Think wireless denial of service...
Written and edited on the M5 between Bristol and Birmingham and dispatched from a Cambridge hotel on a free LAN.
Ever since the mobile phone was launched, and even more so since the arrival of wi-fi, a good percentage of people seem to be perpetually worried about eavesdroppers and miscreants who might break into computer networks.
Year-on-year the same old concerns and questions crop up without fail. And yet these are often the same people who shout on their mobile phones or work in companies that employ contractors and temporary staff without adequate due diligence.
I travel a lot, and I see many people who seem to think that they live in an acoustic bubble. They are quite happy to shout (literally) about their latest conquest, divorce, medical details and whatever!
At the same time I see interesting stuff on unguarded laptop screens and, from time to time, open wi-fi access to unguarded machines on planes and trains. I can't think of a parallel maxim to 'penny wise and pound foolish' but there should be one for security for sure.
But is this a really big deal? Is it where the really big risks are? I don't think so. In my experience the biggies always come along and bite you on the bum from a direction you are not looking, by a mechanism you didn't conceive and at a time that is really inconvenient.
So what do I see that conference audiences don't?
We are building a wireless world - everything from car keys to mice, keyboards, LANs to telephones, positioning systems, ID and security systems are all wireless. And this is not to mention our radio, TV and satellite broadcast systems, of course. So what about jammers? Yep, jammers! What would it take to cause mayhem through the determined production of interfering signals? Not a lot, it would seem. There are already restaurants using signal jamming to prevent mobile phone calls and thereby maintain a romantic ambience.
If we look at the typical signal levels required for various devices we can gain an insight into the potential susceptibility and risk.
For sure, we don't need to generate a lot of power in the proximity of any system receiver in order to introduce significant problems. For example, -60dBm is equivalent to 0.000,001 Watt, whilst -90dBm is equivalent to 0.000,000,001 Watt.
At some point in your life you will have experienced unintentional interference on a radio, TV or mobile phone. When two signals compete, or overlap in the same space, they generally cause problems that manifest themselves in a degradation of picture and/or sound quality.
But what if you really wanted to cause interference on purpose as some countries did during the Cold War (and some still do!) to isolate their populations from outside influence. Do you need big facilities? Yes, if you want to cover an area the size of a country but no, if you want to cause damage on a smaller scale. The physical size and power required to cause problems campus-wide (and beyond!) are as follows:
Should we all be panicking about such a prospect? I think not. But we should be mindful in the deployment of all wireless systems. There are bad people in this world and should they determine to do so they could set about disabling systems to their advantage in order to aid criminal acts.
Unintentional interference tends to be more common than we would perhaps like to admit and the world goes on with little inconvenience.
In addition, the 'DIY Black Box' approach to systems engineering (now in the ascendancy) dictates that we pay more attention to the up-front engineering. Ergo, we are deploying increasingly interference-robust modulation and coding schemes. The real risk lies with the older analogue and early digital technologies like GPS that are not really interference-hardened.
The really good news is this: jamming is easy to detect and the location of the source(s) easy to determine. But it takes time! My recommendation is to use wireline and optical fibre where you reasonably can and deploy wireless devices where there is the greatest benefit and advantage.
As for security, people and companies need to think beyond listening-in, hijacking bandwidth and network penetration, and move on to denial of service and overall resilience. And this should include all aspects from power supplies, connectivity, people and potential miscreants in the neighbourhood.