By Josh Rogin
March 20, 2007
The Defense Department's chief information officer is working on more
policies to mitigate the risks posed by the wide use of wireless
networks, a DOD official said today.
One policy will address the "Starbucks problem," in which remote DOD
users connect through non-secure wireless links, said Mark Norton, an
engineer with the wireless directorate of the department's CIO office.
Norton spoke at the FOSE conference in Washington, D.C.
A possible solution could be to link DODs public key infrastructure and
common access card to wireless networks, Norton said.
However, other problems are more difficult to solve.
For example, DOD is concerned about wireless denial of service attacks,
in which outsiders shut down a network by overwhelming it with traffic.
There is no good solution to preventing those attacks except to build
redundancy through backup systems, Norton said.
Another problem that remains unsolved is geo-location, in which wireless
links reveal where troops are located, Norton added.
Unprotected data is another concern. A solution exists -- DOD mandates
the FIPS 140-2 standard for unclassified data and FIPS 140-1 for secret
data -- but the onus is on vendors to get certified, he said.
Still, despite the vulnerabilities, the military services continue to
come up with creative ways to use wireless solutions for a multitude of
missions, he said.
Five years ago we had no idea that the extent of its use would be where
we are today, said Norton. Its also true that we arent sure five years
from now what we are going to be doing with wireless in the future, he
DOD will soon begin moving to the 802.16 WIMAX standard, due to its
higher speed capabilities, Norton said. But WIMAX must co-exist with the
current generation of WiFi networks, which will require an orderly
system of gateways, Norton added.
Meanwhile, the Defense Information Systems Agency is setting up Tactical
Service Providers to link wireless extensions to satellite
DOD will look for ways to reap a return on its investment in wireless,
Norton said. For example, DOD is looking at using wireless to extend
radio frequency identification systems to database systems. For example,
airplanes could transmit their manifests and other data to destinations
by using wireless systems.
Were not interested in the wireless part, were interested in the force
multiplier part. Norton explained. Were still trying to evaluate which
DOD functions are best to move to wireless systems, he added.
Visit the InfoSec News Security Bookstore