Secure network question

[phrogpilot73]

Alright, if you want the truly technical/not crossing any boundaries response? No. There is absolutely no way in hell that your phone, WiFi or not can access a drop that is not plugged into a computer. Even through nefarious means.

Plug a computer into that drop, and all bets are off. Is it a sanitized space, and the only thing are drops? Or is it a space that open storage has been authorized?

Here's the reason I ask... Without getting too into the weeds that could lead to spillage - yes, even if your phone is turned off completely - there are ways to collect information through your cell phone. So if the space is certified for open storage (and in my experience, you have to get it certified for open storage before a drop can even be installed) - than you're SOL.

Can't get too much more technical without SIPR...

In case you're curious, I was the squadron's ISMO - so I had to get knee deep into it to get a SIPR drop in the squadron.

 

[Alpha_Echo_606]

Gator dev, next time the TS squirrel crew comes in I shall present them with this question of yours. Maybe one of our guys will have the answer, I shall check tonight.

 

[Jim123]

I suppose that somebody involved in writing the instruction was worried that someday, somebody will invent a smartphone that does that. Or something that does that but looks like a smartphone. Or who knows...

More often than not, I think the IT guys are well intentioned but they tend to miss the forest for the trees.

 

[helolumpy]

Is your question why we can't have phones in secure spaces, and the reasoning behind that policy?

I've been in lots of spaces that have "open storage" of up to Secret that would could not have cell phones with us.
The security officer said it was because it was possible that cell phones could be used as a recording device and they are not allowed in classified spaces.
There was also the "fear" that someone could hack your phone and turn it on while you were in a classified space, therefore they could hear classified conversations. I don't know if that is actually possible, but I've heard it stated by more than just one person.

At NORTHCOM, there was a lead lined box inside the space that your could store you cell phone in when you entered the room.

 

[Gatordev]

I've been in lots of spaces that have "open storage" of up to Secret that would could not have cell phones with us.
The security officer said it was because it was possible that cell phones could be used as a recording device and they are not allowed in classified spaces.
There was also the "fear" that someone could hack your phone and turn it on while you were in a classified space, therefore they could hear classified conversations. I don't know if that is actually possible, but I've heard it stated by more than just one person.

At NORTHCOM, there was a lead lined box inside the space that your could store you cell phone in when you entered the room.

It's actually very possible and something (DISCLAIMER: according to open sources) that we did initially during OEF. They finally figured out the problem and started taking their batteries out of their phones when they weren't in use. Nowadays, without getting into details, "all's quiet on the Eastern Front." They learned their lesson.

Alright, if you want the truly technical/not crossing any boundaries response? No. There is absolutely no way in hell that your phone, WiFi or not can access a drop that is not plugged into a computer. Even through nefarious means.

The thought defies logic, as far as I can understand the system.

Plug a computer into that drop, and all bets are off. Is it a sanitized space, and the only thing are drops? Or is it a space that open storage has been authorized?

I think I understand what you mean. No computer, no certification. Just cold drops. But that's not the issue. The "issue" (not for me, just as it was "explained" to me) is if/when the drops go hot...and no Red machines in the spaces.

Like I said, my homework is to go find an instruction. I just hate it when people make up reasons for things that may very well be true, but try and enforce them when they don't apply.

 

[insanebikerboy]

A technical reason it's impossible, and it's pretty simple, is that they are so far apart in the electromagnetic spectrum that they can't interact without some serious conversions. The equipment and process involved to actually make that work is pretty involved, short of simply hooking a computer into the port, and at that point why even need the wifi?

The more logical reason? Using the cellphone as some sort of wireless/remote listening device. Wifi is particularly slippery in getting through walls, even metal walls.

 

[Brett327]

It's too bad we can't just slap stupid people and instruct them to STFU. That might deter future idiocy.

 

[phrogpilot73]

Like I said, my homework is to go find an instruction. I just hate it when people make up reasons for things that may very well be true, but try and enforce them when they don't apply.

