NSA Experimenting With BYOD

The U.S. Government would like to move toward mobile, but is taking cautious steps at first, says one researcher.

Speaking at the RSA Conference, Troy Lang, Mobile Security Solutions with the National Security Agency (NSA), said that the government has acknowledged that it can not build and support it's own mobile network. He said past attempts produced a device with poor user experience and lacked agile development. The government is now looking for commercial solutions.

Lang gave a few details about Operation Fishbowl, where the NSA took an Android phone (he declined to specify which) and performed a variety of tricks to protect the transmission of sensitive data through a commercial carrier's network. He said the results were not what they'd hoped. But he shared some of what works.

The phones, he said, used a concept of "Trust Engineering," where layers of encryption protected the sensitive data. He said the encryption came from different vendors to help randomize the experience against hacking. The problem here, he said, was the lack of hardware rooted trust.

In the end the NSA had to create two new apps: Exorcist, which removed Daemons from the device, and Nanny, an app which monitored apps and could shut themn down if they behaved strangely.

The result of the research is a document, NIST 800-164 which specifies what additional technology is needed. Lang said he was hopeful that the commercial world would develop the missing technologies so that the government could better participate in BYOD