News

Pentagon issues wireless disconnect order to military

The insecurity of wireless devices is now a matter of national security, according to John Stenbit, the Pentagon's chief information officer.

Stenbit said he plans to issue new policy guidelines that will ban most, if not all, wireless devices within military installations.

Pentagon officials fear that the latest generation of wireless devices, including mobile phones and two-way pagers, can be used as eavesdropping devices during classified meetings. Military facilities and offices that are used for highly classified meetings are already routinely scanned for listening devices.

In May, a wireless security expert managed to detect the non-secure wireless LAN at the Defense Information Systems Agency (DISA). While parked across the street from DISA's headquarters, the security expert was able to view the Service Set Identifier numbers of access points and numerous IP addresses. Using a standard 802.11b wireless LAN card attached to his laptop computer and access point detection software from NetStumbler.com, he was able to scan the network in less than half an hour.

With the growing use of personal wireless communications systems, security audits increasingly find military officers attending meetings in classified office spaces with these devices on them, creating the potential for adversaries to turn these devices into crude eavesdropping systems, military officials acknowledged.

Devices such as mobile phones have long been banned from facilities known as Sensitive Compartmented Information Facilities. In fact, all military personnel who are granted top secret security clearances are required to attend an indoctrination briefing on the growing list of threats posed by electronic devices.

However, the latest Pentagon policy extends the wireless ban to the majority of office spaces where sensitive but unclassified information may be discussed. It also builds upon a larger government policy of using the government's purchasing power as a market driver to get the IT industry to improve the security of its products.

"Why is it that companies have sold products that they know are insecure?" asked Richard Clarke, President Bush's chief cybersecurity adviser. "And why is it that people have bought them? We should all shut [wireless LANs] off until the technology gets better."

Steven Aftergood, a defence analyst at the Federation of American Scientists, said the policy change makes perfect sense for a high-risk environment such as the military.

"People get accustomed to using nifty products that are extremely useful in other parts of their lives, such as mobile phones, wireless Internet connections and all kinds of recording devices," said Aftergood. "And it's easy to forget that these are inappropriate in a secure environment."

Some airlines also pulled the plug earlier this year on their wireless bag checking systems after auditors managed to hack their way into sensitive back-end systems, such as the passenger manifest and aircraft maintenance systems.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy