How do you secure the FBI's mobile users and field agents? Education is our first line of defense. We have to ensure our agents and employees are aware of vulnerabilities inherent within the devices they use. The challenge for all is awaiting U.S. government-approved standards and security technologies that can keep up with emerging threats--which is virtually impossible.
Do enterprises underestimate the security risks associated with wireless? Absolutely. The problem arises from not having standard, government-approved wireless projects that include security. This results in well-intended ad hoc solutions by engineers who have not included an adequate security solution in the initial design.
What security improvements have you seen through the changing encryption standards? The rapid changes in the standards make it very difficult for organizations to adopt wireless networking. Some stability would increase the chance for successful integration with existing networks. However, there are certainly existing solutions that can be engineered into systems and provide high security for the protection of our unclassified, sensitive and classified information. But, because of the physical nature of the wireless media (unlicensed RF spectrum), there will always be availability issues.
How does the increasing number of remote employees change the wireless security forecast? Insecure wireless connections will only increase as more organizations support and encourage telecommuting. Our challenge is to provide secure solutions for those who will engage in remote connectivity. History has shown us that if we don't provide users with a secure (or any) solution, they will develop one for themselves, which will technically function for connectivity but will almost certainly not be secure.
For the full text of this interview, visit www.searchsecurity.com/ismag.