Pentagon scrutinizes handheld security
The Defense Department is conducting a top-down review of security concerning the use of personal electronic devices, including palmtop computers, certain pagers, cell phones and laptop computers.
The Defense Department is conducting a top-down review of security concerning
the use of personal electronic devices, including palmtop computers, certain
pagers, cell phones and laptop computers.
The review is part of a larger DOD effort to institute tougher security
measures and to treat the Pentagon as a command center for the nation's
defense.
"The basic concept of the renovation has evolved from treating the Pentagon
as an "office building' to the recognition that it is in fact a "command
center,' " wrote Rudy de Leon, deputy secretary of Defense, in a July 14
memo.
Arthur Money, the assistant secretary of Defense for command, control,
communications and intelligence, is conducting a review of "all physical
security policies to ensure they remain applicable in today's technologically
sophisticated environment," according to de Leon's memo, which went to
top leaders in the Pentagon.
Pentagon spokeswoman Susan Hansen declined comment because the review is
still in process.
Martin Libicki, a senior policy analyst with the think tank Rand Corp.,
said the devices under review can be configured to pose threats in three
general areas: remote access to networks, electronic eavesdropping and data
removal. For example, a personal digital assistant (PDA) might be configured
to download information and remove it from the building.
"In theory, a [palmtop computer] has the capacity of a floppy disk.
A person might only remember 100 words of text but can download thousands,"
Libicki said.
Officials at the Air Force Research Laboratory (AFRL), which develops
some of the service's most advanced technologies, are also crafting a policy
to deal with security risks posed by the proliferation of electronic devices,
and lab officials are debating whether it should be a formal or an informal
policy.
Among other things, AFRL recommendations forbid the use of wireless
PDAs and the use of privately owned PDAs for official business.
"If I issue a government PDA and classified information gets on it,
and the only approved way of cleaning it is to destroy it, that's OK. But
if they own it, they would be quite upset with me when I destroy their PDA,"
said Jeffrey Pound Sr., AFRL chief technology officer.
Pound pointed out that current policies already address some concerns.
Two-way communications devices such as cell phones and two-way pagers are
already forbidden in sensitive or classified areas. But with the proliferation
of new electronic devices, he said, current policies might not be enough.
"A PDA, you could argue, is not a two-way communications device, but
walking in, linking it up to a computer, downloading information and walking
out again, in my mind, constitutes a two-way communications device," Pound
said.
NEXT STORY: Pentagon to outsource network ops