Wireless links get the squeeze

Still in their infancy, solutions for securing wireless transmissions between agency networks and portable handheld computers cannot be accomplished today with only one product. Full security requires a combination of software on the network and on the device — and more importantly, a policy that makes good use of it all.

The limited storage space and processing power of handheld computers have hampered the development of sophisticated security solutions on handheld devices. Federal security policies, or the lack of them in regard to wireless devices, have also been stumbling blocks. "There are a lot of Defense Department security policies that don't fit handhelds today, but they will down the road," said Robert Collier, chief of enterprise technology for the Army Medical Department, which is part of the Medical Command (MedCom) in San Antonio. Collier, also a consultant with GTSI Corp., is evaluating ways to secure wireless networks as part of the Army Desktop and Microcomputer Contract.

MedCom's medical staff uses Hewlett-Packard Co. iPaq PocketPCs for scheduling and contact management and for monitoring the status of tasks. Like many others in the growing group of government employees who use agency-issued handheld computers, MedCom employees don't use their portable computers wirelessly.

"We lose mobility because we can't deploy wireless until we find a way to secure it," Collier said.

Most security solutions for wireless handheld devices reside on the network, not the handheld computer. For example, Cranite Systems Inc.'s network-oriented software works in part by allowing handheld devices coming through a wireless connection to link only to certain segments of the enterprise network.

Many wireless security solutions use a type of virtual private network (VPN), that encrypts data as it flows between two points. In this case, it connects the wired network and the handheld device. Because VPNs originated in the fixed infrastructure of the wired world, they had to be adapted for use in the wireless environment.

In Cranite's case, adaptation has meant establishing the VPN at a different network layer than the ones that wired VPNs typically use, said Max Mancini, Cranite's vice president of engineering. In part, this approach allows the VPN to better handle the problems related to wireless networks, such as the communication interruptions that can occur when users pass from one wireless access point to another.

On the device side, products from companies such as Credant Technologies and Bluefire Security Technologies encrypt data while it is stored on the handheld computer and lock access to the system by using password-based security in case the device is lost or stolen.

As compression technology has improved, vendors have begun offering more security options. "We have developed a proprietary compression technology that allows us to put security on a small platform on the device that takes up only 600K of space," said Tom Goodman, Bluefire's vice president of business development and operations.

For many government information technology shops, such as the one at MedCom, any security solution must conform to DOD security directives. For example, the directives require nonrepudiated network authentication from the device to the network and Federal Information Processing Standard 140-1 or 140-2 accreditation with standard encryption technology.

In a pilot program testing wireless technologies that comply with DOD guidelines, Collier is evaluating Cranite's FIPS 140-2-certified, network-based security solution and Credant Technologies' Mobile Guardian product.

The need to use at least two products to achieve wireless security can burden users with multiple passwords. To make security easy for MedCom users, Cranite and Credant partnered to create a common application program interface.

"We both implemented the one API we agreed on into our products so the user wouldn't have to use two passwords," said Bob Heard, Credant's chief executive officer.

Although DOD officials have issued guidelines for securing wireless handheld devices, they have not issued a wireless security policy yet. While awaiting the final policy, MedCom officials plans to maximize the value of their handhelds by creating new applications, such as medical databases, that can operate off-line.

Bluefire is another example of the kind of security management products that are starting to emerge. The company's Bluefire Mobile Firewall Plus provides a firewall for handheld computers, an integrity monitor that protects the portable system's file and registry settings, a security manager to enforce security policy and an intrusion-detection system.

Recently, the Air Force Research Lab in Rome, N.Y., has begun to evaluate Bluefire's technology for use with a VPN for securing wireless data transmissions between handhelds and a wired network.

Bluefire has "a very small footprint for a resource-constrained device," said Andrew Karam, the lab's program manager. This type of device-based security is only the beginning, according to security experts.

Gerber is a freelance writer based in Kingston, N.Y.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group