When using WiMAX, "a VPN can give you more direct control over your security without having to rely on a third party," says NIST's Karen Scarfone.

Oct 07 2010
Mobility

When Disaster Strikes

As WiMAX emerges, does it offer a COOP option for secure communications?
by Google+

Dan Tynan is a freelance writer based in San Francisco. He has won numerous journalism awards and his work has appeared in more than 70 publications, several of them not yet dead.


NOVEMBER 2010


E-NEWSLETTER

» When Disaster Strikes


» Wireless Management Matures


» Maximizing 802.11n


» Aruba's Manageable Gear

When, not if — that’s the be-prepared attitude that federal IT and security officials take toward continuity of operations planning.

Agencies are no strangers to calamity. Over the past 10 years, jumbo jets plowed into buildings, a Category 5 hurricane wiped out a major city and a deep-sea derrick dumped millions of barrels of oil into the Gulf of Mexico. In every instance, the federal government took part or led the response and has worked to provide mobile IT and communications infrastructures that can keep up with the demands of disaster recovery and continuity.

If September 11, Katrina and the Gulf spill have had any positive effect, it’s been in driving agencies to map out plans for keeping the lights on and the government running when disaster strikes. Increasingly, those plans rely on equipping employees with mobile communications tools, whether radios, smartphones, 3G tablets or wirelessly connected notebook computers.

The first task always is enabling first responders to communicate with one another and their counterparts in other agencies securely and reliably, says Mark McNulty, MSSI vice president for Motorola, which works on COOP initiatives with the departments of Homeland Security, Justice, Interior and Defense. A major hitch, he says, is that in a disaster, commercial communi­cations networks often are unavailable, and different agencies may employ incompatible wireless technologies.

While some agencies, including the Homeland Security Department, have begun providing 3G smartphones to their employees who handle disaster response, others are looking toward emerging WiMAX technology, which is advantageous for COOP because its mobile broadband capabilities offer greater bandwidth than 3G. The bandwidth bump is helpful both for first responders and for supporting feds who might need to work from home or other remote locations for extended periods.

But as a horizon technology, WiMAX is not without its challenges, including availability and security.

Ready for Anything

“One challenge for federal agencies in these situations is access to the communications network, assuming it still exists and isn’t oversaturated with traffic,” McNulty explains. “You also need to enable communications among multiple levels of government responders, whether federal, state or local — many of which may be using different frequency bands, encryption algorithms and radio channels.”

McNulty says most agencies have standardized on mobile two-way radios that follow the Project 25 (P25) specification, which enables different communications systems to exchange voice and data securely over the same frequencies, and also supports legacy encryption technologies. Different agencies can also deploy wireless Ethernet bridges to bring deployable communications infrastructure into their internal networks in times of crisis, he adds.

“The DHS CIO has distributed systems and data over a large geographical area, with redundant systems for power, communication, security and services being used across the department,” says Larry Orluskie, the department’s director of communications. “The DHS CIO’s COOP program is to ensure that other components, which rely on IT services for national security and critical infrastructure protection, have their hosted systems and data ready and available for use as needed.”

But because WiMAX communications carry over ranges of miles, threats to communications can be almost anywhere within a metro area, says Karen Scarfone, a computer scientist with NIST’s Systems & Emerging Technologies Security Research Group. Agencies must take additional precautions, especially when they’re relying on commercial providers for WiMAX services.

“Whether you’re using a local area network, cell network or WiMAX, any time you’re going from your own internal network to an external network that’s not under your control you should assume it’s untrusted,” Scarfone says. “That means you should always encrypt sensitive data sent over that communications network.”

Protected and Continuous Access

Working with consultants from Booz Allen Hamilton, Scarfone created a set of security guidelines for WiMAX connectivity that was published in draft form by NIST last fall. The guidelines recommend using FIPS-140-validated encryption to protect communications. Some WiMAX networks have this capability built in, while others need to add it using technology such as virtual private network (VPN) tunnels.

