Burgeoning wireless use has prompted the Defense Department to ratchet up security and accountability for all IEEE 802.11 networks acquired this year, as well as for existing wireless LANs.
“They’re growing because they give us more mobility, flexibility and cost efficiency than wired LAN infrastructures,” says Danny Price, deputy director of wireless policy in the Office of the Assistant Secretary of Defense for Networks and Information Integration.
“Wireless networks are usually local implementations, so the department doesn’t monitor the exact number of them,” Price says. “There will be a transition period to allow users a practical accounting for costs and so on” as the department’s supplemental security policy phases in.
The supplemental policy, issued in June, set a 180-day deadline for military units to report WLAN implementation status and provide action plans and milestones for migrating legacy systems. WLAN equipment bought or implemented in fiscal 2007 must comply with the 2004 IEEE 802.11i standard, plus use intrusion detection systems and have an administrator monitoring them 24 hours a day.
Troops on the move often redeploy their WLANs in different configurations, so most administrator training must take place at the local level. “The policy adopts commercial standards, so DOD can use commercial WLAN administrator courses with the appropriate supporting material,” Price says. But not all implementations are thrown together between tents in the desert. Some military WLANs have already reached the enterprise level in sophistication.
Price cites the Army’s broadband WiMAX point-to-multipoint network at Fort Dix, N.J., which pioneered WLAN use in its Forward Operations Base architecture. The WLAN provides Fort Dix on-demand connectivity for indoor as well as outdoor use.
“It’s interesting because it authenticates users with DOD’s Common Access Card and public-key infrastructure” using the Extensible Authentication Protocol-Transport Layer Security, Price says. The FOB architecture supports realistic combat housing and training conditions and, eventually, will serve the planned joint basing of Army, Air Force and Navy personnel.
Another large WLAN deployment, the Air Force’s Combat Information Transport Systems program, is standardizing implementations across many air bases, Price says. The wireless coverage spans dormitories, recreational areas, office buildings and flight lines. CITS is part of the Air Force Net-Centric Solutions (NETCENTS) contract vehicle.
Targeted Use
But WLANs aren’t suitable for all military situations—for example, in areas where their radio frequency transmissions might affect weapons systems and other sensitive electronics.
“Several intersecting policies and processes guard against interference,” Price says. “The overarching commercial wireless policy is Directive 8100.2,” which mandates getting spectrum supportability guidance from the Military Communications–Electronics Board before acquiring any wireless wares, and Directive 4650.1, which details use and management of radio spectrum.
In addition, “each milestone decision of the formal acquisition process requires a certification of spectrum supportability for any wireless or spectrum-dependent system, he says.” Finally, before WLAN implementation, a designated approving authority must review a wireless system plan to make sure it adheres to the guidelines.
The federal Advanced Encryption Standard is the current requirement for use on WLANs carrying unclassified information. “As encryption and security technologies evolve,” Price says, “DOD will continue to monitor them and adapt our policies and standards as appropriate.”
One uncertainty about the stricter new WLAN security is how much delay will be caused by the multiple “handshake” authenticating devices, servers and wireless access points under 802.11i.
“As always, latency is specific to a vendor’s particular implementation of 802.11i,” Price says. “Specific latency timeframes have yet to be determined.”
The highest latency comes during the initial authentication handshake when an end user tries to join the network via a remote-authentication dial-in user service (RADIUS) server and a wireless access point. If the user roams from one access point to another, the process goes faster because the master encryption key has already been established between the user and the RADIUS server. Only the user and any new wireless AP will need to negotiate their connection and verify the master key.
Latency will decrease further with the adoption of 802.11r, the IEEE’s fast-roaming standard, Price predicts. 802.11r will permit even users in moving vehicles to roam between access points without losing their voice-over-IP telephony and other connections. Hand-off delays would last no more than 50 milliseconds, unnoticeable to the human ear.
What about cell phones?
Price says the supplemental policy offers no guidance beyond the 2004 DOD Directive 8100.2, which forbids use of cellular phones and other radio-frequency and infrared wireless devices in areas where classified information is discussed or processed, because of Tempest emissions.
“That general guidance is still in effect,” Price says. “We’ll continue to review cellular technology as we do all commercial wireless technologies.” There will be new guidance if and when it is needed, he says.
To read DOD’s supplemental WLAN policy, go to www.defensesystems.com and enter 129 in the Quickfind search box.
![1105 Media [purity]](/images/ds1_pntmlogo.gif "1105 Media [purity]"){kind=small}
