[ISN] DOD at work on more wireless policies

From: InfoSec News (alerts@private)
Date: Tue Mar 20 2007 - 21:24:58 PST


By Josh Rogin
March 20, 2007

The Defense Department's chief information officer is working on more 
policies to mitigate the risks posed by the wide use of wireless 
networks, a DOD official said today.

One policy will address the "Starbucks problem," in which remote DOD 
users connect through non-secure wireless links, said Mark Norton, an 
engineer with the wireless directorate of the department's CIO office. 
Norton spoke at the FOSE conference in Washington, D.C.

A possible solution could be to link DODs public key infrastructure and 
common access card to wireless networks, Norton said.

However, other problems are more difficult to solve.

For example, DOD is concerned about wireless denial of service attacks, 
in which outsiders shut down a network by overwhelming it with traffic. 
There is no good solution to preventing those attacks except to build 
redundancy through backup systems, Norton said.

Another problem that remains unsolved is geo-location, in which wireless 
links reveal where troops are located, Norton added.

Unprotected data is another concern. A solution exists -- DOD mandates 
the FIPS 140-2 standard for unclassified data and FIPS 140-1 for secret 
data -- but the onus is on vendors to get certified, he said.

Still, despite the vulnerabilities, the military services continue to 
come up with creative ways to use wireless solutions for a multitude of 
missions, he said.

Five years ago we had no idea that the extent of its use would be where 
we are today, said Norton. Its also true that we arent sure five years 
from now what we are going to be doing with wireless in the future, he 

DOD will soon begin moving to the 802.16 WIMAX standard, due to its 
higher speed capabilities, Norton said. But WIMAX must co-exist with the 
current generation of WiFi networks, which will require an orderly 
system of gateways, Norton added.

Meanwhile, the Defense Information Systems Agency is setting up Tactical 
Service Providers to link wireless extensions to satellite 
communications outposts.

DOD will look for ways to reap a return on its investment in wireless, 
Norton said. For example, DOD is looking at using wireless to extend 
radio frequency identification systems to database systems. For example, 
airplanes could transmit their manifests and other data to destinations 
by using wireless systems.

Were not interested in the wireless part, were interested in the force 
multiplier part. Norton explained. Were still trying to evaluate which 
DOD functions are best to move to wireless systems, he added. 

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Tue Mar 20 2007 - 21:37:27 PST