ANOTHER VIEW: The government needs to address wireless e-mail risks
- By Tad Anderson
- Feb 14, 2006
Receiving e-mail on wireless handheld devices has become a vital part of many federal employees' daily practices.
Government agencies also rely heavily on wireless e-mail communication in their Continuity of Operations Plans (COOP). This is particularly troubling given that almost all wireless e-mail service in the government today is delivered by a single vendor. If there were a physical or cyber-attack on this provider's infrastructure, it would cripple a critical means of communication.
Even more disconcerting is the realization that the enterprise servers and commercial relay systems currently in use for government wireless messaging pose inherent and avoidable security risks to government. In fact, the Homeland Security Department's inspector general sounded such a warning in a 2004 report, OIC-04-27, 'Inadequate Security Controls Increase Risks to DHS Wireless Networks.'
Because of the complexities of these systems, federal agencies may not fully understand the risks associated with commercial wireless e-mail communication systems.
First, commercial relay systems are prone to the same reliability and vulnerability issues as any 'server farm' sharing traffic over the public Internet. That includes mingling sensitive federal messages with commercial traffic. There are also vulnerability risks associated with the physical location of some providers. For example, the relay of the largest provider of wireless e-mail service is housed outside of the U.S. and could be an attractive target for terrorism directed at U.S. commercial and, in particular, government interests. All of the government's wireless e-mail traffic using this service, both secure and nonsecure, is currently routed through Canada. Not only does the data leave the country'often without users knowing it'it also is completely outside the control of the agency that sends it. In addition, if the recipient is out of coverage range, the data is frequently parked at the relay outside the country, elongating the period of vulnerability.
Second, commercial wireless messaging servers typically are not designed for the centralized management and policy enforcement required by most government agencies. This is particularly problematic at agencies where geographically dispersed administrators and users could modify settings that threaten data security.
Third, handheld devices can carry vast amounts of sensitive, but unclassified data. Unfortunately, these devices can easily be lost or stolen, and most do not require 'strong' passwords nor do they encrypt information stored on the device or their memory cards. While many wireless handhelds can be remotely locked, unencrypted information could still be accessible to others.
These are tangible risks with profound implications. So why have these risks not been mitigated in wireless messaging systems used in government agencies?
The first answer is that the architecture and capabilities of many commercial applications were designed to meet the mass-market needs of commercial users, not the high-security requirements of government users.
Additionally, wireless handheld e-mail messaging is extraordinarily popular as an expedient form of communication, particularly among the highest-ranking government staff members and political appointees. Password protection, periodic authentication and the necessary layers of security would make using handhelds less convenient.Not enough competition
Also factor in that federal agencies are drafting requests for proposals in a way that discourages competition and favors a single vendor.
The complete absence of provider diversity is a direct result of this violation of the Federal Acquisition Regulations. In April 2005, the Office of Management and Budget reminded agencies of their obligation to use 'vendor neutral contract specifications,' in order to maximize competition and ensure the government receives best value.
In the case of wireless messaging, service provider diversity also would lessen security vulnerabilities for the government.
The government's use of wireless handheld e-mail will only continue to grow as the technology expands and prices fall. Congressional telecommuting mandates could accelerate this growth.
But the risks surrounding wireless e-mail systems need to be more widely understood and addressed.
One place to start is the National Institute of Standards and Technology. NIST should look closely at these known risks and validate the inherent weaknesses. NIST then should help agencies develop risk-mitigation strategies as part of the COOP/Federal Information Security Management Act processes.
Lastly, those efforts should be done in conjunction with commercial partners willing to develop solutions that overcome these weaknesses.Tad Anderson is vice president for Dutko Worldwide of Washington and former associate administrator in the Office of E-Government and IT in the Office of Management and Budget.