Sandbox Android for official use, French ministers told
16 September 2013 | 0
French Prime Minister Jean-Marc Ayrault warned government ministers this summer that they and their staff should only use approved smart phones to discuss sensitive matters, a French magazine has revealed.
For matters classified secret, Ministers and government officials should use a feature phone called Teorem from French aerospace and defence equipment manufacturer Thales, Ayrault’s chief of staff told his counterparts in the various ministries in a letter dated 19 August and published by the magazine l’Expansion.
Teorem is a hybrid device compatible with public landlines and with 2G or 3G mobile networks. It exchanges keys via a central server in order to authenticate itself and encrypt transmissions, but it can only communicate with similarly secured devices, and it will not run apps or exchange email. The government has ordered 14,000 Teorem phones, half of them for the armed forces, according to Thales.
Not all ministerial discussions are secret, but most should at least be considered sensitive, and for those, only landlines or smart phones with a security system approved by the French National IT Security Agency (ANSSI) should be used, the letter said.
ANSSI has approved no smart phones to date, according to lists of certified and qualified security systems on the agency’s website, but it has approved a software add-on for Android phones and tablets called Teopad, also from Thales. Teopad creates separate partitions for personal and business information, securing access to the business information and apps using strong authentication, and using a VPN to secure communications with those apps. It can also secure voice communications via a secure SIP server using SIP-TLS, according to Thales documentation.
Ministers and their staff in neighbouring Germany use a similar system to secure their communications. The German system can secure voice and data communications over public networks, and secure up to 4GB of data at rest, on BlackBerry Z10 smart phones equipped with an additional security chip from German encryption specialist Secusmart. The company takes advantage of the BlackBerry Balance feature in the latest version of BlackBerry OS to separate secured and non-secured information and applications.
As well as his warning about smart phone use, Ayrault’s chief of staff told government officials not to store sensitive data in cloud services outside France, and not to use personal email services or SMS to discuss sensitive matters. The letter also reminded them of the "elementary rules of security," including guidance on the creation of strong passwords, and warnings about phishing attacks and the dangers associated with USB memory sticks.
IDG News Service