January 12, 2001, 3:36 PM — As workers add ever more devices to their arsenal of mobile tools, IT organizations are faced with the unenviable problem of securing these devices, many of which come over the transom and are not issued by IT.
Wireless devices such as cellular phones, PDAs (personal digital assistants), and pagers are inherently less secure than their wired counterparts. This is due in part to their limited bandwidth, memory, and processing capabilities. Another reason is that they send their data into the air where anyone with the technology can intercept it. Whereas tapping a wired network either calls for direct access to the building or some 007-type gear in a van parked outside, wireless networks are forced by their very nature to be more vulnerable to security problems.
"The major issue with wireless security is the interception of information as it travels over the airwaves," says Dave Dawson, chairman and CEO of security vendor V-One, in Germantown, Md.
Dawson points to an incident a few years ago when Secret Service pager transmissions were intercepted and messages about the location of the President and his family were posted on the Internet. In a separate incident, New York City police officers' pager messages were intercepted, he notes.
These incidents and the increasingly sensitive nature of data sent over the airwaves makes wireless security of paramount importance.
Consider the medical community, for example. Though many doctors use PDAs, medical information about individual patients must be kept secure. When provisions of HIPAA (the Federal Health Insurance Portability and Accountability Act of 1996) take effect in October 2002, the fine for improper handling of patient data will rise to a maximum of $50,000 per incident, which can go higher if done under false pretenses or done with the intent to sell, transfer, or use the information. For a provider with thousands of patient records, the cost of even a minor slipup could quickly reach millions of dollars.
Several vendors offer encryption technologies to prevent the possible interception of data over the airwaves. Encryption also can prevent the integrity of the data from being compromised or altered before it reaches its destination. Unfortunately, encryption places a significant burden on wireless devices, using battery, memory, and processor resources that are scarce to begin with.
Wireless technology, by its nature, violates other fundamental security principles as well, including authentication -- ensuring the identity of the user and the device -- and non-repudiation -- making sure the sender of the message cannot deny sending it.