Federal government reviews wireless standards

The Department of Defence is reviewing policy on agency usage of unclassified wireless networks on the back of a US-led mandate.

The existing policy for Australian Defence personnel states that agencies should not use wireless communications for the transmission of classified information.

Where agencies have a requirement to transmit classified information using wireless communication, staff must use approved cryptography.

However, a Department of Defence spokesperson said standards and policies are being developed as part of a review that covers the whole of government.

"Wireless networks are an area of interest to government departments and as such is an area being actively reviewed by the DSD," the spokesperson said.

"Any policy changes for wireless will be included in the Australian Government Information and Communications Technology Security Manual (ACSI 33)." The next update to the manual is due in September.

In the US, the Department of Defense is looking to mandate the use of the IEEE 802.11i security standard for unclassified wireless networks so wireless vendors are encouraged to incorporate 802.11i into more products, which still have to be federally certified under the (US) Federal Information processing Standards (FIPS) 140-2 specification.

802.11i adds the requirement to use Advanced Encryption Standard (AES) for encryption of data. The downside is AES support may require new hardware for existing wireless local-area-networks (WLAN) due to a dedicated chip to handle both encryption and decryption.

Stan Burlingame, commercial wireless program analyst for the Communications and Programs Policy Directorate at the US Defense Department said only two US vendors have so far completed the FIPS 140-2 specification that are WPA2 certified (WPA2 lets only authorized users access a network.

Personal WPA2 utilizes a set-up password and Enterprise verifies network users through a server).

"We expect four vendors to complete the FIPS 140-2 and Wi-Fi certification in the next few months," Burlingame said.

"There are also two additional vendors going through validation through the National Institute of standards and Technology."