Defense Department policies, such as the 8100.2 directive, and guidelines from the National Institute of Standards and Technology have laid the foundation for using technologies that conform to the government’s stringent requirements.
In what might have been a symbolic event in the development of mobile communications, President Barack Obama, for whom security is paramount, kept his BlackBerry after taking office — but not before it was locked down with strong encryption and security provisions to protect e-mail and communications with his inner circle.
In this report:
And the president isn’t the only government official using mobile devices such as smart phones to access and share information from any location.
The U.S. Postal Service has equipped nearly 9,500 senior and operational managers with BlackBerrys, giving them access to real-time information and alerts they need to make decisions about services USPS provides to the public.
The Census Bureau has deployed the Microsoft Windows Mobile operating system on 140,000 handheld personal digital assistants that census workers use during the decennial head count.
Meanwhile, users of Army Knowledge Online (AKO) will be able to access and send sensitive information through a secure mobile platform using Windows Mobile devices.
“The whole idea of a mobile wireless solution is to help users be more efficient in the field,” said Josh Mulloy, a mobile wireless specialist at CDW Government. “At this point, it is not a corporate perk. These are efficiency enablers, helping federal government users do their jobs more effectively and in more places.”
Nevertheless, the proliferation of mobile devices poses additional challenges for agency information security managers charged with securing networks from malicious attacks.
Wireless networks and handheld devices are vulnerable to many of the same threats that wired networks are: compromised systems, denial-of-service attacks, identity theft, intrusion, privacy invasion, viruses and other malicious codes.
An unsecured wireless local-area network or compromised mobile systems could be a launch pad for an intruder to break into agencies’ backbone networks, a possibility that made many agencies extremely cautious about deploying wireless devices.
However, Defense Department policies, such as the 8100.2 directive, and guidelines from the National Institute of Standards and Technology have laid the foundation for vendors to develop technologies that conform to the government’s stringent requirements, giving agency managers a stronger sense of comfort when they deploy mobile devices and wireless networks, experts say.
“The real watershed moment was when the Office of the Secretary of Defense released the 8100.2 policy,” said Stephen Orr, consulting system engineer at Cisco Systems.
First released in 2004 and updated two years later, 8100.2 sets a policy for protecting DOD’s Global Information Grid. The policy states that communications must be encrypted end-to-end and cannot be decrypted at unsecured access points. Furthermore, it states that emerging and future wireless protocols need to be protected, too.
Wireless products must pass rigorous interoperability tests conducted by the Wi-Fi Alliance, which certifies devices that conform to the universal Institute of Electrical and Electronics Engineers 802.11 specifications.
Moreover, wireless infrastructure and security technology must comply with NIST Federal Information Processing Standards (FIPS) 140-2 and use robust standards-based authentication and encryption methods. Wireless devices, systems and technologies must include confidentiality, integrity and availability mechanisms as part of a defense-in-depth security approach.
NIST’s Information Technology Laboratory also has published recommendations to improve the security of wireless networks in Special Publication 800-48. The guidelines address security issues associated with wireless LANs, personal-area networks based on the Bluetooth specifications, and handheld devices.
Pushing real-time info
USPS follows the NIST guidelines as much as possible, said Charles McGann, manager of information security services at the Postal Service. “We are not required to follow the NIST guidelines, but we do because we think they make sense,” he said.
USPS runs one of the largest intranets in the world, connecting 28,000 facilities. The devices on that network include wireless and mobile devices that USPS distributes to increase communications among particular users, said John Edgar, USPS's manager of corporate IT portfolios. The Postal Services uses wireless devices when real-time communications and decision-making are important or there is a need for real-time data collection, Edgar said.
“We have about 9,500 BlackBerry devices within the organization that are provided to executives, managers and operations-level people in the field where real-time communications is needed,” Edgar said. “Sometimes that means e-mail or pushing alerts — problem or performances alerts or actions that need to be taken by that individual.”
“To make data more available to end-users, we take a report or a required action and push that into a BlackBerry e-mail-readable format so that when it gets to the user, it is something they see on the screen immediately,” not an attachment, he said.
