salter, a technical director in the NSA’s Information Assurance Directorate (IAD), during a talk Wednesday morning at the RSA Conference in San Francisco. “The beauty of our strategy is that we looked at all of the components, and then took stuff out of the (Android) OS we didn’t need. This makes the attack surface very small.”
Other U.S. government agencies such as the Bureau of Alcohol, Tobacco, Firearms and Explosives and the National Oceanic and Atmospheric Administration (NOAA) are dumping Blackberries for iPhones.
For the NSA, the open-source nature of Android tipped the balance in its favor. “It’s not because iOS was lousy, no. It’s because of certain controls we needed. We were able to make some modifications to Android. Android had that freedom,” she said. Does that mean the NSA is wedded to the Google OS? “It’s not our intention to use only Android.”
Since the NSA’s founding in 1952, the IDA had been the sole creator of proprietary equipment used by U.S. Government agents for secure communications. The disadvantage of this approach was that it was more expensive, “took us years to approve a device,” said Salter, and also resulted in gear that “though incredibly secure, was not incredibly easy to use.”
The Android smartphone pilot, nicknamed Project Fishbowl, is part of the IAD’s move away from GOTS (Government-Off-The-Shelf) technology towards best-of-breed COTS (Commercial-Off-The-Shelf) gear that the IAD will customize and integrate.
Salter didn’t disclose which Motorola model the NSA is testing. But it is likely to be one of Motorola’s Business Ready Smartphones, most of which come securable with Sybase’s Afaria.
The NSA’s aim is to make its secure mobile phones as easy to use as regular consumer smartphones, and the overall architecture easy to upgrade.
“If some part of the architecture is not working the way we want, we have to be able to switch it out and plop a new box,” she said.
(The slide above is from Salter’s presentation. You can download the entire deck here.)
But the IAD’s attempts “to go shopping” for such technology were severely hampered by a lack of interoperability with encryption and other security technologies.
“We wanted everything to be plug and play. And. That. Was. Hard,” Salter said. That forced the NSA in some instances, when choosing software, to sacrifice performance in favor of broader support.
