The U.S. government goes wireless: read these two case studies to see how the U.S. government is using wireless technology to be more efficient.GOVERNMENT AGENCIES can meet some of their toughest communication challenges by using wireless LAN A local area network that transmits over the air typically in the 2.4 GHz or 5 GHz unlicensed frequency band. It does not require line of sight between sender and receiver. Wireless base stations (access points) are wired to an Ethernet network and transmit a radio frequency over an area technology. And, they can do so more easily and cost-effectively than you might think. The case for wireless Wireless LANs eliminate the need for network cabling, so workforces in historic public buildings can get high-speed network connectivity without costly and risky renovation of older buildings. And, wireless LANs link government employees to vital network resources regardless of where their jobs take them--from offices, to legislative chambers, to courtrooms, to remote facilities. For example, public officials such as judges, lawmakers, and their busy staff members require seamless connectivity in multiple locations that conventional wired networks can't deliver. Because of government's expanding responsibilities, state and local agencies often occupy temporary facilities. The same is true for fast-growing schools. Clearly, personnel and students housed in these facilities must be networked and linked to nearby permanent offices. Yet public officials are reluctant to invest in permanent technology for short-term workspace, and running leased telecommunication lines between permanent and temporary facilities can be an expensive proposition. Temporary workspaces, buildings and classrooms can be networked without costly permanent infrastructure, by using wireless LAN-to-LAN bridging solutions. Furthermore, wireless LANs deliver flexibility that wired technology simply can't match. These solutions make it possible for public institutions to instantly accommodate new staff members or relocate existing employees without adding expensive wired network drops. Choosing the right wireless solution Government should carefully consider their network needs and security requirements when choosing a wireless LAN solution. In most cases, Wi-Fi is the right choice. This proven technology is inexpensive, standards-based, and fast enough for most government and corporate applications. Investing in Wi-Fi networks now lets government agencies and organizations immediately reap the benefits of mobile technology (for example, lower costs over the lifetime of the technology and better workforce productivity compared with wired solutions). Early on, Wi-Fi earned a bad reputation when it came to security. Its chief weakness was Wired Equivalent Privacy Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. (WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. ), which has some serious flaws. WEP uses fixed keys that are attainable via commonly available software such as NetStumbler. To address this problem, the Wi-Fi Alliance (Wi-Fi Alliance, Austin, TX, www.wi-fi.org) A membership organization founded in 1999 devoted to certifying 802.11 wireless Ethernet devices for interoperability. The Wi-Fi CERTIFIED logo on a wireless radio (PC card, access point, etc. proposed Wi-Fi Protected Access (networking, security) Wi-Fi Protected Access - (WPA) A security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). (WPA WPA: see Work Projects Administration. WPA in full Works Progress Administration later (1939–43) Work Projects Administration U.S. work program for the unemployed. ) as a replacement. WPA uses Temporal Key See session key. Integrity Protocol (TKIP See WPA. ), generating a new key for every 10KB of data transmitted over the network. Striking a balance: productivity vs. security Although wireless computing devices and infrastructure support systems can provide an increase in connectivity, they also provide an increase in security vulnerabilities and risks to government information and operations. While computer security officials continue to assimilate these technologies into the workplace, they also need to ensure they're taking a balanced approach regarding the associated vulnerabilities and security risks. Thus, the best plan of action is to implement an integrated protection approach when deploying wireless technology to support government business and mission operations. The following wireless security policy best practices apply to a broad range of companies, not just government and defense. These policies mandate that: * Networks should be regularly monitored and checked for rogue access points (1) A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world. * Wireless LANs should be treated as unsafe networks and kept outside firewalls * VPNs should be used to authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. wireless LAN users into corporate and government networks * Wireless LAN traffic should be put into a segregated virtual LAN Also called a "VLAN," it is a logical subgroup within a local area network that is created via software rather than manually moving cables in the wiring closet. It combines user stations and network devices into a single unit regardless of the physical LAN segment they are attached to and * Host firewalls should be installed (and always used) on all wireless-enabled clients However, the department of defense (DOD (1) (Dial On Demand) A feature that allows a device to automatically dial a telephone number. For example, an ISDN router with dial on demand will automatically dial up the ISP when it senses IP traffic destined for the Internet. ) is going one step further: It prohibits the use of many types of wireless technologies in the Pentagon and much of the Army, Navy, and Air Force. In a document titled "Pentagon Area Common Information Technology Wireless Security Policy," the DOD elaborates on the dangers of wireless-to-network security and the steps the Pentagon and its service branches are taking to come to grips with it. These policies focus on: * Recognizing the pace of technological change and, therefore, requiring an annual review to keep pace with rapidly evolving technologies * Prohibiting connectivity to classified networks and computers * Prohibiting synchronization (1) See synchronous and synchronous transmission. (2) Ensuring that two sets of data are always the same. See data synchronization. (3) Keeping time-of-day clocks in two devices set to the same time. See NTP. with IT devices that aren't approved by a designated approving authority The Designated Approving Authority, in the United States Department of Defense, is the official with the authority to formally assume responsibility for operating a system at an acceptable level of risk. * Allowing the use of wireless devices (e.g., cellular telephones and personal digital assistants) for unclassified un·clas·si·fied adj. 1. Not placed or included in a class or category: unclassified mail. 2. data only * Allowing the use of wireless devices in areas where only unclassified information is electronically stored, processed, or transmitted * Allowing use of wireless devices in areas where classified information is electronically stored, processed, or transmitted unencrypted only when there's a documented operational need; the device's infrared, radio frequency and microphone/audio capabilities are disabled; and DCID DCID Director of Central Intelligence Directive DCID Duke Center for International Development (Durham, NC) DCID Development Change In Design DCID Detection and Correct Identification Delay rules are followed. * Requiring punitive action for repeated policy violations that jeopardize the security of the Pentagon and its IT services Actually, in view of the voluminous amount of personal data (credit card, loan, banking, tax return information--not to mention social security numbers) that are being outsourced to overseas call centers, it wouldn't be a bad idea for corporations to adopt DoD's stringent security standards. After all, have security background checks really been completed on all of those non-U.S. citizens that are working at the call centers? Case Study 1: Flight maintenance At U.S. Air Force bases worldwide, the Air Force maintains aircraft on flight lines and in hangars. To troubleshoot and repair these aircraft, maintenance technicians need secure access to technical manuals, tech orders, and parts databases. Problem To create Electronic Technical Manuals (ETMs), the Air Force has digitized thousands of technical manual pages and placed them on CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). . To access these ETMs in a secure manner, as well as logistics databases and other network resources that support their work, technicians used to have to go to a hardwired network outlet in the hangar or maintenance building. To access secure information, a great deal of time was wasted when work had to stop in order to physically connect to the network. To ensure that Air Force technicians had secure access to these network resources where they needed them most (in and around the aircraft), they needed an effective, secure, and mobile solution. Solution To the rescue comes Virginia-based Xacta Corporation (http://www.xacta.com/), which is a subsidiary of Telos Corporation. Xacta developed a secure solution for the Air Force that combines a secure wireless infrastructure, a thin-client operating environment In computing, an operating environment is the environment in which users run programs, whether in a command line interface, such as in MS-DOS or the Unix shell, or in a graphical user interface, such as in the Macintosh operating system. , and wireless-enabled tablet PCs. To give technicians secure access to online ETMs and other network resources while working on, under, or in the aircraft, in hangars, or out on the flight line, Xacta integrated this secure wireless network into the existing Air Force wired network. The solution lets technicians track those orders in a secure manner through the logistics system, without leaving the work area. They can also receive and sign off on tech orders and access logistics databases to place orders for new parts. Xacta engineers arrived onsite to survey the coverage area required by the user, identify the number of users who need to access the system, and identify the back-end network resources they'll need to access. This level of detail is required to provide the best possible secure solution. Then, to meet the precise needs of users on the flight line and inside aircraft, Xacta developed a secure network architecture that ensures a seamless roaming network featuring a special combination of off-the-shelf products. So, for maintenance technicians to access the network from the outer ends of the flight line and inside the aircraft (even up into the tail wing), Xacta installed a pole-mount repeater (1) A communications device that amplifies (analog) or regenerates (digital) the data signal in order to extend the transmission distance. Available for both electronic and optical signals, repeaters are used extensively in long distance transmission. and mobile repeater systems. This results in a significant return on investment, even for an installed secure solution of less than four months. Case Study 2: Tracking Security Credentials With heightened concerns about homeland security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States , the protection of personnel and assets of government, military, and civilian installations has become a daunting daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin challenge. The U.S. military in particular, has become more diligent than ever in its efforts. Problem Security personnel scrutinize scru·ti·nize tr.v. scru·ti·nized, scru·ti·niz·ing, scru·ti·niz·es To examine or observe with great care; inspect critically. scru the credentials and authorization of all visitors at Wright-Patterson Air Force Base Wright-Patterson Air Force Base, U.S. military installation, 8,023 acres (3,247 hectares), W Ohio, NE of Dayton; est. 1917. One of the largest airport installations in the world, it is the air force's main research and development base, and the headquarters of the (WPAFB WPAFB Wright Patterson Air Force Base (Dayton, Ohio) ) in Dayton, Ohio Dayton is a city in southwestern Ohio, United States. It is the county seat and largest city of Montgomery County. As of the 2005 census estimate, the population of Dayton was 158,873. . In the past, security guards leafed through thick binders to check each day's approved activities, invited guests, and individuals barred from the base. The manual process required personnel to print, collate col·late tr.v. col·lat·ed, col·lat·ing, col·lates 1. To examine and compare carefully in order to note points of disagreement. 