Editorial: Check that backdoor

If an agency's cybersecurity strategy does not cover networks in McLean, Va., Lanham, Md., and a host of other cities where contractors work, it does not extend far enough.

A recent survey of wireless networks in the Washington, D.C., area found mixed results, although agency officials have made strides in securing wireless networks.

Armed with a handheld antenna and a laptop computer, two Federal Computer Week reporters and a wireless expert drove around town to see if they could intercept signals emanating from government facilities. When they detected a signal, they checked to see if the data was properly encrypted.

When FCW reporter Bob Brewin conducted a similar survey several years ago, he found that many agency officials had unwittingly created backdoors to their networks. Security at those agencies has improved significantly, and our team detected only a few rogue wireless access points.

The bad news came when they scanned the facilities of some major systems integrators and found many wireless networks. Some links were encrypted, but in some cases, the wireless expert was able to identify the network addresses of access points, which could be dangerous information in the hands of a hacker.

The findings raise some unsettling questions, given the extent to which systems integrators are involved in many major government programs. Do the vulnerabilities of a contractor's network put government information at risk? How can agency officials assess threats, and how can they protect against them?

The lesson is not that wireless technology is too risky or that contractors cannot be trusted. Agencies must work in a networked world with inherent risks. The task is to understand those risks — in all their manifestations.

The challenge in a networked world is to realize that some risks may arise in areas outside your direct control. Then it becomes a question of governance: How do you track those risks and their mitigation?

Our survey of wireless networks is no cause for panic. But it should remind agency officials to think in broader terms about the security of their information and networks.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.