WASHINGTON, D.C. -- In a town already known for its poorly kept secrets, it may seem suicidal to make data even easier to access. But in the nation's capitol, where PDAs and cell phones are used in virtually every ballroom, office and food court, federal workers are demanding Wi-Fi access be ubiquitous.
That's why the U.S. Senate is deploying a wireless LAN to improve Capitol Hill communications, an effort that includes shutting down wireless access points set up in staff offices with off-the-shelf routers purchased at consumer electronics stores.
"My business drivers are (to provide) security and customer service," said Senate CIO and Assistant Sergeant-at-Arms Greg Hanson, who spoke at a government wireless and RFID conference in Washington last week. His experiences can help other enterprises grappling with securing a highly fluid, mobile workforce.
Hanson and an information security officer familiar with government installations acknowledged that the staff also needs to police the Senate's network for wardrivers and rogue access points, set-up by users unsatisfied with the new network. "There will always be someone who can't quite get the reception he wants in his office," said the information security officer, Phil Cracknell, chief technology officer at U.K.-based consulting firm NetSurity.
Too many Senate office managers have taken it upon themselves to install Wi-Fi routers, many of them running with insecure, default configurations. Those default configurations typically broadcast the presence of the access points, issue IP addresses automatically, and may or may not even utilize WEP password protection. The performance of the Sergeant-at-Arms' WLAN must be superior to that of existing access points, so users will willingly give up their own routers, said Hanson.
Another trouble spot: Many legislators' staffs see themselves as not being under Hanson's control. In that way, "we are not like other organizations," he said. Still, the CIO plans a layered, defense-in-depth approach to WLAN security, in this case using the WPA Wi-Fi standard under the 802.11g specification, a VPN and (eventually) hard tokens, such as smartcards.
The Sergeant-at-Arms Office "will be doing some warwalking to uncover unauthorized access points," said Hanson. The office soon will also have a centralized security operations center, from which IT can watch attacks on the network. Hanson will call on the Senate Rules Committee to settle any disputes with those insisting on keeping their own Wi-Fi routers, he said.
NetSurity's Cracknell was encouraged by the Senate's layered security measures. But, he cautioned, wireless users will take their devices off the Senate campus to insecure wireless hotspots throughout the capital, where they will be particularly vulnerable.
That means that on and off the Senate campus "they will need to issue strict guidelines for use of wireless networks, and then audit the hell out of them," he added.