The Secure Mobile Environment – Portable Electronic Device (SME PED) will soon be operational across the Navy Marine Corps Intranet (NMCI) environment. The SME PED will significantly enhance the Department of the Navy's enterprise mobility efforts by providing mobile personnel with a more convenient and less expensive method to access secure voice and SIPRNET capabilities, as well as unclassified voice and NIPRNET access.
SME PEDs may also avoid the time and costs involved to install secure networking connections in quarters for personnel who require continuous access to the SIPRNET and secure voice.
What is it?
Approved use of the SME PED (pronounced "smee-ped") is the result of a partnership between industry and the National Security Agency. The Defense Information Systems Agency (DISA) led the integration efforts for the Defense Department network environment.
The SME PED is a mobile voice and data device that provides both secure and non-secure communications through two distinct hardware platforms in one case. Connectivity is provided through the use of commercial cellular networks. Depending on the type of traffic, the user either remains on the commercial network or is routed through to the appropriate DoD/ DON voice and data networks.
The SME PED also provides all the standard PED functionality, including a calendar, Internet browsing and e-mail, making it a highly versatile traveling companion.
In secure mode, the SME PED provides SIPRNET data access up to Secret and supports voice communications up to Top Secret/Sensitive Compartmented Information (SCI).
For voice, the device determines the highest classification level common to the two parties, makes the connection at that classification level, and informs each user through the display so that the information discussed is kept to the appropriate classification level.
Operating in its unclassified mode, the SME PED operates as any DON-approved PED, such as a BlackBerry, including Common Access Card and Secure/Multipurpose Internet Mail Extensions (S/ MIME) support for sending and receiving encrypted e-mail and using digital signatures.
Two versions of SME PEDs have been developed: General Dynamics' Sectéra Edge Smartphone and L-3 Communication Systems' L-3 Guardian. As of this writing only the Sectéra Edge device has been certified by the National Security Agency; certification for the L-3 Guardian is expected soon. The devices are marginally larger than a standard PED, or BlackBerry, in height and width, although about twice as thick.
SME PEDs are designed to be global devices, with interchangeable code division multiple access (CDMA) and Global System for Mobile communication (GSM) modules, able to provide cellular network access almost anywhere the proper cellular services are present. However, at this writing, the devices are incompatible with cellular networks in Japan and South Korea.
Intended Uses and Users
As a high-value device, with the potential to put classified data and communications at risk, assignment of SME PEDs will be carefully controlled. The SME PED is intended only for those personnel who have a bona fide requirement to process classified information outside of their normal workplace or who otherwise require the capability to process classified information in a mobile environment to accomplish their mission.
Potential users include personnel who have a statutory requirement for 24/7 access to secure communications or deployed personnel who are supporting combat, humanitarian or civil operations and require a mobile capability to process classified information.
To assist in determining user eligibility, the DON SME PED team developed the DON SME PED Concept of Employment, which is available as an attachment to the Department of the Navy policy on the Issuance, Use and Management of the Secure Mobile Environment – Portable Electronic Device.
Release of the Concept of Employment is imminent as of this writing, and it will be available on the DON CIO Web site at www.doncio.navy.mil.
Only those personnel who can demonstrate that they meet the user profile, qualifications and cellular coverage requirements, as described in the guidance, may be considered candidates for approval.
By using the eligibility process to assess and validate potential SME PED users, commands may avoid forwarding requirements for users that are not likely to receive approval.
Loose Lips Can Still Sink Ships
This expansion of secure communications access also carries with it increased risks. Technically, a SME PED user could initiate a classified phone call anywhere a cellular signal is present, such as on the street, or in a subway system, such as the Metro in the Washington, D.C., area. So, the old adage that "loose lips sink ships" is alive and well in the digital age!
As a result, the security posture of the SME PED relies to a great extent on user behavior to ensure that use of the device, particularly in classified mode, is limited to appropriate locations. To familiarize users with the device's operation and security requirements, users must complete scenario-based training before a SME PED can be activated.
The SME PED is classified as a Controlled Cryptographic Item (CCI) and is subject to the requirements validation process that covers all CCI devices. Potential users who think they require a SME PED should refer to the Concept of Employment to determine their eligibility and, if they qualify, forward their requirements through their chain of command. Procurement of the devices is funded by the requesting command and is limited to the existing NSA contracts.
Future Use Cases
For now, SME PEDs only work when the proper commercial cellular network services and coverage are available. Three services are required: standard voice service, packet-switched data and circuitswitched data. This obviously limits their potential for shipboard use and other settings where the required cellular services are not available.
Future versions of the devices are expected to have wireless networking capabilities, such as WiFi or WiMAX, which, depending on how they are implemented, may facilitate the use of SME PEDs aboard ships or in forward deployed locations. This would potentially provide a smooth integration path for the devices into new environments, providing additional direct tactical warfighter support.
For More Information
• Latest SME PED news and updates
• Device and ordering information
Mike Hernon is the former chief information officer for the City of Boston and currently serves as an independent consultant to the DON CIO on a variety of telecommunications topics.