Pentagon scrutinizes handheld security

[InfoSec News <isn () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0731/news-pda-07-31-00.asp

BY George I. Seffers
07/31/2000

The Defense Department is conducting a top-down review of security
concerning the use of personal electronic devices, including palmtop
computers, certain pagers, cell phones and laptop computers.

The review is part of a larger DOD effort to institute tougher
security measures and to treat the Pentagon as a command center for
the nations defense.

"The basic concept of the renovation has evolved from treating the
Pentagon as an "office building to the recognition that it is in fact
a "command center, " wrote Rudy de Leon, deputy secretary of Defense,
in a July 14 memo.

Arthur Money, the assistant secretary of Defense for command, control,
communications and intelligence, is conducting a review of "all
physical security policies to ensure they remain applicable in todays
technologically sophisticated environment," according to de Leons
memo, which went to top leaders in the Pentagon.

Pentagon spokeswoman Susan Hansen declined comment because the review
is still in process.

Martin Libicki, a senior policy analyst with the think tank Rand
Corp., said the devices under review can be configured to pose threats
in three general areas: remote access to networks, electronic
eavesdropping and data removal. For example, a personal digital
assistant (PDA) might be configured to download information and remove
it from the building.

"In theory, a [palmtop computer] has the capacity of a floppy disk. A
person might only remember 100 words of text but can download
thousands," Libicki said.

Officials at the Air Force Research Laboratory (AFRL), which develops
some of the services most advanced technologies, are also crafting a
policy to deal with security risks posed by the proliferation of
electronic devices, and lab officials are debating whether it should
be a formal or an informal policy.

Among other things, AFRL recommendations forbid the use of wireless
PDAs and the use of privately owned PDAs for official business.

"If I issue a government PDA and classified information gets on it,
and the only approved way of cleaning it is to destroy it, thats OK.
But if they own it, they would be quite upset with me when I destroy
their PDA," said Jeffrey Pound Sr., AFRL chief technology officer.

Pound pointed out that current policies already address some concerns.
Two-way communications devices such as cell phones and two-way pagers
are already forbidden in sensitive or classified areas. But with the
proliferation of new electronic devices, he said, current policies
might not be enough.

"A PDA, you could argue, is not a two-way communications device, but
walking in, linking it up to a computer, downloading information and
walking out again, in my mind, constitutes a two-way communications
device," Pound said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".