[ISN] Feds look to secure wireless nets

From: InfoSec News (isnat_private)
Date: Thu Aug 01 2002 - 03:40:26 PDT

  • Next message: InfoSec News: "[ISN] Military imposes limits on wireless devices"

    By Diane Frank 
    July 31, 2002
    Wireless networks and devices are not as secure as the government 
    needs them to be, and they won't be anytime soon, but federal 
    officials have several ideas for making the best of a bad situation.
    Even as wireless connectivity becomes a necessary part of daily agency 
    business, the products have not kept up with the security available on 
    wired networks and systems. Existing standards - such as the IEEE 
    802.11 - do not provide enough security, and the stories of people 
    accidentally or deliberately picking up signals transmitted by 
    wireless devices are all too true, experts from government and the 
    private sector said at a July 30 conference in Washington, D.C.
    "The word is getting out...that we do have a wireless security 
    problem," Richard Clarke, President Bush's cyberspace security adviser 
    and chairman of the Critical Infrastructure Protection (CIP) Board, 
    said at the conference, co-sponsored by the Information Technology 
    Association of America and the Center for Strategic and International 
    The Defense Department has mastered securing traditional, broadcast 
    "wireless" communications, but as it moves into network wireless, 
    there is less assurance that the messages are secure, said John 
    Stenbit, assistant secretary of Defense for command, control, 
    communications and intelligence.
    Because there are few commercial wireless devices that DOD officials 
    feel they can safely rely on, the department soon will issue a 
    directive outlining the rules for its personnel concerning the use of 
    those devices.
    "We're going to put some constraints on what kind of devices can be 
    used, where they can be used," he said.
    Stenbit also said he hopes industry can come up with a way to detect 
    the presence of wireless devices in secure areas and can help define a 
    security certification and accreditation process for wireless devices.
    To address broader concerns, the CIP board has almost completed a new 
    version of the National Plan for Cyberspace Security, which will be a 
    companion to the Homeland Security National Strategy, released July 
    15. The new cybersecurity plan incorporates input from industry and 
    academia, and will be released Sept. 18.
    One of the crosscutting issues the plan will address is wireless 
    security and the potential instability of the Internet as more and 
    more Web-enabled wireless devices connect to it, Clarke said. A key 
    recommendation will be for the federal government to facilitate the 
    research and development necessary to fix this problem, including 
    providing funding and other resources to researchers and groups such 
    as the Internet Engineering Task Force, he said.
    But members of industry also must act on their responsibility to 
    secure their products and to help users deploy them. "The industry 
    needs to work faster to come up with agreed standards, and standards 
    that can be easily understood and widely applied," he said. 
    Last week, the National Institute of Standards and Technology released 
    a draft guide outlining basic steps to overcome security gaps in 
    existing wireless standards and products.
    The Wireless Priority Service (WPS) for law enforcement, national 
    security and emergency personnel is an initiatives the CIP Board 
    commissioned, in part because of the government's homeland security 
    The Defense Department's National Communications System is running the 
    WPS pilot program, which is intended to result in an initial operating 
    capability in December, said Katherine Burton, assistant deputy 
    manager of the NCS. But it is a difficult challenge because the 
    security and priority concerns must be addressed at every portion of a 
    wireless network, not just the end devices, she said.
    The NCS is also waiting for supplemental funding to start another 
    pilot program for a wireless Emergency Notification System, she said. 
    Both the confidentiality and the integrity of those messages are 
    critical so that personnel know they can rely on the notices, she 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 06:42:26 PDT