WASHINGTON-Wireless security needs to be incorporated into the federal government’s network security, recommended government auditors in a report to Congress released earlier this month.
“The Government Accountability Office recommends that the director of the Office of Management and Budget instruct the agencies to ensure that wireless-network security is incorporated into their agencywide information-security programs in accordance with the Federal Information-Security Management Act. OMB generally agreed with the contents of this report,” said GAO.
At the request of Rep. William Lacy Clay (D-Mo.), GAO researched the controls available to assist federal agencies in securing wireless networks, analyzed the wireless-security controls reported by each of the 24 agencies under the Chief Financial Officers Act of 1990, and assessed the security of wireless networks at the headquarters of six federal agencies.
The GAO found:
- Nine federal agencies had no wireless-network security policy;
- Thirteen agencies had no established requirements for configuring wireless networks in a secure manner;
- The majority of federal agencies lack wireless-network monitoring to ensure compliance with agency policies, prevent signal leakage and detect unauthorized wireless devices; and
- Eighteen agencies do not provide training programs in wireless security.
“Without effective security controls for wireless networks, agency information is at risk of unauthorized disclosure, modification, or destruction,” said GAO.
As part of its research, GAO did a drive test of the nation’s capital. “We drove around 15 square blocks and using a commonly available wireless-network scanner, we detected over 1,000 wireless networks,” said GAO.