Can Mobile Devices be used in controlled spaces?

Like how any other information processing solution is authorized for use within controlled spaces, policies and standard operating procedures (SOPs) that safeguard the proper use of government-procured/issued computing devices – and the proper use of content residing on them, must exist. In the case of mobile devices, security policies and SOPs should address the proper storage, distribution, use, sanitization, and potential destruction of mobile devices after their service life has ended.

Assuming that appropriate security safeguards are established and followed, technologies exist to manage the rapid distribution and removal of software and classified content (i.e., data files, imagery, etc) residing on large collections of managed mobile devices. Mobile Device Management (MDM) solutions originally developed for industrial, educational, and commercial use cases are often used within the Department of Defense (DoD) to enforce the configuration of software and data residing on government-owned/issued mobile devices and the configuration (enabling/disabling) of embedded devices including cameras, microphones, and wireless networking features.

While not directly applicable to the use of mobile devices in controlled spaces, MDM solutions have already been used by the Naval Air Systems Command (NAVAIR) to initially provision mobile devices with Electronic Kneeboard (EKB) applications, including Military Flight Bag (MFB) apps provisioned in iPad's used in Naval and Marine Corps aircraft.

How is Air Worthiness being addressed?

Within the United States, the Federal Aviation Administration (FAA) has issued Advisory Circular (AC) 91-78 detailing the use of Class 1 or Class 2 Electronic Flight Bags (EFBs). This particular AC provides aircraft owners, operators, and pilots operating aircraft under Title 14 of the Code of Federal Regulations (14 CFR) part 91, with information for removal of paper aeronautical charts and other documentation form the cockpit through the use of either portable or installed cockpit displays. Of particular note, is the use of the Apple iPad-based ForeFlight Mobile app used aboard commercial aircraft world-wide.

NAVAIR has participated in a project leading to the Ejection-Seat Windblast Tested / Approved implementation (on 08 August 2018) for several versions of the EJ-SEAT EKB manufactured by Juggernaut.Case (Scottsdale, Arizona), which are reportedly being flown by more than twelve different Air Forces, Navy and Marine Corps Wings world-wide (see: https://soldiersystems.net/2020/10/19/juggernaut-case-awarded-contract-for-navair-ejection-seat-electronic-kneeboard-platforms/)

We anticipate guidance from the Department of Defense (DoD) and in particular the US Navy’s PMA-290 program office is forthcoming on the operational use of Military Flight Bag (MFB) applications within the P-8A community, and this could include guidance on EKB apps as well. GMW plans to collaborate with PMA-290 later this year on the operational use of our CrEWS EKB apps within the P-8A – primarily for those working aft of the cockpit.

Based on evidence we have observed through open-media sources, the Royal Australian Air Force (RAAF) is actively using ForeFlight within the P-8A’s cockpit. For example, a YouTube video posted by the RAAF (https://youtu.be/HFjbAsdQVg4?t=120) shows the RAAF’s use of Apple iPad mounts outboard of their pilot and copilot seats positioned where traditional paper-based kneeboard products are accessed.  

Why is CrEWS an iPad implementation and not residing within TOMS?

CrEWS mobile apps leverage Secure Enclave and Neural Engine processing components residing within Apple’s iPads to address known security and anticipated machine learning processing needs of Cryptologic and Electronic Warfare operators distributed across the fleet.

• In the case of the P-8A Poseiden, members of the aircrew tasked with operating the AN/ALQ-240 Electronic Support (ES)/Electronic Support Measures (ESM) system - which is performed via Tactical Open Mission System (TOMS) consoles, and the Tactical Commander (TACCO) are our principal CrEWS EKB users.

• In the case of the MH-60R Seahawk, the single enlisted Naval Aircrewman (AW) operating various aircraft systems including the AN/ALQ-210 ES/ESM system is our primary CrEWS EKB user aboard naval helicopters.

• Pilots and Naval Flight Officers operating within the aircraft carrier-based E-2C/D Hawkeye, who interact with the AN/ALQ-217 ES system are included as future CrEWS EKB users.

• CrEWS apps installed within different iPad form factors (large, medium, and small) could prove to be ideal for teams of shipboard Cryptologic Technicians Technical (CTTs) personnel operating different shipboard ES and Electronic Attack (EA) systems, along with Electronic Warfare (EW) module Supervisors, Combat Information Center (CIC) Watch Officers, and Tactical Action Officers (TAOs), who do not have a viable alternative means to directly access authoritative EW content from another source within CIC spaces.

The availability of and access to similar Secure Enclave and Neural Engine processing components within platform-specific mission systems like the P-8A Poseidon’s TOMS, or any other platform-specific hardware suite remains unknown. Besides this, we expect that proven capabilities originating within CrEWS EKB apps will someday find there way into TOMS, as well as other platform-specific aircraft and shipboard mission system software updates. A future state we fully support.

What additional security measures are on our technology roadmap?

By design, our CrEWS EKB application source code is unclassified. However, the distribution and installation of CrEWS apps is not via a commercially accessible App Store - its only provisioned via a licensed Mobile Device Management (MDM) environment deployed to companion laptops issued to aviation squadrons or ships.

We are leveraging NIST Special Publication (SP) 800 series publications to refine security postures applied to our CrEWS apps. Over time the CrEWS apps are designed to dynamically discover and securely interact with network endpoints like our CrEWS Tactical Edge Gateway using mutual Transport Layer Security (mTLS) implementations supporting Zero Trust features to harden interactions between CrEWS-enabled nodes.

Furthermore, GMW is developing dynamic access-control features into its CrEWS applications to facilitate use of proximity safeguards, providing an extra layer of security to its installed user base. Proximity safeguards can be used in conjunction with companion CrEWS Gateways operating within the skin of an aircraft (e.g., P-8A, MH-60), to cryptographically secure access to classified content (see: Data Protection in Apple devices - Apple Support) if proximity rules are not met.

In the case of Apple Platform Security (see: Encryption and Data Protection overview - Apple Support) the secure boot chain, system security, and app security capabilities all help to verify that only trusted code and apps signed by a known developer (i.e., GMW) run on a device. Apple devices have additional encryption features to safeguard user data, even when other parts of the security infrastructure have been compromised (for example, if a device is lost or is running untrusted code). All these features benefit both users and IT administrators, protecting personal and government-originated information and providing methods for instant and complete remote wipe in the case of device theft or loss.