Pentagon seen backing off hard-line wireless stance

FT. MEADE, MD. - The Pentagon, which last fall issued sweeping prohibitions against the military using certain wireless network technologies, appears to be softening its stance by striking a balance between security and the benefits of increased mobility.

Government officials are expected to finalize new wireless rules, outlined in the "DoD Overarching Wireless Policy," by July. The policy will be based on technical input from the National Security Agency (NSA), the nation's high-tech spy agency.

The policy would set a baseline for security measures, such as encryption in wireless LANs and personal handheld devices, to protect everything from top-secret data to unclassified material. Currently under review by Pentagon officials, including Department of Defense CIO John Stenbit, the draft document contains a provision requesting that agencies check a private NSA database of vulnerabilities associated with commercial wireless products before buying.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

FT. MEADE, MD. - The Pentagon, which last fall issued sweeping prohibitions against the military using certain wireless network technologies, appears to be softening its stance by striking a balance between security and the benefits of increased mobility.

Government officials are expected to finalize new wireless rules, outlined in the "DoD Overarching Wireless Policy," by July. The policy will be based on technical input from the National Security Agency (NSA), the nation's high-tech spy agency.

The policy would set a baseline for security measures, such as encryption in wireless LANs and personal handheld devices, to protect everything from top-secret data to unclassified material. Currently under review by Pentagon officials, including Department of Defense CIO John Stenbit, the draft document contains a provision requesting that agencies check a private NSA database of vulnerabilities associated with commercial wireless products before buying.

"This policy will put responsibility on the shoulders of the person making the decision to buy wireless," says Timothy Havighurst, NSA program manager for secure wireless products. "We will tell them, 'These are your risks. You'll have to report all wireless equipment, including laptops which you know are wireless.'"

But there will be room for judgment calls.

"A wireless LAN in a building is different than a wireless LAN on a submarine," Havighurst says.

The tone of the new policy differs from that of the mandate handed down in September through an Office of the Secretary of Defense memo. It included restrictions against use of commercially available PDAs for classified use and connecting wireless information systems to classified military networks.

"September 11 prompted a lot of wireless worries, and wireless LANs fell under intense scrutiny," Havighurst says.

Also coming into play were questions about the effectiveness of the Wired Equivalent Privacy encryption mechanism used in many wireless LANs and the ability of intruders to sniff wireless LAN data from as far away as 1,000 feet.

The new regulations on wireless will apply to roughly one million military personnel in the Army, Navy, Air Force, Marines and myriad other agencies, such as the Defense Intelligence Agency, that are in the Defense Department realm. Also affected will be agencies with close ties to the military, such as NASA and the Air Force Rome Labs.

At the U.S. Military Academy at West Point, the Pentagon's wireless security regulations matter greatly.

"We're part of the [Department of Defense] network, and we have to comply with any policy," says Col. Donald Welch, West Point's assistant dean for IT.

West Point, which has access to the unclassified Defense Information Systems Network and other systems, has tested wireless LANs for a year.

The school has used a gateway from Cranite Systems with wireless access points in classrooms to enforce authentication and encryption on cadets' 802.11b-capable laptops. So far, the Defense Department has indicated that West Point should not allow wireless LANs access to military networks.