Five sides and 1,500 access points: Wi-Fi at the Pentagon

The central offices of the U.S. Department of Defense – better known as the Pentagon – pose a unique IT challenge in a lot of ways, but bringing the 6.5 million square-foot space up to the wireless standards of the modern office environment was a particularly big undertaking, according to a government contractor charged with the task.

The idea of a technology that broadcasts information in all directions, invisibly, through the air, is an understandably unpleasant one to a certain cast of military mind. So selling the people who run the Pentagon on installing Wi-Fi wasn’t an easy pitch, according to Defense Engineering, Inc. program manager Brendan DeBow.

+ALSO ON NETWORK WORLD: Intel will change its approach to PC chip upgrades + Cisco Jasper grows Internet of Things reach, breadth

“It took us two years to put in 68 access points, which gives you a scope of how difficult it really is to navigate sometimes,” he said.

The project actually dates to 2010, and has only recently come to fruition – DeBow and his team have installed 1,500 access points at the Pentagon over the course of the endeavor.

In 2010, the smartphone revolution was just taking off, so wireless technology wasn’t something that was quite as ubiquitous at that point.

“There weren’t even a lot of laptops in the environment,” DeBow said. “Everyone was sitting at their workstation, everyone had their phone at their desktop.”

Much of DeBow’s early work had to do with changing perceptions among decision-makers at the Pentagon. Wi-Fi was seen as insecure, “something you have at home,” instead of something you use at work.

“They don’t really understand the difference between me putting in my Linksys router at home … versus putting in an architecture where you have four or five different levels of service capabilities, four different kinds of authentication protocols – it’s a pretty robust kind of system,” he told Network World.

The trick, according to DeBow, was getting those decision-makers to move from a risk-averse mindset to a risk-aware one. Simply nixing Wi-Fi because of perceived insecurity was actually more dangerous than allowing for its controlled use – in large part because of the old BYOD argument that people are going to use wireless technology anyway.

Of course, this being the Department of Defense, DeBow’s project is as much about defeating wireless intrusion as providing Wi-Fi service. Wireless Intrusion Detection Systems, or WIDS, turn wireless access points into detectors for malicious actors like rogue access points or other wireless attackers.

In many of the more sensitive parts of the Pentagon, Wi-Fi of any sort isn’t allowed – but access points set to act as WIDS are available in many of those places.

The Aruba-supplied system that the Pentagon uses now can segment users effectively to provide granular levels of access, and do so with a minimal number of additional SSIDs thanks to the company’s ClearPass technology, DeBow said.

“There’s physical limitations that come with providing 15 separate SSIDs,” he noted. “And that could put a cramp on throughput, and degrade the end-user experience.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2017 IDG Communications, Inc.