DoD in battle for wireless security

Print Thread

Rate Thread

DoD in battle for wireless security #39318 05/17/04 09:37 PM
Joined: Apr 2004 Posts: 298 Houston, TX Phatal OP UGN News Staff
OP Phatal UGN News Staff Joined: Apr 2004 Posts: 298 Houston, TX	The Department of Defense last week published its long-awaited policy on wireless in a document known as Directive 8100.2, Use of Commercial Wireless Devices, Services and Technologies in the DoD Global Information Grid. In this document, the Pentagon seeks to balance the risks posed by wireless (such as long-range sniffing of communications sent in the clear) with its advantages (such as mobility). Directive 8100.2 requires the Army, Navy, Air Force and the rest of the military to encrypt unclassified data sent via most forms of wireless using FIPS 140-2-approved encryption. In doing so, the DoD, as a huge organization with a big budget, is raising the bar on what's expected of wireless and security. "Encrypting unclassified data is new," says Gartner analyst John Pescatore about what the Pentagon is now requiring of its operations, adding that hackers do seek out WLANs all the time to intercept unencrypted communications. Pescatore points out that one of the other new requirements in the 8100.2 Directive will be for the military to run anti-virus software on Personal Digital Assistants (PDAs). He said this will certainly make anti-virus software vendors, such as Symantec and McAfee, happy. (Both already have contracts with the Defense Information Systems Agency). But Pescatore points out that right now "there really isn't a virus threat against PDAs or smart phones. We believe there will be in the 2006 timeframe but that viruses should be removed before they reach PDAs. After all, there are no floppy drives on them, they have to get infected over a connection to a server, which is where the effective anti-virus will be." Time will tell how well the DoD will carry it its own orders to itself. 8100.2 makes room for case-by-case exceptions. Wireless use for classified data will still only be permitted with written authorization and using encryption specified by the National Security Agency. Encryption often raises complex interoperability and management issues. But having committed to encryption for unclassified data using standard protocols such as Advanced Encryption Standard and Triple-DES, the DoD is making it clear it wants to buy commercial products, not military-specific ones. The question now is, can the wireless industry, which has not had a stellar record in terms of security, show it's ready to join the Marines? You can view the original article here... http://www.nwfusion.com/weblogs/security/004974.html#004974 The link for the FIPS approved encryption go here... http://csrc.nist.gov/cryptval/140-1/140val-all.htm

UGN Security Forums UGN Security: UGN Archives Tech News DoD in battle for wireless security