Is our tech-savvy President secure?Story
February 18, 2009
For the first time in recorded history, we have a President in the Oval Office who has a working knowledge of the technology that is engrained in our lives. President Obama knows how to use a computer, send e-mail, and is addicted to his infamous Blackberry. But what is a President who somewhat depends on technology to do in this time of concern with computer security?
How can someone in the position of President of the United States of America connect with the rest of us and yet avoid the security pitfalls of hackers, spammers, and viruses that plague the rest of us every single day?
Computer security is one of the areas in which government
technologists are perhaps the strongest in the world. Since the dawn of
computer technology, there have been agencies such as the CIA, FBI, NSA,
National Institute of Standards and Technologies (NIST), and now Homeland
Security and many others that are extremely involved with cyber security. A
major benefit of all this investment and activity is a host of security
standards that are impacting computing technology from hardware to software.
NIST developed the Federal Information Processing Standards
140-2 (FIPS 140-2) to be used by federal organizations when these organizations
specify that cryptographic-based security systems must be used to protect
sensitive or valuable data. The standard provides four increasing, qualitative
levels of security intended to cover a wide range of potential applications and
Another familiar standard is the Common Criteria (CC), an
international standard (ISO/IEC 15408) for computer security. Common Criteria
describes a framework in which computer system users can specify their security
requirements. The Common Criteria is the result of integrating information
technology and computer security criteria. In 1983 the United States issued the
Trusted Computer Security Evaluation Criteria (TCSEC), which became a standard
in 1985. Criteria developments in Canada and European Information Technology
Security Evaluation Criteria (ITSEC) countries followed the original U.S. TCSEC
work. The U.S. Federal Criteria development was an early attempt to combine
these other criteria with the TCSEC, and eventually led to the current pooling
of resources toward production of the Common Criteria. The Common Criteria is
based on the infamous Orange Book
issued by the United States government's Department of Defense.
President Obama may not be able to utilize his Blackberry but
fortunately for him, engineers at General Dynamics C4 Systems had an ace up
their sleeve with the SectÈra Edge Secure Mobile Environment Portable
Electronic Device (SME PED). This is the result of a contract established
in 2005 with the NSA to design and develop a mobile telephone/personal digital
assistant. The SectÈra Edge provides secure voice and data communications,
including e-mail, Web access, and file viewing (Figure 1). The award was part
of a Secure Mobile Environment (SME) program, which called for a single device
for government users requiring Type I
security, and also providing wireless access to the governmentís Secure
Internet Protocol Router Network (SIPRNet) for secure Web browsing and
(Click graphic to zoom)
The SectÈra Edge operates via existing commercial cellular networks
and has a modular architecture for connectivity to a wide array of wireless
protocols such as the Global System for Mobile Communications and Code Division
Multiple Access. It interfaces with the DoD Public Key Infrastructure using the
governmentís standard Common Access Card.
While it may be a bit more bulky than the Presidentís
Blackberry, the functionality is not compromised providing both Type 1 and
non-Type 1 encryption. Contact your T-Mobile or AT&T representative to get
your own SectÈra Edge now.
Devices such as this are possible because of the foundation
of security standards laid down during past years. Cyber security is only
becoming more challenging, and we will see many more advances in standards that
will make our mobile embedded devices more secure.
To learn more, e-mail Jerry Gipper at