Is the Blackberry Playbook Safe Enough for Government Use Will This Help Rim?
It was announced on Tuesday that the BlackBerry PlayBook is the first certified tablet for use by the U.S. government. Is the BlackBery PlayBook the 'safest' tablet? Will this help RIM in the long-run? Should they focus more on tablet innovation?
As of Juyl 21, 3011, the BlackBerry Tablet Cryptographic Kernel (Software Version: 5.6), when operated in FIPS mode, has been validated to FIPS 140-2 level 1. It provides the cryptographic functionality required for basic operation of the BlackBerry PlayBook.
Level 1 is basic. Per the FIPS 140-2 standard, it 'allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system. Such implementations may be appropriate for some low-level security applications when other controls, such as physical security, network security, and administrative procedures are limited or nonexistent.'
Unfortunately, government applications where a tablet computer would be especially useful -- healthcare via Tricare or the VA come to mind -- likely require at least Level 2 validation. This is because the portable nature of the devices suggests that some sort of tamper-evident protection be used on the device, versus depending on physical and technical controls in the working environment and network.
There may be limited uses for the PlayBook, e.g., for whicg the FIPS 199 security assessment level is Low. It will not find widespread adoption in government applications where stronger privacy and security protections are essential and the FIPS 199 assessment is Medium or High.