Having worked quite a lot in recent years in the public sector in the UK, I'm not at all surprised that RIM (Research in Motion) is bullish about being assessed by CESG as suitable for use with restricted government data. However, it's not altogether clear from the documentation published by RIM what this actually means.

Blackberry Enterprise Solution is considered to be "suitable for handling HMG [Her Majesty's Government] information protectively marked RESTRICTED (Impact Level 3). CESG (Communications-Electronics Security Group, though the expanded name is no longer used) is the Information Assurance arm of GCHQ (Government Communications Headquarters) Signals Intelligence lynchpin of national security. This standard of assurance is far from easy to achieve. However, RIM's copious documentation, though accurate as far as it goes, doesn't tell the whole story: the CESG page at http://www.cesg.gov.uk/find_a/cert_products/index.cfm?menuSelected=1&displayPage=152&id=436 gives a little more detail.

That information classification sounds pretty impressive, and so it is: however, it's actually partway through an impact level matrix that ranges from zero impact in all respects (level 0) to various serious eventualities such as widespread loss of life, internal political stability, or "exceptionally grave damage to the operational effectiveness or security of UK or allied forces." Here are the issues that qualify as Impact Level 3:

  • Risk to an individual’s personal safety or liberty
  • Minor loss of confidence in Government
  • Make it more difficult to maintain the operational effectiveness of security of UK or allied forces (e.g. compromise of UK forces doctrine or training materials).
  • Cause embarrassment to Diplomatic relations
  • Disadvantage a major UK Company
  • Damage unique intelligence operations in support of intelligence requirements at
    JIC Priority Three or less.

Potentially serious issues, but they should  be seen in the context of the mapping of Impact Levels to standard protective markings, which classify the level of confidentiality that applies to protected data:

  • Impact Level 6 - TOP SECRET
  • Impact Level 5 SECRET
  • Impact Level 4 CONFIDENTIAL
  • Impact Level 3 RESTRICTED
  • Impact Levels 1&2 PROTECT

In other words, this level of protection applies to data to which access is restricted, but it's a long way down from top secret.

Clearly, this doesn't mean that anyone in the UK public sector can use any Blackberry for any purpose. The CESG page makes it clear that "This advice is specific to Blackberry(R) Enterprise Solution and should not be construed as being more widely applicable." Furthermore, system administrators are expected to conform with CESG security procedures, and that is likely to involve disabling "features that affect the overall security of the solution".

The assessment only holds if "administrators and users adhere to the CESG security procedures". It's also specifically stated that use of Blackberry GSM phone functionality should restricted to NOT PROTECTIVELY MARKED use.

David Harley
Director of Malware Intelligence