Navy Department makes it official, clearing way for deployment of WLANs

A new policy requires Navy and Marines to use strong encryption and intrusion detection.

The Navy Department has issued a new policy on wireless local-area networks, clearing the way for widespread WLAN deployments at Navy and Marine Corps bases and on ships, Navy and industry officials said. The policy requires WLAN users to install strong encryption and intrusion-detection systems.Mike Koehler, enterprise client program manager for the Navy Marine Corps Intranet (NMCI) at EDS, said he expects to add WLAN equipment to the NMCI contract in the beginning of 2007. The Navy needs the flexibility and mobility that wireless networks offer, and WLANs could be installed at every Navy and Marine Corps base, Koehler said. Capt. Robert Zalaskus, enterprise program manger at the Naval Network Warfare Command, said demand for WLANs is strong, particularly for shipboard applications. Sailors could use WLANs to more easily provide performance information on shipboard mechanical systems.John Lussier, the Navy Department’s acting chief information officer, signed the WLAN policy Nov. 30. The policy mirrors a servicewide message sent by the network warfare command in September. It lifted a moratorium on the use of WLANs in the Navy. The WLAN policy covers the Navy and Marine Corps. Like the command’s message, it mandates that WLANs conform to Federal Information Processing Standard 140-2, which requires encryption based on the Advanced Encryption Standard. The policy also requires Layer 2 Authentication.The Navy Department policy also resembles the command’s message because it calls for the use of an intrusion-detection system to identify unauthorized users who attempt to penetrate a WLAN installation. Zalaskus said strong intrusion detection is essential to ensure the safety and security of connections to Navy networks.Although the Navy Department policy specifically covers WLANs, the September message from the command lifted a moratorium on the use of commercial short-range Bluetooth wireless devices and long-range WiMax gear that use AES encryption and receive approval from the command.The Defense Department's office for networks and integration issued an even stricter set of wireless policy guidelines in June, and the Navy Department WLAN policy memo states that “requirements set forth by higher authorities take precedence over the policy established in this instruction.”The DOD policy requires that, in addition to AES encryption and intrusion detection, all DOD WLANs must: Koehler said EDS has already selected most of its WLAN gear for NMCI. Cisco Systems is one of the company’s partners on that project, but he said EDS has not yet decided on its partner for intrusion-detection systems that it will offer on NMCI.Stephen Orr, a senior consulting system engineer at Cisco, said the company can meet the Navy Department’s WLAN intrusion-detection requirements in its WLAN architecture.Amit Sinha, vice president and chief technology officer at AirDefense, which sells WLAN intrusion-detection systems, said Navy users who have received waivers to install WLAN systems during the past several years have selected the company instead of Cisco in installations that featured Cisco access point hardware.For example, the Navy chose AirDefense to provide the intrusion-detection system on the USNS Lewis and Clark, part of a new class of replenishment ships, even though Cisco supplied the rest of the WLAN infrastructure, said Kevin McCaffrey, AirDefense director of federal programs.Sinha said the new policy memo will drive the use of WLANs throughout the Navy and Marine Corps.
Editor's note: This story was updated at 12:30 p.m. Dec. 5. Please go to Corrections & Clarifications to see what has changed.





















  • Receive certification from the Wi-Fi Alliance that they meet commercial Wireless Protected Access 2, which supports AES and tough user authentication standards.
  • Pass end-to-end interoperability tests run by the Joint Interoperability Test Command.
  • Meet the National Institute of Standards and Technology's data at rest and data in-transit standards.
  • Have personal firewalls.
  • Use National Information Assurance Partnership-approved antivirus software.