Sometimes it's tough being an elite high-risk Pentagon boffin. Much though the life might seem like a dream to many of us – perks of the job could include such things as hover-jeep flying cars, self-assembling floating fortresses, Matrix style cyberwar firing ranges populated by replicant sim-people etc etc – there are downsides …
So what sort of laptops are they allowed?
Perhaps it's time...
For a little chat with those nice guys at MoDaCo. I'm sure they'll sort it out in a week or so!
They are DARPA!
DARPA - Invent and release the bloody technology yourself and do something for the common good for once instead of brainstorming novel ways to fry brown people.
Re: They are DARPA!
I'm sorry, was the Internet not good enough for you? Since when did you invent a world changing technology?
I'm sure sundry brown people are happy to be on the receiving end of thrilling death-tech as long as you can access your Bebo page.
So part of the government wants these things to be locked up tight enough to hold "secrets", while another part of the government wants backdoors, simple encryption, etc.
This makes lots of sense...
You can't secure iOS
Not to US government specs, unless Apple opens it up to running apps not gotten through their App Store.
re You can't secure iOS
Looking at this, it seems corporations can put their own in-house apps on an iPhone
A neat trick
Don't the DARPA sect understand that this may be a feat more difficult than mere VTOL jeeps or flying submarines that transmogrify into a fleet of armored battle bots you can carry in your pocket? Seriously how do they expect to lock down an operating system that is built upon selling the spy data it continuously collects? Then again, perhaps they do understand, the "pre-boot environment" would effectively be a container that separates the pretty OS from the data needing security, it could even lie to the location interface so software running on the OS couldn't track the user's movement. But if you're going to go through that kind of hassle why not just write a secure OS with emulation capabilities to run the iOS/Android software?
umm GOOD technology is already an encrypted container with FIPS-2
Why reinvent the wheel?
My former employer - a large paranoid bank was just rolling out Good as a home working option on iOS devices. Don't know how capable good is personally but from that I presume its pretty ok
Email, calendars, contacts, documents, Sharepoint, all within a nice shiny secure application. They've taken their time over the user experience, too - it's as nice to use as Apple's own apps, but more businessy. Great on iPad and iPhone alike, with features to make the most of both. Good all round, really.
The back-end server software is also sleek and easy to configure. No problem dealing with PCI-DSS level site security.
BUT - sadly, it's aimed at enterprise only. Entry level license is around £9000 (pa?), and they expect you to have thousands of users, not tens. I dearly wish that Good would introduce a SME level license, as until then our staff will have to make do with their Blackberries (which are unrelentingly hated, especially the Storms, which we paid too much for to replace!)
How about submitting it to the Android code base?
I'm sure Google wouldn't kick DARPA out of the bed...
Pre boot environment
.. on an iProduct?
Good luck with that...
Somehow, I think this is a solution that would favour an Android-based solution over an iOS solution.
Especially since DARPA can obtain the source code ... today, thanks to open source, and build it themselves... by hand using "human" compilers/assemblers/linkers if they so choose. (Military groups have been known to do something like this in the past.)
This isn't to say Apple might grant them special consideration however. After all, Department of Defence here in Australia apparently do have copies of Microsoft Windows source code for their spooks to inspect.
Whilst the Good technology ios app will provide a secure container for information, it does not secure the whole device I believe.
The article states they want something with pre boot authentication, which I can't see ios having unless it's developed by Apple themselves.
As for laptops, well it depends on the level of protection required, and then you have the whole data at rest stuff to think about.
Software FDE will get you up to a certain level on a laptop before you then need to move over to hardware based solutions from the likes of Stonewood (who the MoD use) and their secure drives with CESG issued encryption keys.
"Specifically, your work phone will generally be a boring one: no lovely iPhone or Droid for you. Instead that badge of infamy, that infallible mark of boring corporate suitdom – the BlackBerry "
I bet you think the "PC vs Mac" ads that portrayed PCs as "boring" were good too.
I see loads of people using and having fun with Blackberrys, and I'd much rather have that than a corporate Apple phone. The claim makes no sense anyway: if Apple became the business work phone you'd be issued with, then Apple would become the "mark of boring corportae suitdom".
You can't have it both ways, and ridicule Blackberry for its association with business, but then praisr the Iphone or Ipad everytime a company considers it! By your own logic, the use of Ipads in business should mean they are now boring work devices.
I'm surprised you didn't sneak in a dig against Nokia there - your standards are slipping.
You can't secure any of those models.
They all have cameras and therefore can't be allowed in any restricted areas. At least not in the US.
iOs way ahead
I work with DOD STIGs all the time. BB only has a grace in there because Obama essentially "made" them once he was chief, but even that has strict limits on what he can and cannot use the device for. only WinMo 6.5, when backed by onboard 3rd party apps, and 3rd party servers, is sufficient to meet DOD STIG (and then only when the company owns the phone itself, not a user device, and the issuance of each device is audited and manually signed off on by a government representative, per device).
iOS is VERY close to meeting STIG, and without requiring an additional audit server in addition to Microsoft Exchange. There are only a few things on the iPhone 4 and iOS 4.2 not yet secured by the new encryption APIs, and only 2 tick marks on the STIG checklist for remote management and authoritative control left to tick off. iOS 5 could meet DOD STIG completely with a few simple changes, a web server, and Exchange 2010 deployed (itself to STIG standards), and an optional server to push iOS apps internally to registered devices (bypassing the App Store). Then it's just a matter of the gov't placing a big order with Apple and outfitting its users with devices more secure (and cheaper to manage) than BB or WM6.5.
Android I'm afraid is last in class. (behind WinMo 7, sad to see they missed so much being the only "true" STIG approved device). Even Symbian ticks more boxes off. For Android to meet STIG, it needs to lose the USB and SD ports except through internal API controls (moving files in/out including enforcing that media to be encrypted is OK, but it can;t be used as expanded native storage if ti;s removable). the file system needs full encryption, accessible only through API. Al apps have to be signed. The device needs a centrally managed remote wipe service and native Exchange support. And a remote policy system has to be implemented for enterprise audit and management. And lastly, no side-loading. Most of the things Android users want have to go to meet STIG. I don't see that happening....