Feds label wi-fi a terrorist tool

[InfoSec News <isn () c4i org>]

Forwarded from: Andrew Simmons <andrew () zpok demon co uk>

http://www.wired.com/news/wireless/0,1382,56742,00.html

By Paul Boutin
Dec. 06, 2002 

SANTA CLARA, California -- Attention, Wi-Fi users: The Department of
Homeland Security sees wireless networking technology as a terrorist
threat.

That was the message from experts who participated in working groups
under federal cybersecurity czar Richard Clarke and shared what they
learned at this week's 802.11 Planet conference. Wi-Fi manufacturers,
as well as home and office users, face a clear choice, they said:
Secure yourselves or be regulated.

"Homeland Security is putting people in place who will be in a
position to say, 'If you're going to get broken into ... we're going
to start regulating,'" said Cable and Wireless security architect
Shannon Myers in a panel dubbed "Homeland Security vs. Wi-Fi."

Myers was one of several consultants for President Bush's Critical
Infrastructure Protection Board, which is finalizing its National
Strategy to Secure Cyberspace.

Since being named special advisor to the president for cyberspace
security last year, Clarke has stressed wireless access points as a
national security threat.

"Companies throughout the country have networks that are wide open
because of wireless LANs.... Millions of houses are getting connected,
which means that more and more are getting vulnerable," Clarke told
attendees at the Black Hat Security Briefings in Las Vegas earlier
this year.

"We know that (an attack) could bring down the network of this country
very quickly. Once you're on the network, it doesn't matter where you
got in," said Daniel Devasirvatham, who headed the Homeland Security
task force for the Wireless Communications Association International
trade association.

Devasirvatham said the telecom industry was represented at security
planning talks with federal agencies, but the wireless sector itself
was not.

"Do you consider yourself part of the telecom industry?" he asked the
802.11 Planet audience. "If you're a nethead instead of a Bellhead,
you probably don't. I think there's a major disconnect here."

But Myers acknowledged that regulators were frustrated in their search
for a quick fix to plug Wi-Fi holes.

"There's just not a lot of technology out there right now that can be
used to secure the technology in place," she said. "They're not at a
point where they can say, 'This will solve the problem,' and mandate
it."

Rather, the most recent draft of the National Strategy document lists
stopgap steps that home and office Wi-Fi users should take to make
their networks harder to crack. The National Institute of Standards
and Technology's Wireless Network Security document contains more
detailed guidelines.

Speakers called on corporate Wi-Fi customers to participate in
creating security enhancements and best practices, lest regulators do
it for them. "Expert advice needs to be obtained from more than just
the industry that makes the equipment," Devasirvatham said.

Conference attendees were split on the potential of wireless nodes as
terrorist access points.

Boingo CEO Sky Dayton suggested turnkey security standards under
development would improve the technology's reputation. "It's possible
to secure a wireless network today," he said. "But it needs to get
easier."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.