[ISN] DOD wireless policy delayed

From: InfoSec News (isnat_private)
Date: Wed Feb 26 2003 - 00:11:27 PST

  • Next message: InfoSec News: "[ISN] Hacker convicted in extortion scheme against Bloomberg"

    http://www.fcw.com/fcw/articles/2003/0224/web-wire-02-25-03.asp
    
    By Matthew French 
    Feb. 25, 2003
    
    The Defense Department's policy on the use of wireless devices, 
    originally due out this week, will not be available until sometime in 
    March or April, according to Defense officials.
    
    The policy, currently in draft form and collecting comments from those 
    assembling it, is supposed to be more comprehensive and practical than 
    the current policy, which affects only the use of wireless devices 
    within the Pentagon.
    
    DOD issued a wireless policy in October 2002, calling for development 
    of a wireless network infrastructure across the Pentagon while 
    prohibiting wireless access to classified systems. It required that 
    wireless devices used within the Pentagon must incorporate technology 
    -- including authentication and encryption -- for securing such 
    communications.
    
    The new policy is much more inclusive of the entire department, said 
    Dawn Meyerriecks, chief technology officer for the Defense Information 
    Systems Agency. DOD is trying to keep abreast of emerging technologies 
    and recognizes that the proliferation of wireless devices could prove 
    a valuable tool in the department's operations.
    
    "A draft of the new policy is floating around now," Meyerriecks said. 
    "We had hoped to have the policy done by the end of the month, but now 
    we're looking at a March timeframe for its release."
    
    Robert Lentz, director of information assurance for the Defense chief 
    information officer's office, was less optimistic about the 
    possibility of releasing the policy so soon.
    
    "I'd say it's a number of weeks, at best," he said. "I still haven't 
    seen the final draft with the comments of everyone putting the policy 
    together."
    
    The policy is being written by several agencies, including the 
    National Security Agency, DISA and the information assurance staff in 
    the DOD CIO's office. Ultimate responsibility for the policy, however, 
    rests with DOD CIO John Stenbit.
    
    "We still need to get the draft back with everyone's comments and then 
    weigh the pros and cons," Lentz said. "I think it'll be longer than 
    just a couple or few weeks."
    
    Both Lentz and Meyerriecks agree that the new policy is more 
    comprehensive and practical than what the Pentagon is using. 
    
    In September, the Pentagon renewed its moratorium on wireless devices 
    until it could better identify the security holes the devices could 
    exploit. Some wireless devices are allowed under specifically defined 
    circumstances, but until the security can be bolstered, the department 
    is taking a cautious stance.
    
    "The new policy that we helped draft says basically, 'We know you're 
    going to use these devices, so here's what you've got to do to ensure 
    security,' " Meyerriecks said.
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 26 2003 - 02:55:49 PST