Secure Handhelds Clear Device Clutter

May 15, 2008
by Henry S. Kenyon

Federal agencies have their choice of two secure wireless devices under the SME PED program.
It’s a common occurrence in the U.S. federal government: an official hears a wireless device chime with an incoming call or e-mail. But which one is it? The cell phone, the personal digital assistant or the dedicated secure phone? A National Security Agency (NSA)-managed program plans to take the confusion out of taking or making a call by replacing multiple wireless devices with one piece of equipment to access secure and nonsecure data networks.

The Secure Mobile Environment Portable Electronic Device (SME PED) program—pronounced smeeped—takes the solutions to a variety of government security needs and puts them into a single device capable of performing clear and secure voice calls up to the Top Secret level. Owners can even send e-mail and browse the Web over classified and unclassified networks such as the nonsecure Internet protocol router network (NIPRNET) and the secret Internet protocol router network (SIPRNET). SME PED handhelds also are cleared to operate in secure compartmented information facilities (SCIFs).

According to Matthew Quick, chief of the NSA’s secure wired and wireless division, secure mobile communications is an important requirement for the agency’s customers because many government employees deploy in areas with varying commercial communications coverage. For example, some U.S. callers tied to code division multiple access networks cannot use their cell phones when traveling overseas in global system mobile (GSM)-compliant regions. To address this issue, the SME PED features a removable radio frequency module so the devices can be used in any type of commercial communications environment. “You don’t have to be tied to your office or your residence,” Quick says.

NSA’s SME PED program will offer two handheld wireless devices: the Séctera Edge by General Dynamics and the L-3 Guardian by L-3 Communications. Both devices are wireless personal digital assistant/phones with embedded NSA-compliant wireless cryptography capable of accessing the SIPRNET and NIPRNET. Quick notes that the procuring government agency will choose which device it will purchase for its personnel.

In the past, the government had been cautious about providing its employees with wireless devices because of security issues regarding message encryption. “Wireless does have some issues, but listening to the requirements for secure mobility, we realized that we had to address that. We have taken all of our knowledge and put it into this so we can reduce or eliminate the vulnerabilities that are out there. That’s part of what this program does,” Quick says. However, he maintains that no other wireless device provides NSA Type-1 security for e-mail messages and wireless security to the edge of the Global Information Grid.

Although not a primary concern, SME PEDs will likely save the government some money. For example, many users carry several devices such as BlackBerrys and secure GSM cell phones, and their organizations pay separate bills for these services. SME PED allows an agency to consolidate its commercial wireless billing and realize some savings. In addition, Quick notes that many senior-level government personnel require communications-related security equipment in their homes. While the outlay for these systems can be expensive—about $60,000 per individual installation—a single SME PED costs less than $4,000, and it provides secure global connectivity.

From an overall cost-savings and return on investment (ROI) perspective, Quick explains that it is just a matter of fact that the government often must pay for certain technologies and functions that are not commercially available. “ROI isn’t something that we necessarily track very hard,” he admits.

The program covers agencies throughout the federal government. The Department of Homeland Security (DHS) is involved in the program through its National Command and Coordination Capability program that requires information sharing among senior DHS staff and state governors. To facilitate this communication, the DHS will provide SME PED devices to state governors and key department personnel.

In addition to DHS, the U.S. State Department is interested in acquiring SME PED devices for its communications needs in the United States and abroad. And, not surprisingly, the U.S. Defense Department’s combatant commands are interested in the capability. “They [combatant commanders] tell me every day that they can’t wait to get their hands on them,” Quick shares.

The two SME PED device contracts were awarded to General Dynamics and L-3 in June 2005. General Dynamics received its NSA security certification in December 2007, and Quick believes that L-3 will be certified by the end of 2008. The phones comply with the FIPS 140-2 security requirements and the Defense Department’s 8100.2 requirements, protocols that outline security specifications for nonsecure and secure wireless communications.

In addition to contracting for the phones, the NSA designed an architecture to support the SME PED system, which was then refined and deployed by the Defense Information Systems Agency. Quick explains that this is primarily a communications and packet routing system.

Only a relatively small number of users will require a SME PED for its high-level security capabilities. Quick projects that in the next two years, some 8,000 devices will be issued across the Defense Department, but he expects this number to increase in time. He adds that he does not know how many handhelds the DHS and State Department ultimately will need, but this requirement will increase the absolute number of devices.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.