Brewing a Security STORM

By Ed Sutherland

March 31, 2004

The best way to get wireless access back to users in the Pentagon might be to -- turn it off? Vendors are working together to try and solve the issues the DoD has with Wi-Fi.

A storm is on the horizon. Wi-Fi advocates say its clouds have a silver lining however, that will lead to the return of wireless devices to the world's largest enterprise: the U.S. Pentagon.

After the Department of Defense (DoD) pulled the plug on allowing Wi-Fi laptops into government offices and networks, a trio of software and hardware vendors have created STORM: Secure, Tough, Online/Offline, Reliable Mobile. The acronym is in response to the DOD chief information officer releasing guidelines for commercial wireless devices gaining access to the Pentagon's global computer network.

The Pentagon requires total control of how and when wireless devices network with each other and its overall Global Information Grid, be it classified documents on the desk of some DC cubicle or out in the field. However, it was soon discovered such control was not easy with Wi-Fi becoming integrated into new laptops using Intel's mobile Centrino chipset.

The ultimate security is no wireless connection at all, but with Centrino employees could not unplug a USB connection or remove a PC Card to kill the link. Wi-Fi, and the technology's security problems, is now built-in.

In order for commercial wireless gadgets to return to active duty in the DoD, they had to meet several requirements, which surprisingly, mesh completely with the goals of STORM:

  • Classified and unclassified documents must be encrypted before they can move between a Wi-Fi laptop or PDA and the government computer network.
  • While a denial-of-service attack may temporarily shutter a commercial Web site or annoy Internet users, a malicious hacker blocking access to Pentagon data could cost lives. Such threats have to be eliminated, as well as interference coming from other wireless networks, even friendly networks.
  • The Pentagon needs laptops to shut off their wireless networks when connected to the DoD's wired network. Being able to pass sensitive data from the secure government computer network to the wireless airwaves poses a dramatic security problem, according to the government.
  • Finally, DoD directive 8100.2 seeks to prevent wireless devices from being used as a conduit that introduces new security flaws. Any commercial wireless devices must also use anti-virus software.

Although "we haven't sat down with anyone" at the Pentagon, STORM is "a private sector response to a public sector concern," say Kip Meacham, spokesperson for Orem, Utah-based Senforce Technologies , a member of the venture.

Key to getting Wi-Fi back into the Pentagon is convincing government decision-makers that wireless networking can be secure.

"Senforce security technology gives the added value and confidence to agencies seeking Wireless Directive DoD 8100.2 compliance for mobile PCs," said Rance Poehler, president of Panasonic Computer Solutions Company and another member of the STORM alliance. Government IT integration giant GTSI is also part of the STORM program.

Senforce's Enterprise Mobile Security Manager (EMSM) software is embedded in Panasonic's magnesium-encased Toughbook laptop computer. The software accomplishes two main goals: disabling the imbedded Wi-Fi features and controlling wireless usage policies.

Meacham says while Wi-Fi is evolving, it has introduced some security risks unique to wireless.

Along with Intel's Centrino chipset, EMSM can also disable Wi-Fi cards from 3Com, Cisco and Linksys. The security software will work with any Windows-based computer, says Meacham.

EMSM meets the DoD requirements for disabling wireless adapters whenever a Windows 2000 or Windows XP computer connects to the government's wired networks.

Windows XP has a feature called Virtual bridging allowing wired and wireless network connections to exchange data. It's meant to be a convenience for users switching between a hardwired network and a Wi-Fi 'hotspot,' but can become a security headache. EMSM disables such bridging even if a user tries to circumvent the security by reinstalling the operating system.

Meacham insists the STORM program isn't about disabling Wi-Fi, but also controlling its use. EMSM seeks out and reports unauthorized -- or rogue -- access points in the vicinity: important for enterprises, but a potential lifesaver in the military.

Panasonic says the STORM program is being beta-tested at Scott Air Force Base in Illinois and Hanscom Air Force Base in Massachusetts.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.