Editorial: Check that backdoor

If an agency's cybersecurity strategy does not cover networks in McLean, Va., Lanham, Md., and a host of other cities where contractors work, it does not extend far enough.

A recent survey of wireless networks in the Washington, D.C., area found mixed results, although agency officials have made strides in securing wireless networks.

Armed with a handheld antenna and a laptop computer, two Federal Computer Week reporters and a wireless expert drove around town to see if they could intercept signals emanating from government facilities. When they detected a signal, they checked to see if the data was properly encrypted.

When FCW reporter Bob Brewin conducted a similar survey several years ago, he found that many agency officials had unwittingly created backdoors to their networks. Security at those agencies has improved significantly, and our team detected only a few rogue wireless access points.

The bad news came when they scanned the facilities of some major systems integrators and found many wireless networks. Some links were encrypted, but in some cases, the wireless expert was able to identify the network addresses of access points, which could be dangerous information in the hands of a hacker.

The findings raise some unsettling questions, given the extent to which systems integrators are involved in many major government programs. Do the vulnerabilities of a contractor's network put government information at risk? How can agency officials assess threats, and how can they protect against them?

The lesson is not that wireless technology is too risky or that contractors cannot be trusted. Agencies must work in a networked world with inherent risks. The task is to understand those risks — in all their manifestations.

The challenge in a networked world is to realize that some risks may arise in areas outside your direct control. Then it becomes a question of governance: How do you track those risks and their mitigation?

Our survey of wireless networks is no cause for panic. But it should remind agency officials to think in broader terms about the security of their information and networks.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.