“Organizations using a VPN blanket for all their WiMAX communications don’t need to worry about what the carriers are doing,” Scarfone points out. “A VPN can give you more direct control over your security without having to rely on a third party.”

Even then, agencies will need to build in contingency plans for when WiMAX or other wireless technologies are unavailable, notes Bill Roberti, a former Army colonel who heads up the public sector group for management consultants Alvarez & Marsal.

Roberti says he was in the air headed for New York City on Sept. 11, 2001, and on the ground in New Orleans when Katrina hit. In both instances, he says, wireless carrier networks were immediately overwhelmed and rendered useless.

“After Katrina, the Louisiana State Police had no way of getting in contact with the Orleans Parish Police,” he says. “You can’t just assume this technology will work in a crisis. You need to plan for these kinds of things on the front end. By the time you get into a disaster, it’s too late.”

Overall, though, Motorola’s McNulty says agencies are better equipped to handle catastrophes than they were 10 years ago.

“Across the government, everyone is thinking about continuity of operations and wanting to ensure that the problems of previous emergency situations are not repeated,” he says. “I believe the federal government is much better prepared than it was on 9/11 or during Katrina. It’s learned from its previous experience and is building that knowledge into the continuity of operations plans of today.”

Four Keys to WiMAX Security

Thinking about baking WiMAX wireless connectivity into your disaster recovery and continuity of operations plans? The National Institute of Standards and Technology has some suggested best practices for agencies to follow:

  • Develop a robust security policy and enforce it. Make it part of a wireless metro area network (WMAN) security policy that encompasses all WMAN communications, not just WiMAX, says NIST’s Karen Scarfone.
  • Pay attention to technical countermeasures first. Define who has authority to make changes to WiMAX systems, as well as procedures for authenticating personnel and auditing activity, before the system is in place. Evaluate the technical countermeasures provided by a WiMAX system before selecting a solution.
  • Require mutual authentication for all WiMAX devices. Some WiMAX configurations allow base stations (which connect end-user devices to wireless networks) to authenticate subscriber stations (which connect base stations to one another) but not vice versa. Lack of mutual authentication could allow adversaries to create rogue base stations that can steal information from or launch denial-of-service attacks against subscriber stations.
  • Implement FIPS-validated encryption. To meet federal guidelines, WiMAX systems must support FIPS 140-2 or employ virtual private networks that support the standard. Insufficient encryption could allow eavesdropping or redirection of sensitive communications.



WiMAX Availability Worldwide

The availability of WiMAX services varies widely, and the pace of rollout in the United States falls far below other locations around the globe, particularly in Europe.

But this June, sweeping WiMAX coverage became available in Washington, extending far out into the suburbs of the nation’s capital.

Here’s a look at the most recent global availability figures from the WiMAX Forum. These reflect potential use within coverage areas.

Asia Pacific: 237 million users
Europe: 115 million users
Latin America: 113 million users
Africa and the Middle East: 108 million users
North America: 47 million users



Beyond Smartphones

While 4G smartphones are a necessity for tapping WiMAX service with a handset, manufacturers of a wide range of devices have begun integrating 4G receivers.

These range from notebook computers (Lenovo’s T410 ThinkPad) and netbooks (the Samsung’s NC10) to USB dongles (Sprint’s 3G/4G Mobile Broadband U301 modem) and routers (CradlePoint’s 3G/4G Failsafe Gigabit N Router).

From a use perspective, a WiMAX system consists of two key elements:

  • WiMAX receiver: The receiver and antenna can be a stand-alone device, a PC card or USB stick — or a built-in component in a computing platform.
  • WiMAX tower: A single tower, which essentially serves the same purpose as a cell-phone tower, can provide extensive coverage — as vast as 3,000 square miles.
<p>Photo: Michael JN Bowles</p>

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now