Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Air Force abruptly scraps iPad plan for special ops

The U.S. Air Force has abruptly cancelled a plan to buy nearly 3,000 iPad 2 tablets, just days after a news site raised questions about including a Russian-developed app for encrypting and reading documents.

The original plan, posted in late December on the Federal Business Opportunities website, was to buy 2,861 iPad 2 machines to be used as electronic flight bags carrying digital versions of charts and technical manuals. The procurement specified the use of GoodReader, a popular iPad document reader developed by a Moscow, Russia software developer, Yuri Selukoff, of Good.iware. The same application, which has been well-reviewed by bloggers and tech sites, has been used in two other similar deployments, one for Alaska Airlines and another for Delta.

CASE STUDY: Company uses iPads instead of laptops for loaner program 

SLIDESHOW: 25 useful iPad business apps 

In this case, the iPads would be used by the Air Force Special Operations Command (AFSOC), which maintains a fleet of surveillance aircraft and helicopter gunships, according to reporting by NextGov, which is part of the National Journal Group and the Atlantic Media Company, and covers IT management in the federal government.

Bloomberg this week reported about what seems to be a separate but similar Air Force project, that could eventually total 18,000 iPad 2 tablets, also being used to store flight documentation.

So far the Air Force has not offered any explanation for the cancellation.

But the cause may have been inquiries last week by NextGov's Bob Brewin, who drew attention to the use of Russian software on a Chinese-manufactured tablet for use by special operations pilots and crew. Brewin's story was published Feb. 17. In it, he noted that AFSCO specified the use of GoodReader: "Device must be capable of using the GoodReader application, which meets mission security and synchronization requirements. Operation of this application requires the iOS operating system and its inherent security features."

The mission security requirements apparently include encryption. GoodReader can encrypt data files, which is an important feature because iPad 2 has not been certified as under the Federal Information Processing Standard (FIPS) 140-2 for secure data storage and transmission.

Despite that, several current and former military officials in the NextGov story raised concerns about military pilots relying on Russian software, and about whether the SOC had adequately vetted Good.iWare and its code.

In researching the story, Brewin contacted the Air Force which didn't directly respond to specific security concerns. But the day before the NextGov story appeared, the procurement was canceled

As the story gained circulation, others questioned the basic model of storing military information on any kind of client mobile device, especially one that lacks FIPS certification.

"We disagree that data should come outside the [secure] network," says Tony Busseri, CEO

For Route1, a Toronto company that offers a security and identity management platform, MobiNet, which lets remote users securely access data behind a firewall from any kind of client. Its customers include the U.S. Navy and Department of Homeland Security.

Busseri notes that the consumer-oriented iPad 2 is not designed from the ground up with security in mind, that it currently lacks federal security certification, and there are alternatives, even in a flight bag application, to storing such data on a client device. "We were quite taken aback by the original procurement [plan]," he says. "We're active in recommending that military data [that's] stored on these devices has negative security consequences."

Brewin also exchanged emails with GoodReader developer Yuri Selukoff over the issue.

"Selukoff, in an email exchange with Nextgov, bridled at the suggestion that GoodReader could pose a security risk to U.S. government users just because he is Russian. 'Ha, someone's still living in 1970, aren't they?' [he replied when asked about security concerns.] When asked to address concerns about malicious code in GoodReader, Selukoff replied, 'What is this offensive and insulting assumption based on? Are there any actual facts or complaints that such thing has ever happened?'

"'I am not affiliated with any government institution, neither Russian, nor any other,' he added. 'GoodReader doesn't have any malicious code built into it. Having said that, I am open to any security/penetration tests that anyone would be willing to perform on the app.'"

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, ASE, Bloomberg, Delta, Inc., IPS, SCO
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Air Force cancels iPads, Air Force iPads, Alaska Air, Configuration / maintenance, Data Center, GoodReader, hardware systems, iPad 2, ipad3, networking, pc, Route1, U.S. Air Force, wireless
Latest Blog Posts
Whitepapers
  • Rapid achievement of employee productivity gains in a modern workforce
    The last few years have seen explosive innovation in the ways that users interact with software applications, resulting in a huge surge in the adoption of tablet, smartphone, and web based social applications. Fortunately there are some simple incremental steps that any organisation can take to transition to a more people centric communications system, while lifting employee productivity. Read more.
    Learn more »
  • Oracle Business Process Analysis Suite
    Careful analysis and continuous optimization of business processes delivers real competitive advantage. Conversely, a random approach to process design negatively impacts a company’s bottom line. This insight is one reason successful companies adopt business process management (BPM) as a way of aligning their business processes with business and customer requirements. Success with BPM eliminates the gap between business strategy and implementation. Business users are empowered to participate in all stages of the business process lifecycle. Closed-loop integration between modeling, execution, and monitoring enables continuous and holistic business process improvement.
    Learn more »
  • Leveraging the Service Catalog to Scale Your MSP Business
    When assessing an MSP’s maturity and prospects, one question provides more insights than any other: “What’s in your service catalog?” A well-defined service catalog can set the framework for growth. The lack of a service catalog can significantly impede an MSP’s ability to scale. This paper explores why the service catalog is so vital, and provides some practical guidelines MSPs can apply in order to ensure their service catalog provides maximum utility and benefit.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.