[ISN] Military imposes limits on wireless devices

From: InfoSec News (isnat_private)
Date: Thu Aug 01 2002 - 03:39:00 PDT

  • Next message: InfoSec News: "[ISN] [infowarrior] - Comment on DMCA, Security, and Vuln Reporting"

    July 31, 2002 
    WASHINGTON (AP) -- The wireless soldier may be getting some new
    strings attached.
    The Defense Department, concerned that hackers or spies might
    eavesdrop on classified meetings or secretly track the locations of
    top United States officials, is imposing new limits on its' workers
    use of the latest generation of wireless devices inside military
    The new rules will outline new restrictions on civilian and military
    employees carrying cellular telephones, pagers and handheld computers
    while working, even devices that employees bought themselves and carry
    for their personal convenience at work, said John P. Stenbit, the
    assistant defense secretary for command, control, communications and
    Stenbit, who also is the Pentagon's chief information officer,
    disclosed the upcoming rules Tuesday after a technology conference in
    Washington focusing on security problems of wireless devices. Stenbit
    said the new rules would be announced within a month.
    In an earlier speech at the same conference, President Bush's top
    cybersecurity adviser, Richard Clarke, said the technology industry
    was acting irresponsibly by selling wireless tools such as computer
    network devices that remain remarkably easy for hackers to attack.
    The industry's most common data-scrambling technique designed to keep
    out eavesdroppers, called the wireless encryption protocol, can be
    broken -- usually in less than five minutes -- with software available
    on the Internet.
    "It is irresponsible to sell a product in a way that can be so easily
    misused by a customer in a way that jeopardizes their confidential and
    proprietary and sensitive information," Clarke said.
    Clarke said government and companies need to explain to consumers ways
    to keep their information secure over wireless networks. Some
    recommendations will be included in a forthcoming report from the
    administration on cybersecurity, which currently runs more than 2,800
    Classified conversations
    Stenbit said the new rules would explain which equipment, such as
    handheld Blackberry e-mail devices, may be used in different areas of
    military buildings, including the Pentagon. Stenbit has complained to
    colleagues about classified meetings being interrupted when electronic
    bug-sweepers in specially designed conference rooms detect the
    presence of cell phones and handheld computers.
    Stenbit exhorts visitors, "Let's lose the devices," said one frequent
    meeting participant, speaking on condition of anonymity.
    Robert Gorrie, deputy director of the Pentagon's Defense-wide
    Information Assurance Program Office, called it "a thorn in my side"  
    when military officers try to carry handheld wireless devices inside
    such classified conference rooms.
    Gorrie said the military won't ban wireless gadgets outright because
    of their convenience but also won't let workers use them without clear
    rules. "That would be a stupid thing to do," he said.
    The new policy reflects increasing concerns among security experts
    about the latest breed of devices, such as two-way pagers and wireless
    network cards for handheld computers. Officials have previously
    worried that cell phones, programmed to answer automatically and with
    ringers set to silent, could be hidden inside a conference room and
    dialed to function as low-tech listening devices.
    No phones
    The newest wireless devices, which can send and receive e-mails and
    even voice messages, also could be misused as eavesdropping devices,
    even without the user's knowledge. And since the devices usually
    transmit continuously, experts worry they could be used to trace a
    particular user's location. They fear, for example, that a two-way
    pager assigned to a top Defense Department official could reveal
    whenever that person rushes to the Pentagon in the middle of the
    "They're recognizing the kinds of threats that are out there," said
    Art Matin, president of McAfee Security, a software company. "That
    kind of spark will accelerate people's focus on that risk."
    Other U.S. agencies already impose some restrictions on wireless
    technology. Visitors to the CIA's headquarters must leave cell phones
    in the parking lot, and signs warn visitors to some offices at the
    National Security Council not to bring cell phones inside.
    Workers at the Defense Intelligence Agency must walk outside the
    headquarters building to place a call on a cell phone.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 06:42:27 PDT