DOD's Shopping Cart
- By William Jackson
- Aug 14, 2003
Sue Mills scans inventory at the Dover Air Force Base commissary in Delaware.
Courtesy of Defense Commissary Agency
How commissaries secured their wireless networks
NCR wireless cash registers give DeCA the flexibility to move points of sale anywhere inside its stores, or even outside.
Courtesy of Defense Commissary Agency
The Defense Commissary Agency operates 276 stores and a handful of warehouses around the world. It discounts $5 billion worth of groceries and household items each year to active and retired military personnel and their families.
'We're the military grocer,' said John Goodman, chief of technology management at DeCA headquarters at Fort Lee, Va.
'Of course, $5 billion in sales is peanuts if you are comparing us to commercial grocers,' added Janet Haase, chief of the infrastructure division at DeCA's IT directorate. But commissaries are an essential part of the military benefits package, helping families survive on modest military pay by selling them essential goods at 5 percent over cost.
DeCA is in the midst of a modernization program to reduce its costs and increase sales. A computer-assisted ordering system has improved in-stock rates for products, and the agency has set a goal of achieving IT parity with commercial equivalents by the end of fiscal 2004.
One of the technologies DeCA is counting on is wireless networking. For example, wireless cash registers from NCR Corp. of Dayton, Ohio, can be moved around the stores for special sales or to accommodate spikes in business. Handheld and vehicle-mounted wireless devices assist in inventory tracking and ordering.
'We have a wireless network in each of our stores and in most of our central warehouses,' Goodman said. 'We got into wireless networking back in the 1990s. At that time, the industry thought it was secure.'
Since then, the Defense Department and much of the rest of the world has discovered that wireless networks are only as secure as you make them.Constant hacking
'We're a part of DOD,' Goodman said. 'We get hackers from foreign countries probing us constantly. We don't want to be an entry point to the DOD network.'
DeCA's wireless network is separate from the wired one, but the two connect at some points to permit routing over the Defense Information Systems Network.
To protect its IEEE 802.11b wireless networks, DeCA has fine-tuned its access points and is installing AirFortress security gateways from Fortress Technologies Inc. of Tampa, Fla.
'We took measures to reduce the risk,' Goodman said. 'We turned down the range of the antennas and eliminated several functions.'
Psion Teklogix Inc. of Mississauga, Ontario, provided the AirFortress encryption and authentication tools for the network.
'Psion had a large installed base of wireless devices at DeCA,' said Ken Evans, Fortress vice president of product management. 'What they didn't have was a level of security installed on top of that.'
Psion's installed base consists largely of the rugged 7035 handheld computer with built-in bar code scanner and the 8255/60 vehicle-mounted computer. Both are used in warehouses, storage areas and on sales floors for inventory control. They transmit via 802.11b direct spread-spectrum radio and work at temperatures as low as -22 degrees Fahrenheit.
What DeCA liked 'was the ruggedness of the devices,' said Don Adams, sales vice president for Psion's central region. 'In a severe environment, users can roam the facility and communicate with the host.'
DeCA chose AirFortress security because the encryption engine was certified under Federal Information Processing Standard 140-1, a requirement for federal use. The gateway is installed behind the access points, creating a secure bridge to the wired network.
The gateway meets FIPS requirements with either the Triple Data Encryption Standard or Advanced Encryption Standard. It supports multiple AES key lengths up to 256 bits. Device authentication occurs either on Fortress's access control server or via a third-party server on the back end.
DeCA's security implementation wasn't difficult, except for its scale and speed of deployment.
'The number of users at each site was not large, but some of the warehouses were quite big,' Evans said. 'They did not have the choice of disabling the wireless network, because they had no backup.'
Installation had to happen within six months, said Keith Pinkston, DeCA program manager for wireless security, and 'we're about 60 percent done now.'
Finding a security add-on that would work with third-party products was key to making the project work, Haase said.
'Our biggest challenge, which ultimately determined the success of the project, was our reliance on three different vendors to integrate a new technology with minimal impact on our retail operations,' she said. 'The commitment of our industry partners let us accelerate testing and implementation on a worldwide basis.'
William Jackson is a Maryland-based freelance writer.