Booz Allen Hamilton delivers rigorous security testing and evaluation of the Research in Motion (RIM) BlackBerry® Smart Card Reader, ensuring secure, reliable mobile communications for the Army and, ultimately, all the military services.
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Case Study: Army Materiel Command Technical Security Evaluations
1. A S S U R A N C E & R E S I L I E N C E | I N F O R M AT I O N T E C H N O L O G Y | S Y S T E M S E N G I N E E R I N G & I N T E G R AT I O N
Technical Security Evaluations
Booz Allen Hamilton delivers rigorous security Secure, Mobile Communications
testing and evaluation of the Research in Motion
(RIM) BlackBerry®Smart Card Reader, ensuring The Chief Information Of cer (CIO) at the Army
secure, reliable mobile communications for the Materiel Command (AMC) selected the strategy and
Army and, ultimately, all the military services. technology consultants at Booz Allen Hamilton to
perform the security testing, provide the necessary
information, and integrate stakeholders so the
Uncompromising Testing Standards
Army could make an informed decision regarding
The Army deploys tens of thousands of RIM future guidance and implementation of the RIM
BlackBerry®devices to its personnel for mobile BlackBerry®Smart Card Reader.
voice and data communications. To ensure
Booz Allen brought together an expert team that
secure communications, many Army users would
understands the deep protocol level in Bluetooth®
physically connect Common Access Card (CAC)
technology, such as its algorithms and cryptographic
readers to their BlackBerry®devices, a cumbersome
functions. We also drew upon our extensive
approach that was susceptible to multiple failures
relationships throughout the Army, Department of
and potential breakdowns in mission-critical
Defense and National Security Agency (NSA) to create
communication. The Army needed small, durable
a stakeholder team that could quickly and effectively
and mobile CAC readers that could provide the
address security issues raised during testing.
highest level of security.
Along with its team of technical experts, Booz Allen
When it appeared that RIM’s Bluetooth®-enabled
also had a facility, the equipment, and a rigorous
BlackBerry®Smart Card Reader could meet this
methodology for security testing that had already
requirement, Army of cials needed to move
been validated and approved by Department of
quickly to test and evaluate the reader’s security.
Defense and intelligence agencies. In its tasking
Normally, a security evaluation of this depth would
to perform a rapid six-week evaluation of the
take at least six months, requiring both intensive
BlackBerry® Smart Card Reader, Booz Allen tested
engineering and testing as well as extensive
three main areas:
coordination among a large stakeholder group of
military, intelligence, and civilian agencies. To meet • Bluetooth® Link. Analyzed the Bluetooth® traf c
operational demands of war ghters around the passing between the smart card reader and the
globe, the Army needed the evaluation completed desktop. Simulated attacks, intercepted sensitive
in just six weeks. data, and assessed the security of the link.
Ready for what’s next. www.boozallen.com
2. • Smart Card Reader. Examined whether CAC signi cantly improving communications, information
transactions can be subverted by an attacker sharing and decision making—in the of ce and on
and whether the smart card reader poses a the battle eld.
threat to the Army enterprise.
But the value of the security evaluation goes
• SCR Desktop Software. Analyzed how the beyond just this one product test. Booz Allen’s
desktop software interoperates with the smart methodology provides the Department of Defense
card reader and determined whether any with an approach for testing the security of all
vulnerabilities were introduced on the desktop. Bluetooth®-enabled smart card readers. In addition,
DISA has built upon the Booz Allen study to create
Within the operationally-required six weeks,
a new technical implementation guide for securing
Booz Allen completed the evaluation and
BlackBerry® devices. And Booz Allen is working
issued its report demonstrating that the RIM
with DISA and NSA to analyze additional wireless
Bluetooth®-enabled BlackBerry ® Smart Card
technologies and devices, such as Microsoft®
Reader meets Army security requirements.
Mobile Messaging and Bluetooth® headsets, for use
Our report also provided the Army with
by the military services.
technical guidance on how to ensure secure
communications with the RIM wireless card
reader; and the evaluation provided RIM with
Ready to Help You
feedback to help the company con gure the Our engineering and analytical work on wireless
card reader and other products to meet US technology for the Army Materiel Command is just
government standards. one example of how Booz Allen Hamilton’s strategy
and technology consultants can help military
Following these tests, the BlackBerry® Smart Card
leaders adapt and respond to elusive enemies and
Reader was approved for use not just by the Army,
unpredictable threats. Our consulting teams draw
but by all branches of the military.
from the rm’s wide range of technical capabilities
“Using leading-edge implementation of existing in engineering and information technology as well
technologies, AMC, through Booz Allen, has created as our depth in complex program management,
a surge of which the Army, much less the DoD, has organization change, operations and logistics. We
not experienced in decades,” said Rick Walsh, AMC bring both battle eld and boardroom experience
CIO/G6 Deputy Information Assurance Manager. to every engagement. Guided by an independent
“The ability to use untethered secure identity perspective and collaborative approach, Booz Allen
management tools will change the face of the DoD.” delivers customized solutions that address each
client’s unique challenges. To learn more about the
Helping the Army—and All Military know-how behind this project and how it can help your
Services—be Ready for What’s Next team be ready for what’s next, visit boozallen.com.
The security testing performed by Booz Allen has
enabled our globally deployed military forces to use
wireless RIM BlackBerry® devices with con dence,
contact: Cameron Mayer, Senior Associate
email: mayer_cameron@bah.com
phone: 703/850-4924
contact: Michael Zirkle, Senior Associate
email: zirkle_michael@bah.com
phone: 703/984-1465