I did your homework for you, again because I went through this ass pain with one of our classrooms. It's DoD Directive 8100.02.

Here's a couple blurbs from it that are open to some level of interpretation:

4.2. Cellular/PCS and/or other RF or Infrared (IR) wireless devices shall not be allowed
into an area where classified information is discussed or processed without written approval from
the DAA in consultation with the Cognizant Security Authority (CSA) Certified TEMPEST
Technical Authority (CTTA).
4.3. Wireless technologies/devices used for storing, processing, and/or transmitting
information shall not be operated in areas where classified information is electronically stored,
processed, or transmitted unless approved by the DAA in consultation with the CSA CTTA. The
responsible CTTA shall evaluate the equipment using risk management principles and determine
the appropriate minimum separation distances and countermeasures.

The interpretation part in my mind is this - does a SIPR drop constitute "classified information is... processed"? Pretty clear that you can't operate your cell phone in that space, because a drop would be "classified information is... transmitted".

 

[insanebikerboy]

stuff.

Reading through that, it makes obvious sense, just pull out the harddrives and you can no longer "process" information. Now getting someone to agree to that....

 

[Gatordev]

I did your homework for you, again because I went through this ass pain with one of our classrooms. It's DoD Directive 8100.02.

Here's a couple blurbs from it that are open to some level of interpretation:



The interpretation part in my mind is this - does a SIPR drop constitute "classified information is... processed"? Pretty clear that you can't operate your cell phone in that space, because a drop would be "classified information is... transmitted".

Thanks for the instruction number. To be clear, I'm not arguing the "don't use a cell phone in a secure space." That makes complete sense. I'm arguing the reason I was given, which seems ridiculous. And really, I don't even need to argue anything. This was more about not making crap up.

 

[Harrier Dude]

The bottom line is this: It's easier for the network people to say "no".

Nobody ever gets fired or sent to jail for saying "no".

They have no "product" to show at the end of the day. They can never fail their mission unless they contribute to what somebody may later consider to be a security violation.

They have ZERO incentive to help, and lots of incentive to be obstructionist.

Welcome to the federal government.

 

[Renegade One]

Why do you hate America?

My thoughts exactly. Here's the dealio...and it applies to "now" and "later" (when you may work for a defense contractor). Do NOT beat you head against a wall asking "Why?" Comply with the security procedures that are in force.

 

[kmac]

So wait a second... the original question was over having a phone in a room with a SIPR drop, right? It's my understanding (and I don't have access to any classified material on this anyway) that the SIPR lines use regular commercial lines that are no different from the NIPR lines. In other words, a lot of times NIPR and SIPR are sent out in the same systems. There's nothing special about the line itself since it can easily be spliced into from anywhere, especially those running off installations.

 

[phrogpilot73]

So wait a second... the original question was over having a phone in a room with a SIPR drop, right? It's my understanding (and I don't have access to any classified material on this anyway) that the SIPR lines use regular commercial lines that are no different from the NIPR lines. In other words, a lot of times NIPR and SIPR are sent out in the same systems. There's nothing special about the line itself since it can easily be spliced into from anywhere, especially those running off installations.

You are correct. SIPR traffic flows along NIPR lines, but it is encrypted. There is a TACLANE that decrypts the SIPR traffic - the important part is if you are downstream of the TACLANE, the traffic on the cat 5 is now unencrypted.

 

[Gatordev]

My thoughts exactly. Here's the dealio...and it applies to "now" and "later" (when you may work for a defense contractor). Do NOT beat you head against a wall asking "Why?" Comply with the security procedures that are in force.

Generally, your advice is sound. However, I'm guessing you haven't dealt with a certain community before. And if you have any experience outside that community, it makes things even more frustrating. There's a lot of times where you need to ask why because the only reason you'll get back is "...because that's how we've always done it." And if you think I'm just talking about INFOSEC, sadly, you are mistaken.