DOD wireless policy delayed

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2003/0224/web-wire-02-25-03.asp

By Matthew French 
Feb. 25, 2003

The Defense Department's policy on the use of wireless devices, 
originally due out this week, will not be available until sometime in 
March or April, according to Defense officials.

The policy, currently in draft form and collecting comments from those 
assembling it, is supposed to be more comprehensive and practical than 
the current policy, which affects only the use of wireless devices 
within the Pentagon.

DOD issued a wireless policy in October 2002, calling for development 
of a wireless network infrastructure across the Pentagon while 
prohibiting wireless access to classified systems. It required that 
wireless devices used within the Pentagon must incorporate technology 
-- including authentication and encryption -- for securing such 
communications.

The new policy is much more inclusive of the entire department, said 
Dawn Meyerriecks, chief technology officer for the Defense Information 
Systems Agency. DOD is trying to keep abreast of emerging technologies 
and recognizes that the proliferation of wireless devices could prove 
a valuable tool in the department's operations.

"A draft of the new policy is floating around now," Meyerriecks said. 
"We had hoped to have the policy done by the end of the month, but now 
we're looking at a March timeframe for its release."

Robert Lentz, director of information assurance for the Defense chief 
information officer's office, was less optimistic about the 
possibility of releasing the policy so soon.

"I'd say it's a number of weeks, at best," he said. "I still haven't 
seen the final draft with the comments of everyone putting the policy 
together."

The policy is being written by several agencies, including the 
National Security Agency, DISA and the information assurance staff in 
the DOD CIO's office. Ultimate responsibility for the policy, however, 
rests with DOD CIO John Stenbit.

"We still need to get the draft back with everyone's comments and then 
weigh the pros and cons," Lentz said. "I think it'll be longer than 
just a couple or few weeks."

Both Lentz and Meyerriecks agree that the new policy is more 
comprehensive and practical than what the Pentagon is using. 

In September, the Pentagon renewed its moratorium on wireless devices 
until it could better identify the security holes the devices could 
exploit. Some wireless devices are allowed under specifically defined 
circumstances, but until the security can be bolstered, the department 
is taking a cautious stance.

"The new policy that we helped draft says basically, 'We know you're 
going to use these devices, so here's what you've got to do to ensure 
security,' " Meyerriecks said.
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.