Expanding Wireless in Government

By Stacey McDaniel

Wireless networks are being embraced, if not taken for granted, in government offices across the country. The rapid proliferation of mobile devices has made it easy for government employees to work from anywhere there is a wireless access point, reducing the government's long-standing paper overload in the process. But while government agencies have been quick to adopt wireless technology, they aren't always as quick to address the security vulnerabilities that accompany this technology. Wireless technology introduces a bevy of new and potentially devastating new vulnerabilities in an organization's IT infrastructure. Without proper security, wirelessly transmitted data is vulnerable to eavesdropping, corruption, and loss -- a risk government leaders can't afford to take.

Reasons for wireless
According to the industry analyst firm IDC, the most common use of wireless in government is to retrieve and send email. Those who champion wireless in government see it as a way to facilitate more efficient and cost effective transmission of critical information, and help purge the paper glut that has long plagued the government. Says Forrester Research analyst Carl Zetie: "Government applications are clearly different from private-sector applications because the public sector uses so much more paper than other user groups, so devices such as handhelds and laptops that are connected wirelessly can provide a real benefit."

Other analysts cite the volume of wireless deployments and the unusual nature of the applications as important reasons why the public sector stands out as a leader in the deployment of wireless technologies.

Here are a few examples of the variety of wireless uses in government:

• In the Pennsylvania State Senate, drafts of bills and legal documents are wirelessly transmitted to legislators.
• The Department of Defense deploys wireless field-command posts -- in half the time it takes to set up hard-wired command and control centers.
• Across the country, cities and towns are establishing wireless access points to support municipal and emergency communications needs. Uses of these municipal networks can include streaming video to police vehicles, remote meter reading, data transmission of patient records to and from ambulances, and temporary or remote emergency operations centers.

What to watch for
As the proliferation of wireless technology continues apace in both commercial and government organizations, so do the number of potential vulnerabilities. Wireless networks usually are populated with all the identical technical vulnerabilities associated with conventional wired networks, including worms, viruses and software vulnerabilities. Additionally, there are a significant number of new vulnerabilities introduced by the wireless components themselves. Protecting your critical organizational data assets against wireless network security attacks is a dynamic challenge. Sensitive information broadcast over radio waves and can usually be accessed more easily by attackers than can data in a conventional wired network.

According to the National Institute of Standards and Technology's Special Publication 800-48, agencies face three overarching challenges to maintaining the confidentiality, integrity and availability of their information when implementing wireless networks:

• Protecting against attacks that exploit wireless transmissions Attackers have devised ways to monitor, intercept and analyze wireless traffic. Agencies need to protect their information by employing comprehensive wireless network monitoring programs that identify authorized and unauthorized wireless-enabled devices.
• Establishing physical control of wireless-enabled devices  It is crucial for IT to implement certain security controls on employee devices that are wirelessly accessing the agency network. Each client should be equipped with a personal firewall, policy-based management to keep the firewall up and running, as well as VPN and antivirus software.
• Preventing unauthorized wireless deployments  A frequent threat to wireless security happens when employees set up their own wireless connection in the office without IT administrators' knowledge. Reining in these rogue wireless access points is critical -- in most cases, the offending employee hasn't properly secured the network and isn't aware of the very real threat that has been introduced.

The best security strategy is to ensure you account for all the new vulnerabilities that are introduced into your environment by this exciting new technology. In addition, new threats are also emerging to exploit these broadcast network access points. Treat your wireless network with the same distrust as the Internet. It makes good security sense to ensure you deploy gateway security mechanisms wherever wireless LANs connect to your internal network. Comprehensive firewall appliances can also provide multiple integrated security functions, along with an integrated wireless access point. These solutions typically offer the most effective and efficient way of quickly providing the necessary security baseline by integrating firewall, VPN, antivirus, intrusion detection, intrusion prevention, and content filtering capabilities in one unit.

Conclusion
Wireless technology will continue to enjoy rapid growth in public sector organizations by saving time, money, and resources through easy, portable communication and timely access to critical data resources. As agencies continue to adopt wireless at a rapid pace, potential new vulnerabilities must be addressed and evaluated to manage risk to sensitive information resources. There are compelling reasons why the government must ensure its wireless communications are secured. The trust Americans place in their public servants and their critical information demands it. At a time when IT organizations are stretched perilously thin, deploying and managing a wireless network can appear a daunting requirement. However, integrated security solutions can help you mitigate the risks and allow your organization to benefit from the capabilities of new technology. Don't let security stand between you and better performance. Manage your risk, and work smarter.

Stacey McDaniel has been writing about high-tech issues for more than six years.