The DoD is committing to Android as a platform in a massive way. Apps 4 Army is a key example. The push is so large and widespread that I think it will force the whole US Gov't along with it. Everyone from political leaders, to soldiers, to doctors at VA hospitals, to employees at defense contractors, will be required to use Android because of government security certifications and custom apps. There's a good chance that Android will become the very dominant winner in the mobile platform space because of this.
Android is going to be the low cost field deployable random gadget, and this is an investment in bringing a minimum level of security to the platform.
For actual classified applications, the NSA (which provides solutions downstream to DoD and other groups) is already trying to standardize on a highly customized version of Windows CE built by General Dynamics that runs on XScale processors with NSA specific modifications. Some publicly visible applications of this stack are the Sectera Edge (the phone that replaced Obamas Blackberry) and the DTD2000.
Windows CE will become the very dominant winner in the mobile platform space because of this. :)
I've heard this before. Remember 15+ years ago when the US Army chose WebObjects because it was so obscure it had no security issues? How is their adoption of Apple server gear since then?
The US navy wants to use (near) commercial android devices. These might be used to display confidential reports (as in a normal buisness), but may also be used to control the ship.
The navy already have secure versions of Linux and Windows, and want something similar for android.
This will take the form of additional security layers, similar to the ones the NSA did for Linux[1].
Some of them will be made commercially available, hopefully increasing security to the whole platform. If this included e.g. application sandboxing, you can see that it would be of general interest, particularly to people with similar needs (Android based control terminal for a power station, or sys admin wants to roll out policy to coorp devices).
Android is becoming the default embedded OS for a lot of UI, so it's really nice to see this.
Hmm, who actually is the one to usually do this sort of thing?
Clearly it is a good idea, but I don't think it really makes sense for the Navy to do it for themselves. Isn't this more the sort of thing the NSA should be doing on the behalf of everyone else in government?
I found it interesting that they specifically called out use on Virginia-class submarines. As a former submarine officer myself, there certainly are some applications on board where this would certainly make sense. (Not in the engine room operationally, but in other areas definitely.)
The fact that this project is "focused on reducing the impact of short life cycles for commercial mobile devices" excites me as I'm sure many folks dislike how quickly technology grows obsolete and stale when you just bought a new phone and a new one comes out a few weeks later. That being said, security of mobile devices is an increasingly important issue as we become more and more reliant on information connectivity for our daily lives.
I would be curious to hear the results of Phase I and of course look at the framework they use to extend the Android OS.
Why not try to commit the Security extensions into the Android project?
The Navy has an SBIR solicitation out for this topic, but it does not necessarily mean that it is going to put up $1MM. Phase I funding is small (less than $100k per award) and sometimes no Phase II contracts are awarded for a topic. Of course, the Navy could also spend much more than $1MM if they decide to fund multiple Phase IIs (also not uncommon). It really depends on the results they see during Phase I and the importance of the topic compared to other funding opportunities.
The average is for them to fund 2-5 Phase 1 awards at $150K and then 1-2 Phase II awards of $1MM each based on the most promising of the Phase I. Given recent changes to the SBIR program, note that Phase I SBIRs can now be for $150K and Phase IIs at $1MM.
It can happen, but is rare, that they would fund nothing on a topic in the solicitation.
And as you say, compelling results out of the SBIR work can lead to follow-on work that is >> $1MM.
The short of it is, the Navy is interested in this topic, and if you have a small tech business with innovative ideas in this space there is a great funding opportunity here for you to advance your tech and grow your business.
I think the military appreciates the security advantages of open source more than many other organizations. There's really no way to trust national security information to black-box proprietary systems. This concern has even extended to the actual chips running the software, since they're often made in China.
Raise of android-based embedded devices is coming.
Android already ate ~70% of selling smartphones and now spreading to non-phone areas, like car systems, fridges, cash machines and so on.
I really hope android will become even more secure in next few years. Otherwise ... imagine it by ourselves
Why doesn't Google apply? :) They get $1 million to improve Android security - and they can just do it and integrate it into the next release for everyone!
The SBIR program is the largest Federal source of non-dilutive seed-stage funding available. The program is highly competitive, but this funding is available exclusively to small (e.g., < 500 employees) businesses.
The intent of the program is to drive technology development and new business creation and spur innovation in areas to meet identified national needs (in this case a need by the Navy).
This comes hot off the heels of the ACLU filing a FTC complaint about lack of security: http://www.aclu.org/blog/technology-and-liberty/aclu-files-f... Interesting that where the market and the FTC fails to act, the Navy finds it necessary to pick up the slack.
Can anybody comment on how the Navy restriction to US citizens only developing this plays into the FOSS ecosystem of Android? I assume most of it is GPLv2, so isn't this immaterial? Why would it matter when the code is completely FOSS?