2. To assemble in proper numerical or logical sequence. 3. , assemble, and update the documents. This inefficient and time-consuming process placed practical limits on the production and distribution of the binders. The result was that only three of the ten gates on base had access to the binders. Other manual, paper-based processes at the base were also impacting productivity. Air Force IT managers, responsible for monitoring the base's inventory of computers, printers, and other technology assets relied on a paper-based system for tracking inventory. Wright-Patterson needed to explore technology solutions to increase the efficiency of its operations, improve employee productivity, and increase the security, quality, timeliness, and accessibility of critical information. Solution To streamline the processes that ensure the security of the air base and its critical IT assets, Wright-Patterson Air Force Base (WPAFB) uses handhelds, coupled with applications from PalmOne. The software compiles a daily list of authorized events. Security personnel can quickly and easily access event information on the handheld, verify invited guests, and retrieve information sponsors. The solution provides details about individuals barred from the base. Cradles constantly recharge the handhelds and support data synchronization Keeping data in two or more computers up-to-date so that each repository contains the identical information. Data in handheld devices and laptops often require synchronization with the data in a desktop machine or server. between the handhelds and WPAFB's server data. What started as a solution to just digitize binder information for security checkpoints has turned into so much more. The handheld solution also lets guards pro vide gate-to-building driving directions for visitors. The guards can even easily print the directions by pointing the infrared (IR) beam of the handheld at a IR printer. The new handhelds have also replaced the laminated quick-reference cards the security guards previously carried on their belts. Manually updating the cards was a cumbersome process. What's more, only so many cards could fit on the belt. Now, security personnel can access reference information by tapping the stylus on the screen of their handheld. With documents to go, active hyperlinks display the requested procedural information. Yet another application is saving time for military dog handlers. The handlers must complete a daily evaluation and utilization report. The paper-based report consisted of two forms, completed with hand-written data that was later keyed into a PC. The process was error-prone and time-consuming, taking two hours each day. The kennel master spent an additional five hours correcting the information and compiling it into a single report. Now, secure Palm m515 handhelds step the dog handlers through the form, thus eliminating mistakes during the data gathering process. The handlers save three hours each day, and the kennel master saves time as well. Furthermore, the Material Systems Group (MSG MSG: see glutamic acid. ) at WPAFB is also exploiting the solution for a dramatic change in its operations. MSG has switched from a manual, paper-based system for inventory tracking to one that provides secure, mobile access to information about IT assets on base. WPAFB worked with Xacta to define and implement a secure mobile inventory tracking system. The custom application, running on PaIm m515 handhelds, is an engineering framework for interoperability of wireless security technologies. Finally, based on the success of the mobile security systems, the MSG at Wright-Patterson plans to rapidly expand the program to asset managers base-wide and beyond. By exploiting mobile security technology, WPAFB is revolutionizing its operations to better support the needs of the U.S. Air Force. Summing up Wireless solutions are not only simple and relatively inexpensive to implement, they provide a significant long-term return on the government's IT investment. Studies show that wireless LAN technology lets users stay connected to network applications nearly four hours longer per day, boosting staff productivity by an average of 44 percent. Compared with those that use wired technology, agencies using wireless solutions save thousands of dollars per user each time they add staff members to a wireless network. MOBILE BUSINESS BENEFITS The common perception is that government moves slowly. That Isn't the case with wireless technology. The U.S. government has discovered that it can quickly implement secure wireless networks to help its workers be more efficient. John R. Vacca is an information technology consultant and internationally known author based in Pomeroy, Ohio Pomeroy is a village in Meigs County, Ohio, United States, along the Ohio River. The population was 1,966 at the 2000 census. It is the county seat of Meigs CountyGR6. During the late 19th century, Pomeroy was an important producer of coal and salt. . Since 1982, John has written 39 books and more than 455 articles in the areas of advanced storage, computer security, and aerospace technology. John was also a configuration management specialist, computer specialist, and the computer security official (CSO (Chief Security Officer) The person in charge of all staff members who are responsible for promulgating, enforcing and administering security policies for all systems within an enterprise or division. ) for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his early retirement from NASA NASA: see National Aeronautics and Space Administration. NASA in full National Aeronautics and Space Administration Independent U.S. in 1995. John was also one of the security consultants for the MGM MGM in full Metro-Goldwyn-Mayer, Inc. U.S. corporation and film studio. It was formed when the film distributor Marcus Loew, who bought Metro Pictures in 1920, merged it with the Goldwyn production company in 1924 and with Louis B. Mayer Pictures in 1925. movie AntiTrust, which was released January 2001. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion