Information Security News mailing list archives
Pentagon scrutinizes handheld security
From: InfoSec News <isn () C4I ORG>
Date: Mon, 31 Jul 2000 06:00:18 -0500
http://www.fcw.com/fcw/articles/2000/0731/news-pda-07-31-00.asp BY George I. Seffers 07/31/2000 The Defense Department is conducting a top-down review of security concerning the use of personal electronic devices, including palmtop computers, certain pagers, cell phones and laptop computers. The review is part of a larger DOD effort to institute tougher security measures and to treat the Pentagon as a command center for the nations defense. "The basic concept of the renovation has evolved from treating the Pentagon as an "office building to the recognition that it is in fact a "command center, " wrote Rudy de Leon, deputy secretary of Defense, in a July 14 memo. Arthur Money, the assistant secretary of Defense for command, control, communications and intelligence, is conducting a review of "all physical security policies to ensure they remain applicable in todays technologically sophisticated environment," according to de Leons memo, which went to top leaders in the Pentagon. Pentagon spokeswoman Susan Hansen declined comment because the review is still in process. Martin Libicki, a senior policy analyst with the think tank Rand Corp., said the devices under review can be configured to pose threats in three general areas: remote access to networks, electronic eavesdropping and data removal. For example, a personal digital assistant (PDA) might be configured to download information and remove it from the building. "In theory, a [palmtop computer] has the capacity of a floppy disk. A person might only remember 100 words of text but can download thousands," Libicki said. Officials at the Air Force Research Laboratory (AFRL), which develops some of the services most advanced technologies, are also crafting a policy to deal with security risks posed by the proliferation of electronic devices, and lab officials are debating whether it should be a formal or an informal policy. Among other things, AFRL recommendations forbid the use of wireless PDAs and the use of privately owned PDAs for official business. "If I issue a government PDA and classified information gets on it, and the only approved way of cleaning it is to destroy it, thats OK. But if they own it, they would be quite upset with me when I destroy their PDA," said Jeffrey Pound Sr., AFRL chief technology officer. Pound pointed out that current policies already address some concerns. Two-way communications devices such as cell phones and two-way pagers are already forbidden in sensitive or classified areas. But with the proliferation of new electronic devices, he said, current policies might not be enough. "A PDA, you could argue, is not a two-way communications device, but walking in, linking it up to a computer, downloading information and walking out again, in my mind, constitutes a two-way communications device," Pound said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Pentagon scrutinizes handheld security InfoSec News (Jul 31)