Wireless, classified data don't mix

The U.S. Defense Department has released a new wireless security policy that prohibits the use of devices such as cell phones and personal digital assistants to access classified data.

The new policy is actually an elaboration of a moratorium the Pentagon put in place in July 2001 in order to prevent the exploitation of wireless vulnerabilities.

The Secretary of Defense Office has asked the director of the National Security Agency to develop a database of wireless technology vulnerabilities, provide an assessment of the potential risks of specific wireless features and come up with recommendations for countermeasures. The office is also working on a knowledge-management process to help share strategies throughout the department.

The new policy, issued last week and effective immediately, states that wireless telecom or computer-related equipment or systems are prohibited from accessing classified networks or computers, or from being used as the primary means of communications for critical mission operations. The policy also prohibits downloading freeware or shareware enhancements to those devices.

Wireless devices that are allowed should have password protection or strong identification and authentication protection, such as public-key infrastructure or biometrics.