http://www.fcw.com/article97985-03-20-07-Web By Josh Rogin March 20, 2007 The Defense Department's chief information officer is working on more policies to mitigate the risks posed by the wide use of wireless networks, a DOD official said today. One policy will address the "Starbucks problem," in which remote DOD users connect through non-secure wireless links, said Mark Norton, an engineer with the wireless directorate of the department's CIO office. Norton spoke at the FOSE conference in Washington, D.C. A possible solution could be to link DODs public key infrastructure and common access card to wireless networks, Norton said. However, other problems are more difficult to solve. For example, DOD is concerned about wireless denial of service attacks, in which outsiders shut down a network by overwhelming it with traffic. There is no good solution to preventing those attacks except to build redundancy through backup systems, Norton said. Another problem that remains unsolved is geo-location, in which wireless links reveal where troops are located, Norton added. Unprotected data is another concern. A solution exists -- DOD mandates the FIPS 140-2 standard for unclassified data and FIPS 140-1 for secret data -- but the onus is on vendors to get certified, he said. Still, despite the vulnerabilities, the military services continue to come up with creative ways to use wireless solutions for a multitude of missions, he said. Five years ago we had no idea that the extent of its use would be where we are today, said Norton. Its also true that we arent sure five years from now what we are going to be doing with wireless in the future, he said. DOD will soon begin moving to the 802.16 WIMAX standard, due to its higher speed capabilities, Norton said. But WIMAX must co-exist with the current generation of WiFi networks, which will require an orderly system of gateways, Norton added. Meanwhile, the Defense Information Systems Agency is setting up Tactical Service Providers to link wireless extensions to satellite communications outposts. DOD will look for ways to reap a return on its investment in wireless, Norton said. For example, DOD is looking at using wireless to extend radio frequency identification systems to database systems. For example, airplanes could transmit their manifests and other data to destinations by using wireless systems. Were not interested in the wireless part, were interested in the force multiplier part. Norton explained. Were still trying to evaluate which DOD functions are best to move to wireless systems, he added. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Mar 20 2007 - 21:37:27 PST