Wireless on the battlefield

Commercial products not always best security solution for Defense Department

Concerns over battery life, the need for ruggedized machines and ever-present bandwidth issues are among the many obstacles that the Defense Department faces as it attempts to outfit soldiers with reliable, interoperable wireless communications on the battlefield.

But securing those communications is still far and away the biggest challenge the department must overcome. And despite a push to use commercial off-the-shelf (COTS) solutions to do it, those solutions may not be the best answer, according to some academic and industry experts.

Marine Corps Lt. Col. J.D. Wilson, team leader for tactical wireless in the program manager's office for communications systems, said the military has a "burning need" for tactical wireless communications and asked the private sector to develop the technologies necessary to make that happen. He spoke at an Armed Forces Communications and Electronics Association information technology conference earlier this month in Quantico, Va.

The problem for the military in using COTS solutions on the battlefield is that the solutions are being used in environments — and exposed to threats — for which the developers never planned, said John McHugh, senior member of the technical staff at the CERT Coordination Center at Carnegie Mellon University in Pennsylvania. "The information I've seen says we're in a lot of trouble," McHugh said.

Eugene Spafford, director of the Center for Education and Research in Information Assurance and Security at Indiana's Purdue University and a participant in a separate forum on wireless security in Washington, D.C., agreed. The issues surrounding security for wireless communications, he said, connect to a higher-level issue in government procurement: an over-reliance on COTS products.

Spafford said that although COTS products may be inappropriate for certain situations, the fact that they are more affordable than the alternatives means the government will buy them anyway.

"It's a symptom rather than a feature," he said. "Why would you use a COTS product for a high-reliance, high-risk environment" if it wasn't developed for that purpose? Instead, DOD should use a long-range architecture plan to accommodate systems on the battlefield, rather than buying COTS solutions and altering them, Spafford said.

Wilson said the Marine Corps uses traditional radios to send encrypted "data grams" through modems on voice networks to reach a destination, but would like to move to a wireless, peer-to-peer environment that would also enable multicasting and avoid "manual intervention."

The solution may come through DOD's Joint Tactical Radio System (JTRS), which is essentially a computer with a radio front end. The software-programmable, multiband, multiuse radio will permit communications across DOD services, something that has been difficult or impossible because of radio frequency problems, Wilson said.

DOD is requesting $172 million for JTRS in fiscal 2003, up from $165 million in fiscal 2002.

Still, there will be a time in the near future when traditional radios work side-by-side with software-programmable models, "and we'll need to be able to route and secure them properly," Wilson said.

Stephen Orr, a systems engineer for Cisco Systems Inc.'s DOD northeast division, said that even if industry comes up with a new form of encryption or other security device, it usually takes more than two years to get DOD approval.

That lag time means that hackers and other adversaries probably have figured out a way to beat it, McHugh said.

***

Solution seekers

A recent wireless forum brought together leading security experts from government, industry and academia to identify leading security problems associated with wireless proliferation and propose solutions.

The forum, "A Roadmap for a Safer Wireless World," was closed to the public, but the resulting recommendations will be released as a report "definitely by the end of June, if not before," said David Black, security technologies manager for Accenture, who moderated the event. "It's not necessarily going to be a consensus, but it will identify the major themes."

Accenture and the Center for Education and Research in Information Assurance and Security (CERIAS) at Indiana's Purdue University sponsored the event, held in Washington, D.C.

In addition to representatives from Accenture and CERIAS, roundtable participants included the Justice Department's Computer Crime Unit, the National Security Agency, the universities of Pennsylvania and Maryland, AT&T Labs, Intel Corp. and Cisco Systems Inc.

NEXT STORY: Letters to the editor