Wireless, classified data don't mix
The U.S. Defense Department's new security policy prohibits its use of wireless devices, such as cell phones and PDAs, for accessing classified data.
The new policy is actually an elaboration of a moratorium the Pentagon put in place in July 2001 in order to prevent the exploitation of wireless vulnerabilities.
The Secretary of Defense Office has asked the director of the National Security Agency to develop a database of wireless technology vulnerabilities, provide an assessment of the potential risks of specific wireless features and come up with recommendations for countermeasures. The office is also working on a knowledge-management process to help share strategies throughout the department.
The new policy, issued last week and effective immediately, states that wireless telecom or computer-related equipment or systems are prohibited from accessing classified networks or computers, or from being used as the primary means of communications for critical mission operations. The policy also prohibits downloading freeware or shareware enhancements to those devices.
Wireless devices that are allowed should have password protection or strong identification and authentication protection, such as public-key infrastructure or biometrics.