The Postal Service runs a BlackBerry network based on BlackBerry Enterprise Server. Both the devices and traffic are encrypted, Edgar said. Additionally, users can call the help desk to ask IT administrators to flush data from a lost device.
USPS also uses custom-built, rugged wireless bar code scanners and data collection devices in its plants. The devices, which include a wireless radio that communicates with access points in the plants, collects data about mail that is being prepared for transportation or being received from other facilities. The device gives operations personnel “visibility into mail flow and volumes coming into a plant or what is headed to another plant,” Edgar said.
Although the devices do not handle sensitive information, the data is encrypted, Edgar said.
Moreover, “we have gone as far as segmenting our wireless environment where we can’t secure them because of older technology,” McGann added. For example, if an endpoint device that scans a postal vehicle doesn’t have encryption capability, the device will be allowed to communicate with only one access point, and that access point can communicate with only one server or business application down the line, he said.
“So if we have an issue, we can limit our exposure,” McGann said.
The Postal Service uses strong password protection to secure access to BlackBerry devices. In addition, Research in Motion has strengthened BlackBerry security by offering a smart-card reader. The small device is about the size of a smart card and is gaining popularity among some DOD and civilian agencies, Mulloy said.
The reader complies with FIPS 140-2, just like BlackBerrys do. “We’re seeing [BlackBerry] smart-card readers going out on an equal level with” the BlackBerry, Mulloy said.
The BlackBerry is not the only mobile device generating interest among agencies. Mobile devices sporting the Windows Mobile operating system are gaining traction.
For example, the Census Bureau is deploying Microsoft’s mobile operating system on 140,000 handheld PDAs for the 2010 census.
This is the largest one-time deployment of Windows Mobile devices, said Randy Siegel, Microsoft Federal telecommunications and mobility strategist.
Harris, the systems integrator for the 2010 census, selected Sprint to be the wireless data provider. Field workers collect census data using handheld PDAs that connect to the Sprint network.
In the past, field workers collected most census data manually by using paper address lists and printed maps. The 2010 census will be almost paperless, at least in the address canvassing phase, which was just completed.
Sybase iAnywhere provided its Afaria mobile-device management and security software, which has encryption modules that are FIPS 140-2-validated. Windows Mobile 5 and higher operating systems are also FIPS 140-2-certified, Siegel said. And Windows Mobile adheres to the Defense Information Systems Agency’s Secure Technical Information Guidelines (STIG) for mobile wireless.
Microsoft works with a number of security companies on Windows Mobile security, such as Good Technology to strengthen two-factor authentication.
Good Technology will work with Northrop Grumman to deploy the Good Mobile Messaging Secure Multipurpose Internet Mail Extensions (Good S/MIME) on a broad range of Windows Mobile devices, such as the Sprint Touch Pro, Verizon XV6850 and AT&T Fuze, to provide reliable mobile e-mail to the 2 million registered users of the AKO Web portal.
Designed to meet DOD’s security requirements, the Good S/MIME solution will provide AKO users with secure messaging for mobile devices with Common Access Card authentication, encryption and signing of e-mail and attachments, and automatic over-the-air synchronization of all certificates.
Good Mobile Messaging provides end-to-end mobile security with FIPS-certified, 192-bit Advanced Encryption Standard (AES) encryption for data in transit and data stored on users’ devices. IT managers can remotely lock down hardware components, including cameras, Bluetooth and infrared ports. They also can push temporary passwords to a handheld device or remotely erase data from lost or stolen devices.
Good’s server operates behind users' enterprise firewall and connects to Good’s network operations center, said John Herrema, the company's vice president of marketing. As a result, security administrators do not need to open new ports for inbound traffic, he said.
Security and network challenges
“People are doing a lot of things with wireless we thought they would never do: things like logistics information, readiness of forces, tactical operations, deploying semipermanent bases in theaters of operation like Iraq and Afghanistan, where the cost of digging fiber is too high, and [there are] security issues like people getting shot at,” said Magued Barsoum, chief technology officer of Fortress Technologies, a maker of secure wireless bridges and mesh networks for defense and civilian agencies.
