http://www.cnn.com/2002/TECH/internet/07/31/pentagon.hackers.ap/index.html July 31, 2002 WASHINGTON (AP) -- The wireless soldier may be getting some new strings attached. The Defense Department, concerned that hackers or spies might eavesdrop on classified meetings or secretly track the locations of top United States officials, is imposing new limits on its' workers use of the latest generation of wireless devices inside military buildings. The new rules will outline new restrictions on civilian and military employees carrying cellular telephones, pagers and handheld computers while working, even devices that employees bought themselves and carry for their personal convenience at work, said John P. Stenbit, the assistant defense secretary for command, control, communications and intelligence. Stenbit, who also is the Pentagon's chief information officer, disclosed the upcoming rules Tuesday after a technology conference in Washington focusing on security problems of wireless devices. Stenbit said the new rules would be announced within a month. In an earlier speech at the same conference, President Bush's top cybersecurity adviser, Richard Clarke, said the technology industry was acting irresponsibly by selling wireless tools such as computer network devices that remain remarkably easy for hackers to attack. The industry's most common data-scrambling technique designed to keep out eavesdroppers, called the wireless encryption protocol, can be broken -- usually in less than five minutes -- with software available on the Internet. "It is irresponsible to sell a product in a way that can be so easily misused by a customer in a way that jeopardizes their confidential and proprietary and sensitive information," Clarke said. Clarke said government and companies need to explain to consumers ways to keep their information secure over wireless networks. Some recommendations will be included in a forthcoming report from the administration on cybersecurity, which currently runs more than 2,800 pages. Classified conversations Stenbit said the new rules would explain which equipment, such as handheld Blackberry e-mail devices, may be used in different areas of military buildings, including the Pentagon. Stenbit has complained to colleagues about classified meetings being interrupted when electronic bug-sweepers in specially designed conference rooms detect the presence of cell phones and handheld computers. Stenbit exhorts visitors, "Let's lose the devices," said one frequent meeting participant, speaking on condition of anonymity. Robert Gorrie, deputy director of the Pentagon's Defense-wide Information Assurance Program Office, called it "a thorn in my side" when military officers try to carry handheld wireless devices inside such classified conference rooms. Gorrie said the military won't ban wireless gadgets outright because of their convenience but also won't let workers use them without clear rules. "That would be a stupid thing to do," he said. The new policy reflects increasing concerns among security experts about the latest breed of devices, such as two-way pagers and wireless network cards for handheld computers. Officials have previously worried that cell phones, programmed to answer automatically and with ringers set to silent, could be hidden inside a conference room and dialed to function as low-tech listening devices. No phones The newest wireless devices, which can send and receive e-mails and even voice messages, also could be misused as eavesdropping devices, even without the user's knowledge. And since the devices usually transmit continuously, experts worry they could be used to trace a particular user's location. They fear, for example, that a two-way pager assigned to a top Defense Department official could reveal whenever that person rushes to the Pentagon in the middle of the night. "They're recognizing the kinds of threats that are out there," said Art Matin, president of McAfee Security, a software company. "That kind of spark will accelerate people's focus on that risk." Other U.S. agencies already impose some restrictions on wireless technology. Visitors to the CIA's headquarters must leave cell phones in the parking lot, and signs warn visitors to some offices at the National Security Council not to bring cell phones inside. Workers at the Defense Intelligence Agency must walk outside the headquarters building to place a call on a cell phone. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 06:42:27 PDT