Because it's a legal and/or regulatory requirement, which are not required to make sense in the scope of unusual market environments, let alone normal ones. :-/
Seems like a great idea. I expect most of their contributions will make it back to open source via AOSP, and people will be able to run their own secure non-proprietary versions of Android.
The whole device hardware and software needs to be certified. It is hard to make a secure piece of software and prove it so if the hardware or firmware it is running on is compromised.
Pfft. Have you ever had a project EALx/Common Criteria certified? The program is a joke. You can certify a ham sandwich if you document what brand of mayo you use.
NMCI is actually quite successful in meeting most of its design criteria. Unfortunately said criteria don't seem to include rolling releases to recent software, or cost effectiveness (the contract seems optimized to ensure you have to go through the help desk for anything and incur a charge).
I can't speak to ERP but I'd be surprised if it were any worse than our existing menagerie of mainframe-based "corporate data" systems that run batch transactions once a day and require tedious manual correction seemingly all the time.
For all of you Flipper fanatics, I found a gem of a funding source "To develop probiotic pharmaceuticals to treat and prevent gastrointestinal disease in dolphins and improve their health through the utilization of indigenous commensal microbes of these marine mammals." https://sbirsource.com/grantiq#/topics/87793 . Big money to solve these big problems: http://www.youtube.com/watch?v=6S6PPKUDGfc
[+] [-] vabmit|13 years ago|reply
[+] [-] dsl|13 years ago|reply
For actual classified applications, the NSA (which provides solutions downstream to DoD and other groups) is already trying to standardize on a highly customized version of Windows CE built by General Dynamics that runs on XScale processors with NSA specific modifications. Some publicly visible applications of this stack are the Sectera Edge (the phone that replaced Obamas Blackberry) and the DTD2000.
Windows CE will become the very dominant winner in the mobile platform space because of this. :)
[+] [-] r00fus|13 years ago|reply
[+] [-] sigzero|13 years ago|reply
[+] [-] threeseed|13 years ago|reply
And I was under the impression that Apps 4 Army was built for iOS first. Does that mean iOS will now 'win' ?
[+] [-] shubb|13 years ago|reply
The US navy wants to use (near) commercial android devices. These might be used to display confidential reports (as in a normal buisness), but may also be used to control the ship.
The navy already have secure versions of Linux and Windows, and want something similar for android.
This will take the form of additional security layers, similar to the ones the NSA did for Linux[1].
Some of them will be made commercially available, hopefully increasing security to the whole platform. If this included e.g. application sandboxing, you can see that it would be of general interest, particularly to people with similar needs (Android based control terminal for a power station, or sys admin wants to roll out policy to coorp devices).
Android is becoming the default embedded OS for a lot of UI, so it's really nice to see this.
[1]http://en.wikipedia.org/wiki/Security-Enhanced_Linux
[+] [-] jlgreco|13 years ago|reply
Clearly it is a good idea, but I don't think it really makes sense for the Navy to do it for themselves. Isn't this more the sort of thing the NSA should be doing on the behalf of everyone else in government?
[+] [-] justincormack|13 years ago|reply
[+] [-] jedc|13 years ago|reply
[+] [-] joyeuse6701|13 years ago|reply
[+] [-] NinjaSudo|13 years ago|reply
I would be curious to hear the results of Phase I and of course look at the framework they use to extend the Android OS.
Why not try to commit the Security extensions into the Android project?
[+] [-] eterm|13 years ago|reply
[+] [-] brucehart|13 years ago|reply
[+] [-] cjones99|13 years ago|reply
It can happen, but is rare, that they would fund nothing on a topic in the solicitation.
And as you say, compelling results out of the SBIR work can lead to follow-on work that is >> $1MM.
The short of it is, the Navy is interested in this topic, and if you have a small tech business with innovative ideas in this space there is a great funding opportunity here for you to advance your tech and grow your business.
[+] [-] jiggy2011|13 years ago|reply
[+] [-] dublinben|13 years ago|reply
[+] [-] out_of_protocol|13 years ago|reply
[+] [-] samspenc|13 years ago|reply
[+] [-] jjohnson|13 years ago|reply
[+] [-] cjones99|13 years ago|reply
The intent of the program is to drive technology development and new business creation and spur innovation in areas to meet identified national needs (in this case a need by the Navy).
[+] [-] notthemessiah|13 years ago|reply
[+] [-] derrida|13 years ago|reply
[+] [-] mpyne|13 years ago|reply
[+] [-] iam|13 years ago|reply
[+] [-] rdtsc|13 years ago|reply
[+] [-] tptacek|13 years ago|reply
[+] [-] rdl|13 years ago|reply
[+] [-] RexRollman|13 years ago|reply
[+] [-] mpyne|13 years ago|reply
I can't speak to ERP but I'd be surprised if it were any worse than our existing menagerie of mainframe-based "corporate data" systems that run batch transactions once a day and require tedious manual correction seemingly all the time.
[+] [-] jjohnson|13 years ago|reply