Maj. Tamara DeJesus, assigned to the 125th Division Signal Battalion, 25th Infantry Division, ensures commanders and units can communicate effectively and securely over the Army’s network prior to the official start of the division’s Joint Pacific Multinational Readiness Center (JPMRC 26-01) from within the exercise’s division Tactical Operations Center on November 5, 2025. The division began leveraging Intermediary Application (iApp) software, which uses certified means to distribute cryptographic keys as data across world-wide networks, enabling geographically dispersed COMSEC personnel to request, receive and manage cryptographic keys.

SCHOFIELD BARRACKS, Hawaii — The 25th Infantry Division, with its missions spanning the vast Indo-pacific region, is adopting more agile, secure and safe methods of protecting its battlefield communications.

In line with the U.S. Army’s communications security modernization effort, the division is moving away from decades-old practices of physically loading electronic “keys” — the essential data needed to secure critical battlefield communications and decrypt vital intelligence — onto a legacy key fill device for hand delivery and instead turning to over-the-network key delivery.

“Personnel travelling with a key fill device — often at great distances — faced risks to themselves and the devices, especially if the delivery led them through contested environments,” said Derek Harberts, COMSEC product manager, under Capability Program Executive Command and Control Information Network.

As it conducts the U.S. Army Pacific’s Operation Pathways training engagements this year in Southeast Asia, the 25th ID is leveraging the Intermediary Application, or iApp, software. iApp utilizes certified means to distribute cryptographic keys as data across world-wide networks, enabling geographically dispersed COMSEC personnel to request, receive and manage cryptographic keys.

Following an initial assessment with its 3rd Mobile Brigade Combat Team during the Joint Multinational Pacific Readiness Command 26-01 rotation last November, division COMSEC and signal operations leaders see iApp as an ideal option for managing its COMSEC across remote, disconnected operating environments, unable to connect to the enterprise network.

A COMSEC manager pre-loads the necessary keys onto the iApp server to allow the software to act as a secure, forward-deployed digital key locker.

A U.S. Army Soldier assigned to 2nd Battalion, 21st Infantry Regiment, 3rd Infantry Brigade Combat Team, 25th Infantry Division, engages targets during a situational training exercise at Fort Magsaysay, Philippines, March 31, 2026.The training is part of Operation Pathways, a series of exercises designed to enhance readiness and prepare U.S. forces for larger combined operations with the Armed Forces of the Philippines. This commitment to realistic training strengthens the U.S.-Philippines alliance and our shared goal of a stable Indo-Pacific.

“This capability has proven critical in support of our Philippines exercises this spring and summer,” said Lt. Col. Adam Brinkman, 25th ID G-6. “There have been multiple times unforeseen or additional COMSEC requirements have arisen, and the team is able to support in austere locations with use of a [secret internet protocol router network] laptop to obtain COMSEC data in near real-time.”

“Previously, legacy handheld devices could take up to a week for the needed COMSEC personnel to reach our destination,” he said.

In addition to protecting the physical safety of COMSEC personnel, key fill devices can get corrupted, either by physically mishandling them or not adhering to all key management procedures, Brinkman noted.

While iApp performs well in the 25th ID’s remote areas of operation, not all its battlefield situations are the same. Command and control nodes connected to a stable, high-bandwidth network can conduct COMSEC key management using modern in-line network encryptors that are key management infrastructure-aware.

“Think of it as choosing the right tool for the right environment,” Harberts said. “Both are part of the same modernization strategy, but they solve different problems.”

Key Management Infrastructure (KMI)-aware are replacing legacy Simple Key Loader devices to enable COMSEC personnel to receive keys directly from the KMI web-based storefront, hosted by the NSA, which eliminates the risk of key exposure while in the field. CPE C2IN conducted an operational user assessment for the NGLD-M device at APG, Md. on February 26, 2026.

KMI is a National Security Agency-led program responsible for generation and initial distribution of all COMSEC key material. It supports combatant commands, joint services, DoW agencies, federal agencies and coalition partners and allies. Receiving keys directly from the KMI web-based storefront, hosted by the NSA, eliminates the risk of key exposure while in the field.

Prior to its JPMRC 26-01 event, the 25th ID G-6 staff enabled all its COMSEC key devices to become KMI-aware, citing the additional enhancements of modern high-speed voice, data and video communications security capabilities.

Now, with both iApp and KMI-aware devices inserted into their operations, the division can choose the best method for key delivery based on location, operational environment, and network stability, with iApp providing the most speed and flexibility at the tactical edge.

“Since iApp is server based and accessible via the tactical network, it eliminates the need to access the KMI storefront for every transaction,” Harberts said. “However, the unit’s existing KMI-aware devices will provide connected networks with the most efficient and automated path, requiring the least human intervention.”

“It’s all about reducing risks across the architecture while increasing capabilities for the commander,” he said.