Feds Label Wi-Fi a Terrorist ToolBy Paul Boutin
Story location: http://www.wired.com/news/wireless/0,1382,56742,00.html
02:00 AM Dec. 06, 2002 PT
SANTA CLARA, California -- Attention, Wi-Fi users: The Department of Homeland Security sees wireless networking technology as a terrorist threat.
That was the message from experts who participated in working groups under federal cybersecurity czar Richard Clarke and shared what they learned at this week's 802.11 Planet conference. Wi-Fi manufacturers, as well as home and office users, face a clear choice, they said: Secure yourselves or be regulated.
"Homeland Security is putting people in place who will be in a position to say, 'If you're going to get broken into ... we're going to start regulating,'" said Cable and Wireless security architect Shannon Myers in a panel dubbed "Homeland Security vs. Wi-Fi."
Myers was one of several consultants for President Bush's Critical Infrastructure Protection Board, which is finalizing its National Strategy to Secure Cyberspace.
Since being named special advisor to the president for cyberspace security last year, Clarke has stressed wireless access points as a national security threat.
"Companies throughout the country have networks that are wide open because of wireless LANs.... Millions of houses are getting connected, which means that more and more are getting vulnerable," Clarke told attendees at the Black Hat Security Briefings in Las Vegas earlier this year.
"We know that (an attack) could bring down the network of this country very quickly. Once you're on the network, it doesn't matter where you got in," said Daniel Devasirvatham, who headed the Homeland Security task force for the Wireless Communications Association International trade association.
Devasirvatham said the telecom industry was represented at security planning talks with federal agencies, but the wireless sector itself was not.
"Do you consider yourself part of the telecom industry?" he asked the 802.11 Planet audience. "If you're a nethead instead of a Bellhead, you probably don't. I think there's a major disconnect here."
But Myers acknowledged that regulators were frustrated in their search for a quick fix to plug Wi-Fi holes.
"There's just not a lot of technology out there right now that can be used to secure the technology in place," she said. "They're not at a point where they can say, 'This will solve the problem,' and mandate it."
Rather, the most recent draft of the National Strategy document lists stopgap steps that home and office Wi-Fi users should take to make their networks harder to crack. The National Institute of Standards and Technology's Wireless Network Security document contains more detailed guidelines.
Speakers called on corporate Wi-Fi customers to participate in creating security enhancements and best practices, lest regulators do it for them. "Expert advice needs to be obtained from more than just the industry that makes the equipment," Devasirvatham said.
Conference attendees were split on the potential of wireless nodes as terrorist access points.
Boingo CEO Sky Dayton suggested turnkey security standards under development would improve the technology's reputation. "It's possible to secure a wireless network today," he said. "But it needs to get easier."