The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Purdue Panel Maps Safer Wireless World for United Nations

Thu, May 22, 2003General

The security of data speeding along wireless networks should be a critical concern when deploying new connections, according to a report presented at the United Nations.

The report was the product of Purdue University’s 2002 Wireless Security Forum, a gathering of 18 computer experts from industry, government and academia. Spurred by the rapid development of technologies that could both widen the information superhighway and heighten the security risk for all the data traveling on it, the experts met in Washington, D.C., at the invitation of Accenture and Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS) to discuss issues of data protection. Their report drew international attention from governments seeking to increase their countries’ participation in the Information Age without compromising their national security.

David Black, global security technologies expert at Accenture, and Teresa Bennett, director of strategic relations at CERIAS, represented the forum this fall at U.N. headquarters in New York City, where Black presented the report. Accenture is one of the company sponsors of CERIAS and was a partner in organizing the forum.

“This report is a road map to a more secure future,” Black said. “Wireless technology is going to be deployed across the globe either securely or insecurely, but the market will get it out there regardless. It is our goal to help this happen as securely as possible.”

Because wireless technology does not demand the expensive initial investment in cable networks that have traditionally carried the brunt of Internet data, many developing countries look upon the technology as a way to leapfrog into the Information Age without undue financial strain. However, broadcasting data via radio waves could conceivably put sensitive information at risk from hackers.

“Many enterprises - from small businesses to national governments - have limited resources to support widespread computer networks,” said Eugene Spafford, director of CERIAS and an organizer of the Wireless Security Forum. “Wireless technology holds the promise of providing these enterprises with economical access to global data networks, but the risk is that their most sensitive information could be stolen right out of the air if their wireless systems are not adequately protected.”

In the report, the members of the wireless roundtable recommended several best practices to be used when deploying wireless security. These included issues of communications, such as setting security plans and employee awareness plans, as well as increasing feedback to vendors to place an emphasis on security in new products; it also included a number of technical recommendations on topics including encryption levels and placement of wireless access points. The entire report is available at either the CERIAS or Accenture Web site.

While the forum met to discuss general wireless security issues, the participants recognized the relevance of their work to areas of the world that might be considering wireless as their first generation of networking technology.

“We were aware from the very beginning that developing countries would have an interest,” Black said. “Accenture was invited to the U.N.‘s 2002 Global InfoSec Conference, which was a natural opportunity to present the report to a wide audience.”

Hundreds of diplomats and representatives of non-governmental organizations were in the audience, several of whom approached Black and Bennett after the presentation.

“The report seems to have been well-received,” Black said. “We would like it to be of use to the entire planet for the long term.”

Spafford said wireless technology is an issue that needs discussion both in this country and abroad, and he hopes the forum’s efforts and report can provide a springboard for that discussion.

“Every tool and technology can be misused,” Spafford said. “As a hammer can be used both to build houses and to destroy treasured works of art, so can wireless technology be both beneficial and harmful. The best outcomes of the forum’s efforts would be for this report to help leaders make more balanced decisions and to influence the wireless industry to pay more attention to security and privacy in their future designs.”

“Roadmap to a Safer Wireless World,” report on IT security as prepared by the group:

—Chad Boutin, Purdue News Service

Get Your Degree with CERIAS