|
That was the message from experts who participated
in working groups under federal cybersecurity czar Richard Clarke
and shared what they learned at this week's 802.11 Planet conference.
Wi-Fi manufacturers, as well as home and office users, face a clear
choice, they said: Secure yourselves or be regulated.
"Homeland Security is putting people in
place who will be in a position to
say, 'If you're going to get broken into ... we're going to start
regulating,'" said Cable and Wireless security architect Shannon
Myers in a
panel dubbed "Homeland Security vs. Wi-Fi."
Myers was one of several consultants for President
Bush's Critical
Infrastructure Protection Board, which is finalizing its National
Strategy
to Secure Cyberspace.
Since being named special advisor to the president
for cyberspace security
last year, Clarke has stressed wireless access points as a national
security
threat.
"Companies throughout the country have networks
that are wide open because of wireless LANs.... Millions of houses
are getting connected, which means that more and more are getting
vulnerable," Clarke told attendees at the Black Hat Security
Briefings in Las Vegas earlier this year.
"We know that (an attack) could bring down
the network of this country very
quickly. Once you're on the network, it doesn't matter where you
got in,"
said Daniel Devasirvatham, who headed the Homeland Security task
force for the Wireless Communications Association International
trade association.
Devasirvatham said the telecom industry was represented
at security planning talks with federal agencies, but the wireless
sector itself was not.
"Do you consider yourself part of the telecom
industry?" he asked the 802.11Planet audience. "If you're
a Nethead instead of a Bellhead, you probably don't. I think there's
a major disconnect here."
But Myers acknowledged that regulators were frustrated
in their search for a
quick fix to plug Wi-Fi holes.
"There's just not a lot of technology out
there right now that can be used
to secure the technology in place," she said. "They're
not at a point where
they can say, 'This will solve the problem,' and mandate it."
Rather, the most recent draft of the National
Strategy document lists
stopgap steps that home and office Wi-Fi users should take to make
their
networks harder to crack. The National Institute of Standards and
Technology's Wireless Network Security document contains more detailed
guidelines.
Speakers called on corporate Wi-Fi customers
to participate in creating
security enhancements and best practices, lest regulators do it
for them.
"Expert advice needs to be obtained from more than just the
industry that
makes the equipment," Devasirvatham said.
Conference attendees were split on the potential
of wireless nodes as
terrorist access points.
Boingo CEO Sky Dayton suggested turnkey security
standards under development would improve the technology's reputation.
"It's possible to secure a wireless network today," he
said. "But it needs to get easier."
|