Among other products, the company offers Fortress Secure Wireless Bridges, all-in-one network access devices with built-in security. The ES520 is suited to work as a self-contained network that combines the functions of a wireless access point, Ethernet switch and security gateway developed for rugged, outdoor environments.
Fortress’s gear uses elliptic curve cryptography technology from Certicom that is more secure and less expensive to set up than traditional encryption modules, Barsoum said.
Deploying wireless nodes involves dealing with networking and security challenges, he said. For instance, in defense environments, other considerations include authentication and the use of public-key infrastructures in tactical environments.
A warfighter on the battlefield cannot always connect to authentication servers in the United States. “There are technological issues of how you deal with that, so you tend to cache information and use it that way,” Barsoum said.
The ES520 has a fully embedded PKI authentication server. In a few months, Fortress will provide certificate revocation list caching, the ability to use cached information that can be applied if an authentication server is not available, Barsoum said.
Cisco’s Orr described the application of security to wireless networks as similar to building defenses around a castle. The wireless security should work along with the provision and controls that protect an agency’s wired network.
The company’s Cisco Unified Wireless Network, a unified wired and wireless network solution, provides proactive threat detection, radio frequency visibility, strong authentication and wired security.
There are two components to securing data on wireless networks: securing data at rest and data in transit, Orr said.
Securing the data at rest focuses on locking down a mobile device so that if the device is stolen or lost, someone can’t pick up the device and retrieve the data.
“Our infrastructure comes into play when data is in transit,” he said. That means ensuring that data is encrypted according to the 802.11i spec, which mandates the use of AES 128-bit encryption.
“So we’re encrypting the data in transit from the client to the infrastructure, which would be the access point in this case,” Orr said.
Extending the wired network
New York City treats its wireless network as an extension of its physical network and, as a result, can apply the same in-depth security, said Brian Snodgrass, executive director of wireless technologies at the city’s Department of Information Technology and Telecommunications (DOITT).
Designed by Northrop Grumman and IPWireless, the broadband network supports more than 50 critical applications across more than 19 municipal departments. For instance, NYCWiN provides first responders with high-speed data access to support large file transfers, including fingerprints, mug shots, city maps, automatic vehicle location and full-motion streaming video.
Physical security is the first step to securing the network. The broadband network consists of a series of nearly 400 sets of antennas, connected to the wired infrastructure, that are installed on the rooftops of city-owned buildings throughout the city’s five boroughs. The antennas transmit wirelessly to modem devices installed in agency buildings or vehicles. The devices are stored in secure, rugged cabinets accessible only to authorized personnel through locks and key badges. If an intruder breaks into the cabinets, alarms alert security personnel in DOITT’s network operations center, Snodgrass said.
The network deploys end-to-end encryption — Secure Sockets Layer, IP Security, Microsoft Active Directory, Triple Data Encryption and other security protocols — that can be customized depending on whether the application is on a device in a moving vehicle or at a stationary location, he said.
“All the same folks who supported the wired network were involved in the wireless network and brought all of the same best practices,” Snodgrass said. “I really feel that we are just a wireless extension of the wired network and that has helped to make us more efficient.”
As municipalities anticipate more radio spectrum to be dedicated to public safety, officials are wondering how they can best use broadband for voice and data so they don’t need to manage two separate networks, said Steven Cooperman, vice president of business development at Northrop Grumman.
Meanwhile, DISA researchers have updated the STIG document that offers guidance for mobile wireless and is working on guidelines for remote access, said Peter Zarrella, an engineer for technology reconnaissance at DISA.
The guidelines take into account almost any type of connection a person would make remotely. “It is a matrix approach, depending on the topology — Wi-Fi, cellular, digital-subscriber line or cable modem” he said.
People often do not know what level of security they might have at a hotel or conference. “So setting the guidelines of what level of encryption needs to be used with the different types of products on the market is key,” Zarrella said. “The remote access policy that is under development right now is a big enabler for all of DOD. And hopefully the whole dot-gov [community] will be doing some work in that area.”