2020 INDUSTRY INNOVATOR
CACI International's SteelBox solution
Every day, hundreds of thousands of text messages and phone calls are made by government employees from their smartphones. Unsecured and unencrypted these calls and messages are vulnerable to interception and eavesdropping.
It was this challenge that CACI International took on when it partnered with Blackberry and Microsoft to create a secure and certified mobile communication app that is known as SteelBox.
CACI and Blackberry worked together to create the solution which meets National Security Agency standards and has been approved for NSA’s vendor list of certified mobile solutions. Available since October 2019 and users can download the app or agencies can push it via a mobile device management platform.
Microsoft Azure Government Cloud hosts the solution, which runs on Blackberry SecurGATE software. CACI built the software and services in a FedRAMP high, impact Level IV environment to provide the encryption. The secure servers act a traffic cop, routing incoming calls and messages to the end user’s smartphone or tablet.
SteelBox’s security begins at the device level. As the first layer of security, SteelBox performs an integrity check upon start-up– if the device operating system has been modified, the SteelBox app will not run on the device. The second layer of security occurs during the provisioning and activation process. An end-user receives a QR CodeScan that provides a one-time-use unique activation code and the address of the secure servers to be entered in the SteelBox app. After this, each time a SteelBox call or message is sent from one user to another, SteelBox leverages the NSA’s Commercial National Security Algorithm encryption standard to ensure each call and message is encrypted with unique AES-256, P-384 elliptic-curve crypto keys.
With the COVID-19 pandemic, the solution was used by customers to quickly get government employees working securely from home. The SteelBox app was used to secure phone calls between foreign allies and U.S. officials. Other customers used it for work schedules and operational data that needed to be security.
SteelBox software-as-a-service solution addresses life-cycle costs, reduces acquisition requirements and integrates with existing requirements. For example, the content and metadata is encrypted and stored to help agencies meet federal records requirements.