Pentagon scrutinizes handheld security

The Defense Department is conducting a top-down review of security concerning

the use of personal electronic devices, including palmtop computers, certain

pagers, cell phones and laptop computers.

The review is part of a larger DOD effort to institute tougher security

measures and to treat the Pentagon as a command center for the nation's

defense.

"The basic concept of the renovation has evolved from treating the Pentagon

as an "office building' to the recognition that it is in fact a "command

center,' " wrote Rudy de Leon, deputy secretary of Defense, in a July 14

memo.

Arthur Money, the assistant secretary of Defense for command, control,

communications and intelligence, is conducting a review of "all physical

security policies to ensure they remain applicable in today's technologically

sophisticated environment," according to de Leon's memo, which went to

top leaders in the Pentagon.

Pentagon spokeswoman Susan Hansen declined comment because the review is

still in process.

Martin Libicki, a senior policy analyst with the think tank Rand Corp.,

said the devices under review can be configured to pose threats in three

general areas: remote access to networks, electronic eavesdropping and data

removal. For example, a personal digital assistant (PDA) might be configured

to download information and remove it from the building.

"In theory, a [palmtop computer] has the capacity of a floppy disk.

A person might only remember 100 words of text but can download thousands,"

Libicki said.

Officials at the Air Force Research Laboratory (AFRL), which develops

some of the service's most advanced technologies, are also crafting a policy

to deal with security risks posed by the proliferation of electronic devices,

and lab officials are debating whether it should be a formal or an informal

policy.

Among other things, AFRL recommendations forbid the use of wireless

PDAs and the use of privately owned PDAs for official business.

"If I issue a government PDA and classified information gets on it,

and the only approved way of cleaning it is to destroy it, that's OK. But

if they own it, they would be quite upset with me when I destroy their PDA,"

said Jeffrey Pound Sr., AFRL chief technology officer.

Pound pointed out that current policies already address some concerns.

Two-way communications devices such as cell phones and two-way pagers are

already forbidden in sensitive or classified areas. But with the proliferation

of new electronic devices, he said, current policies might not be enough.

"A PDA, you could argue, is not a two-way communications device, but

walking in, linking it up to a computer, downloading information and walking

out again, in my mind, constitutes a two-way communications device," Pound

said.