While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Wireless mesh technology, though not widely deployed within the federal government, is poised to play an important role in the Pentagon's plans for its Global Information Grid and the Homeland Security Department's efforts to link a national emergency communications network to first responders' wireless networks.
These are big jobs for a technology that's been around for a while but lacks wholesale acceptance. The Defense Department first developed mesh networking so that deployed military users could set up wireless networks quickly and give all radios in a network two-way capability.
In limited use since the 1980s, mesh has become more practical with the advent of smaller wireless cells, faster processing and routing protocols such as IEEE 802.11 and 802.16.
One reason for the government's slow adoption of mesh, according to a technology expert at the Office of Management and Budget familiar with the DHS efforts, is that most federal CIOs have larger communications concerns. "They have to maintain and protect wire-line IP networks and mission-critical databases before thinking about installing mesh technology," the official says.
Decentralized, highly flexible wireless mesh technology works at the signal and network layers so notebook PCs, personal digital assistants and myriad handheld devices can operate without benefit of land-line circuits. But mesh networks have benefits that other wireless topologies lack. Chief among these is the ability to self-configure, which means any software applications running on the network automatically work with any new access points, says Ronald Jost, acting deputy secretary of communications, command and control programs and policies at the Pentagon.
The mesh network's configuration and signaling rules re-route traffic anytime nodes within the network fail. The routing protocol within nodes and switches reads address headers attached to packets and sends traffic to unaffected links and, during heavy use, can route traffic away from congested portions of the network. These attributes translate into reliability, resiliency and continuity. For these reasons, DOD and DHS are moving ahead on projects that incorporate mesh topologies. But as the work progresses, some technical challenges must still be overcome.
DOD is interested in mesh because, ultimately, it plans to assign an Internet Protocol address to virtually every item in its stock, from refrigerators and helmets to bullets and missiles, says Bruce Fleming, divisional technology officer for Verizon Federal Network Systems. That would not only help DOD locate supplies anywhere on the planet, but also let it pinpoint the location of platoons and even individual soldiers.
"Look at the capabilities of giving an IP address to individual military units and using wireless technology to communicate with it," Fleming says. "I can talk to a bullet that's been assigned an IP address and direct it to hit a certain part of an enemy tank. I can then key in that bullet's IP address and direct subsequent firepower to aim for that address."
To accomplish this and more modest functions, however, requires that the department step up to a greatly expanded IP address pool and move from the current IP version to IP Version 6, which DOD intends to do departmentwide by 2008. Wireless data networks on an IPv6 layer are also part of a larger strategy linking submerged submarines, land-based operations and airborne platforms, such as unmanned aerial vehicles, with mesh technology. That way, if one link fails — a drone UAV gets blown out of the sky, for instance — the rest of the network keeps on operating.
Similarly, Homeland Security is eyeing the technology as it builds a stable and interoperable national communications platform so firefighters, police and hazardous-chemical teams can ensure communications across federal, state and local organizations during natural and manmade disasters.
"DHS is intimately involved in next-generation networks like any agency seeking connectivity for broad geographic areas," says the OMB technology expert who has knowledge of the program and budget plans at the department. "They've been charged with tying together various radio and cellular frequencies around the United States into a single network that can be available at a moment's notice. It's a more difficult undertaking than building one from scratch."
Additionally, the use of mesh technology dovetails with Homeland Security's March 2003 designation by the White House as the lead agency for physical and cyber-protection of the nation's telecommunications networks. DHS' search for a coast-to-coast emergency system falls under the aegis of the National Communications System.
NCS coordinates the planning and provisioning of national security and emergency preparedness communications. DHS is a long way from designing a communications network — wireless or otherwise — for emergency, attack, recovery and reconstitution. In grades released late last year, the 9-11 Commission gave DHS a combination "F" and "C-" for failing to create a nationwide emergency network and for not providing enough radio spectrum for emergency responders following Hurricane Katrina's devastation along the Gulf Coast.
Mesh will play a part in the DHS effort, Fleming says. "DHS in the next decade will be looking for homogeneous transport and backbone networks to connect all these different services using off-the-shelf and/or commercial equipment easily available and affordable for local police and firefighters to install," he says.
State and local solicitations for mesh network deployments are up slightly and demand for wireless mesh networking equipment is starting to grow substantially, telecom analysts say. According to reviews of state and local requests for procurement by market researcher In-Stat of Scottsdale, Ariz., demand for wireless mesh access points, software and other equipment from vendors such as Cisco Systems, Microsoft, Motorola and Proxim Wireless should reach $974 million by 2009, up from $33.5 million in 2004.
Though vendors — well-known and otherwise — are starting to sell mesh networking access points and management software, standards are still being worked out by the IEEE 802.11 Committee. The main concern of the committee is security.
Currently, the standards apply only to indoor interoperability and at the level of customer premises equipment.
As the number of users on a mesh network increases and access points multiply, so do the opportunities for breaches in physical and logical security. When creating local area networks within an organization, access points also act as connectivity points. When tying the mobile portion of the network to the landline IP backbone, delivering Ethernet connections to all access points gets expensive and cumbersome.
Though mesh technology lets users operate beyond the edge of the physical network, such as on battlefields or in hurricane-decimated areas, security can be an issue, Fleming notes.
As each new user logs on to the network, logical and physical security decreases. Because mesh networks make any software application on its network operable on any wireless devices attached to the network, all devices in effect become access points. Without encryption or other digital key protection, the entire network becomes vulnerable to attack, a probability that grows with the number of access points — or users — on the network.
"One of the ways [attackers] would hit a mesh network would be to send barrels of traffic down a secondary or tertiary link," Fleming says. "I see that my secondary and tertiary links are getting all that traffic, so I start to move that traffic on to primary links. Then the attackers flood the primary links, compromising them as well. All of these access points can be accessed, so people who use mesh for security are on the wrong path."
Mesh networks also have stability concerns. As density increases, so does instability, says Ryan Crum, a network security analyst for PriceWaterhouseCoopers.
"If I have a node with 16 links and I have problems with one or two links and they fail, network usage goes up slightly but the node keeps operating correctly. And it doesn't affect the network too much at this point," Crum says. "If I have 320 links on one switch and a lot of those links fail, I'm facing congestion as the node continually tries to bring those links up. If you have too many congested switches starting to wobble, you quickly go from link congestion to switch failure. A switch will always protect itself." If a switch has a problem, it will shut itself down.
All that being said, there are good reasons for the move to mesh, according to OMB's technology expert. "These networks are for resiliency, not robustness."