It seems one of the first hurdles wireless homeland security needs to clear is for people to be able to say it without snickering.
"First of all, there is no such thing," said Gary Morse, president of Razorpointsecurity. Morse said things are getting better, especially with the introduction of a new standard expected by year's end. He's also quick to add that many existing wireless networks could be far more secure than they are with existing technology. But whether we'll ever reach the sort of wireless security that Homeland expects is yet to be seen.
Last fall, Dick Clarke, President George Bush's special advisor for Cyberspace Security, told a Homeland Security forum sponsored by Cellular Telecommunications & Internet Association that the wireless industry must find a way to set security practices and assessments that will prevent terrorists from breaching wireless security.
This past June, Symbol Technologies, Inc. sponsored the Homeland Security Advanced Technology Symposium, during which experts described "important policy and technology developments that are shaping national security and wireless mobile technologies that are shaping all aspects of homeland security at the federal, state, and local government levels as well as in the private sector."
Wireless security companies
A number of companies promise a certain amount of wireless security using existing technology:
Flarion, a wireless broadband technology provider partnered with Northrop Grumman, offers wireless homeland security communication networks based on the company's flash-OFDM technology. Northrop Grumman and Flarion are offering its network to government customers looking for "the most advanced, secure, and flexible mobile broadband network for homeland security and emergency response applications," a company press release said. "As the government considers the reallocation of spectrum in the 700MHz range for public safety use, there is greater attention brought to wireless providers that can provide a more advanced network for high speed calls, video, and Internet communications and transmissions, which are all essential for securing borders, monitoring, and coordinating law enforcement."
Globalstar: A key provision of the Homeland Security Act is that first responders and state and local emergency services organizations put in place an interoperable wireless network, including satellite telephones. In response, Globalstar offers a satellite telephone that "is gaining a firm foothold among state and local governments as a key component of a robust wireless communications network," a company press release said. Globalstar's satellite services cost as little as 17 cents per minute and meet the act's requirements.
Oberthur is one of the world's largest providers of smart cards. One of its smart cards is being tested by transportation workers in the nation's largest airports. These smart cards each contain a chip that reads fingerprints or retinal scans to prevent security breaches. Oberthur also is a leading provider of mobile phone smart cards.
General Dynamics produced the TalkSECURETM wireless phone that encrypts conversations in real time, allowing for secure communications between government agencies, particularly law enforcement.
RSA Security experts are working with U.S. Customs to develop and implement standards for wireless technology "to streamline the process of screening incoming packages from overseas in a secure manner," said a company spokesman. "Additionally, RSA Security is involved in the development of radio frequency IDs (RFIDs) to develop more effective ways to track everything from packages to shipping containers to better monitor imports."
Meanwhile, the Homeland Security Research Corporation predicts that global homeland defense as an industry will almost double in three years, from $100 billion in 2003 to more than $170 billion by 2006. And Westlake Software Corporation recently released the results of a one-year study that analyzes the effects of several commercial wireless technology solutions and their impact on homeland security and disaster recovery. The study (which may be viewed here) included 440 emergency service agencies and produced 10 tips to ensure good wireless decision making.
With all this talk, one would think wireless is about to approach the security of a wired network. Morse said that thinking is flawed on a number of levels. Granted, wireless is far from unhackable, as Morse himself has proven in an eye-raising walk-by hacking he performed in New York's Bryant Park, a popular wireless access point. But he said wired networks have their own vulnerabilities, which his company of professional hackers is paid to find. "Wired or wireless, we can usually find a way in," he said.
The security difference between wired and wireless networks is their vulnerability points. Morse said one mistake he commonly sees is placing a wireless system behind a company's wired firewall. "The thing is, if you have an unsecure wireless access point, what you've done is create a wireless backdoor to your system," he said.
Even worse are wireless systems that are installed without the security that exists for wireless networks. Morse said there are four wireless security safety practices that too often are not implemented:
- Turn on the 128-bit Web encryption.
- Turn on the access control lists.
- Change the SS ID name of the base station, denying the hacker information about the manufacturer's name and all the known weaknesses tied to that station.
- Use third-party encryption, such as IPSec, to tunnel traffic.
"If you do these four things, then you are 1,000 percent more secure than most wireless networks out there," Morse said. "And the first three of those four are free."
However, the greatest stride toward more secure wireless networks is the coming of 802.10X, expected by year's end, which is designed to replace 802.10b and 802.10a. 802.10X is expected to be faster than its predecessor and will offer 256-bit Wi-Fi Protected Access.
Morse said 802.10X is "a step in the right direction" but he cautioned that those looking for wireless homeland security should pay attention to mistakes made by private industry. "Take a lesson from what's been done right and what's not been done right in corporate America," Morse said.
"Before they roll out anything, I hope they have their processes and standards in place."
Also see these related resources: