Federal buyers still wary of wireless

Potential buyers of wireless solutions abounded at the 27th annual FOSE government IT trade show, but some industry observers noted many potential buyers were still hesitant, citing inadequate security guidance from their agencies.

"There still needs to be clarification as to which agency policies apply to users. There is still a certain lack of clarity," said Sonya Verheyden, who is a manager of government channels and marketing for Research in Motion Ltd., of Waterloo, Ontario.

Verheyden said that many agencies do have policies that determine the security standards for transmitting data wirelessly, but end-users are still unsure of how, or if, those policies apply to them.

"A lot of what we have been doing [at the FOSE show] is education?explaining what Triple-DES, FIPS-140- and S/MIME mean," Verheyden said.

Triple-DES is a government-validated encryption algorithm based on the Data Encryption Standard. FIPS-140 is the Federal Information Processing Standard, the federal security requirements for IT products handling sensitive, but unclassified, or SBU, data. S/MIME stands for Secure/Multipurpose Internet Mail Extensions, a protocol for encrypting e-mail messages.

Research in Motion uses all three standards for its BlackBerry two-way paging devices. The company recently received FIPS-140 certification for Java-based software.

"FIPS-140 is the baseline" for providing secure products to the government, Verheyden said.

Verheyden said initial purchasers of the BlackBerry were agency chief information officers and other executive early-adopters. Now the company is aiming for greater sales among the rank-and-file of government users.

"In today's environment, everyone needs to be connected," she said.

Connecting everyone, however, might be a challenge. Potential wireless security purchasers are still wary of buying until agencies set up more polices to guide wireless device use, said one participant who wished not to be named. Too many agencies have not set guidelines for new technologies, and so potential users decline to look at solutions, the observer said.

While there are standards being developed at the Defense Department, the National Institutes of Health, and the National Institute of Standards and Technology, such standards are not enforceable policy, the observer said. The Pentagon actually has banned the use of wireless devices altogether.

One possible solution to the problem is that the if the wireless industry comes up with working drafts that would help agencies set policy use, the observer said.

Kris Fouts, a marketing and communications manager for long-time government wireless solution provider Intermec Technologies Corp., Everett, Wash., said that one of the missions of the company is to make sure "it stays up to date with what agency policies are" concerning transmission of data through wireless devices, a job that has grown more complex since Sept. 11, 2001.

"All the policies have not been flushed out as to what they mean" for contractors, she said.

Intermec was showing its new 700 Series mobile computers, which can communicate wirelessly in three different formats?wide area network, personal area network and local area network protocols, Fouts said.

One early adopter of wireless seems to be the Department of Veterans Affairs.

Care Fusion Inc., McLean, Va. was showing its wireless-based nursing workflow solution. It allows nurses to keep track of patient medications and vital statistics through the use of barcodes, which patients wear on wristbands and are scanned by portable digital assistants. VA uses the solution in five hospitals, said Chris Hill, who is vice president of marketing for the company.

Fortress Technologies, Oldsmar, Fl. is about half way through an agency-wide implementation for its wireless security solution for VA, said David O'Brien, who is the director of civilian government sales for the company.

The VA uses mobile carts to dispense medication that are wirelessly connected to servers that can send and receive patient information, O'Brien said. Fortress provides the security solution for the VA's 169 hospitals. The hospital needs to comply with Health Insurance Portability and Accountability Act, which requires that patient information be kept confidential.

Since the patient identification numbers for the hospitals are Social Security numbers, and medication does can give some indication of the type of ailment they may be suffering from, it is necessary that the information be encrypted, said O'Brien.

Fortress' solution was acquired through PlanetGov Inc., Chantilly, Va. under the second iteration of VA's Procurement of Computer Hardware and Software contract. O'Brien said that the total of the sale was "over $1 million."

Fortress' solutions, which the company is marketing for sensitive-but-unclassified markets, consists of client software, which runs about $40 per unit, and a gateway appliance, which costs $1,600 for a model with 11 megabit-per-second throughput and $5,200 for the model that has a 65 megabit-per-second throughput.

The individual transmission packets are encrypted through a variety of government-approved encryption techniques. Fortress's solution is unique in that each transmission packet is given a pseudo-Media Access Control address. All devices have MAC addresses, but a pseudo MAC-address obscures the real address of the device.

As a result, even if an eavesdropper is able to intercept a packet and break its encryption, he won't be able get any information from the packet headers that will allow access to the network, O'Brien said.

Other vendors also had solutions to address the security problems inherent in wireless data communications.

Vernier Networks Inc., Mountain View, Calif., is offering an access manager gateway that validates users of a WiFi network. Before being allowed on the network, a user must be validated through an organization's user directory, so unauthorized users of a network won't have access to any of the organization's resources.

Symbol Technologies Inc., McLean, Va. is showing of a new, as of yet unnamed wireless switch. Symbol's approach is different from other network setups, said Mark Cipriotti, who is a senior systems consultant for the government systems unit of the company. The company offers the switch in conjunction with what it calls wireless access ports. An access port is different from a standard access point in that it is configured and run from the switch, rather than as a stand-alone unit. This saves administration time, as all configuration can be done from the switch, rather than at each of the access points that may be located around the office points.

FOSE is produced by Post Newsweek Tech Media, publisher of Washington Technology.