WASHINGTON: The Air Force’s new deviceONE will allow access to even the most highly classified data in an unclassified environment, Air Force Chief Architect Preston Dunlap says.
DeviceONE, being built by Air Force Research Laboratory, combines special software, called SecureView, with commercially-provided laptops. DeviceONE “jump kits” already are being provided to users across DoD and the Intelligence Community, according to AFRL.
“We have widespread interest across DoD and other US Government Departments right now due to COVID,” John Woodruff, the program manager for deviceONE at Air Force Research Laboratory’s Information Directorate in Rome, New York, explained in an email to Breaking D.
An AFRL spokesperson said he could not comment on which IC agencies were using deviceONE “for security reasons.” Likewise, a spokesperson for the National Reconnaissance Office (NRO) said: “Given the classified nature of our work, I cannot discuss any details of our current planning or operations.”
Dunlap told a Mitchell Institute webinar today that the Air Force now is “deploying 1,000” of the devices in about three-week cycles “to get them out to the force to be able to operate” during the crisis. Air Force acquisition czar Will Roper told reporters last month that he hopes to find funds to eventually deploy 4,000 across the service.
Tens of thousands of civilian and uniformed defense officials can’t access classified information from their new home offices. One of the central security principles the US military has followed up to now is to physically isolate points of access to classified information.
Sue Gordon, until recently the No. 2 at the office of the Director of National Intelligence, said last night that the disruptions of the COVID-19 pandemic mean the “classified community was struggling more than most, because have a different model than most.”
But Gordon, speaking during an INSA webinar, also said the disruptions sweeping through the defense and intelligence communities present the US with “a great opportunity” to change how the IC functions and how well it functions. DeviceONE would seem to be exactly the sort of change Gordon might point to. The question will be, of course, if it reliably and securely does what it’s meant to and the intelligence agencies adopt it quickly.
The new software is being developed as part of the Air Force’s flagship Advanced Battle Management System (ABMS), a key component of DoD’s top-priority Joint All-Domain Command and Control (JADC2) effort. Access to Top Secret/SCI information will be available in the future. Today, users can access Secret material.
“The particular configuration that we’ve done for this to manage the risk of posture in COVID is to do just the secret level, and unclassified,” Dunlap said. “For ABMS, and the warfighter abroad as needed, what … we are doing is enabling those devices, and the inherent security associated with the ability, to operate at any classification.”
In his April roundtable, Roper said that deviceONE had been certified by the National Security Agency as safe for remotely accessing classified data. The device is based on what is known in the industry as a “zero trust” security protocol, which prevents protected information from being stored on the user’s device but allows secure access to that information via the cloud.
In deviceONE’s case, only unclassified data is ever stored on the device, but users can get to secret-level information stored in the ABMS “cloudONE.”
“So you could literally, throw it on the street. No problem,” quipped Dunlap. “I wouldn’t recommend it, but no problem.”
Woodruff explained that “deviceONE is simply a laptop that meets our specific requirements with the SecureView software and configuration connected to the networking solution (aka stack) based on NSA standards. The user doesn’t need to be aware of the special sauce on the laptop or the networking pieces running in the secure facility. All they need to do is follow the connection instructions.”
“AFRL is building it using commercially available equipment with our special software. Cost of the laptops are around $2K each,” he added. Laptop vendors validated up to now to host the system include Dell, Hewlett Packard and Panasonic, he said.
Specifically, deviceONE comprises a “Virtual Desktop Infrastructure (VDI) technology, an [NSA] approved Commercial Solutions for Classified (CSfC) hardware stack and SecureView-enabled laptops,” AFRL elaborated in an April 9 press release.
Dunlap was visibly proud of the effort to rush deviceONE into the field, as a successful example of how fast the ABMS’ novel spiral development process for both software and hardware can work.
“The system is phenomenal,” he said. “The team pulled together very rapidly the ability to do something that we were going to demonstrate in April for the first time as a prototype.”
As Breaking D readers know, ABMS is the Air Force’s effort to build a family of systems that together will create what Dunlap called a “battle network, or a military Internet of Things” to underpin the US military’s Joint All-Domain Command and Control (JADC2) concept for conducting all-domain operations.
JADC2 in turn is one of the top priorities for Chairman of the Joint Chiefs of Staff Mark Milley and Secretary of Defense Mark Esper, as well as Goldfein, as they attempt to map out a new American way of war.
The service is using so-called “DevOps” (also known as spiral development) practices to push out new iterations of the various ABMS technologies every four months.
The Air Force had intended to follow up the first “ABMS On Ramp” demo, held in December in Florida, with a second demo located on the West Coast in April but that was postponed due to the COVID-19 crisis. Dunlap said that that demonstration, which will center around Space Command, headed by Gen. Jay Raymond, as the supported command, will take place in August or September. It also will include “live fires from each of the domains” for the first time, he said.
A third On Ramp demonstration already is the works, Dunlap added, that will involved taking the exercise outside of CONUS to the Indo-Pacific Command operating environment.
“We’ve also struck a partnership with with Admiral Davidson, the INDOPACOM commander, as well as continuing with General Raymond, for the subsequent On Ramp,” he said, “so we’re very excited about taking that out in theater to the operational edge.”
Colin contributed to this.