Warning: Using unlicensed wireless networks could be so damaging to the safety of your data that industry experts are suggesting the need for a Surgeon General-like warning label.
Regulators, private industry and law enforcement widely agree that data networks—wireless and wire-line alike—will forever be vulnerable to attack. The difference with wireless technology, some in industry say, is that users have no idea just how vulnerable it is.
“[Wireless security protocols in use are] virtually useless, and I dont think consumers are aware of it,” said Jacob Christfort, chief technology officer and vice president of product development, Voice and Wireless Products, at Oracle Corp., of Redwood City, Calif. Speaking at a forum on unlicensed wireless networks here last week, Christfort said he could support regulation requiring network providers to display a cautionary label, such as those on alcohol and tobacco products.
As hot spots and other unlicensed wireless technologies proliferate, there are growing threats to data protection from information brokers, industrial spies and even “bad apple” divorce attorneys seeking data on their clients exes, said Ted Phillips, senior associate at Booz Allen Hamilton Inc., of Washington. However, WLAN (wireless LAN) users, often equating wireless access with traditional telephony, can have a false sense of security about their privacy. “The money part of the equation is really starting to pick up,” Phillips said at the forum sponsored by the National Telecommunications and Information Administration here. “There is a growing and increasingly severe threat. It scares me, and Ive been at this for a while.”
Apart from small regulatory fixes such as the warning label idea, industry representatives generally oppose more intrusive federal initiatives to secure wireless technologies. One reason is that the possibilities for anonymity in wireless networks make it easy for sophisticated offenders to dodge enforcement.
WLANs remain a concern in the government, and the administration has toyed with ways of promoting better security. The National Strategy to Secure Cyberspace holds agencies responsible for implementing risk management processes and security controls. The government is particularly concerned about anonymity in attacks, said Paul Nicholas, director of Critical Infrastructure Protection at the Homeland Security Council in Washington. “Attacks happen, and you dont know where theyre coming from,” he said, adding that increased funding for security research would help.