For governments, securing mobility still requires that “something extra”

When it emerged years ago that the mobile phone of German chancellor Angela Merkel was being tapped, the fallout set off diplomatic shock waves – and still stands as a reminder of the need for a rock-solid approach to mobile security.

Delivering such security has proven challenging for government security practitioners – particularly when it comes to enabling users to access highly-classified data. And while previous government-imposed solutions provided security through ‘hardened’ devices using encrypted voice communications within closed calling networks – an option that had been made available to Merkel among others – user demand for mainstream Apple iOS and Google Android-based devices has complicated the picture further.

Granting mobile platforms Australian Signals Directorate approval used to require specialised sandboxing add-ons such as those from Good Technology, but evaluations of Apple iOS recently accredited the platform’s core design for low-level secured environments as well.

“Apple and Samsung devices have made a lot of progress in recent years to secure those platforms,” Christoph Erdmann, senior vice president for Secusmart, told CSO Australia.

“They have made those platforms good enough for encrypted level classified communications – but if you go beyond that, the platform is not the only answer. It doesn’t matter whether the customer is more Five Eyes centric, or a European government or APAC government or in the Middle East – you will always have to do something extra.”

That ‘something extra’ varies from country to country, but the core add-on capabilities of mobile device management [MDM] technology are usually a minimum addition to ensure compliance with government security requirements.

Modern mobile operating systems support MDM controls much better than they did in the past, but closing the gap remains a key part of BlackBerry’s long-running pivot on mobile security. In the years since it was acquired in 2014, Secusmart, for its part, has not only been integrated into BlackBerry’s MDM ecosystem but has refined its anti-eavesdropping technology to ensure smoother delivery of voice encryption in high-security environments.

Secure communications solutions are in high demand as encryption becomes an increasingly contentious government policy issue that has already led to broad bans on Chinese equipment maker Huawei and threats from the United States that it could withhold information from Five Eyes partners that use Huawei gear.

Reliably secure communication is important for government agencies aiming to facilitate dignitaries’ and executives’ access to secure communications services – as they have struggled to do without restricting them to highly-secure, hardened devices running over closed proprietary networks.

Bridging the gap between ultra-secure environments and consumer-usable phones was a key part of Erdmann’s engagement with Merkel, an avowed reader of Twitter, in the wake of the wiretapping scandal.

“I presented her with the new solution and the first thing she asked was ‘where is Twitter on this thing?’” Erdmann laughed.

“That was a window of opportunity and allowed us to come up with a flexible solution that let them do all of their personal, unclassified communications – plus access to the systems behind the government’s firewall, using a single device.”

“The system is intelligent enough to find the most secure way to connect – and it makes every party able to have encryption, providing a call with the highest security clearance.”

Providing high-security mobile services to government bodies raises practical issues for security staff who must, among other things, find a safe place to store encryption keys used for sensitive voice and data traffic.

Key management is tricky enough, but with many high-security government applications mandating the disabling of active radio interfaces it has become even trickier for manufacturers to deliver flexible solutions providing strong enough security.

BlackBerry’s Secusmart offerings include offerings such as embedded key-management tools in MicroSD cards and built-in key repositories that are tied directly to MDM platforms. By tailoring these to a range of government requirements, the firm has been able to help them progress the cause of mobility without sacrificing security.

“You come across tonnes of specifics that different governments want, for different reasons,” Erdmann explains. “The key is to increase security not just by making things harder or more secure, but by coming to a much more pragmatic solution.”