Report: Homeland Security vulnerable to wireless hackers
From Jeanne Meserve
CNN Washington Bureau
WASHINGTON (CNN) -- Although charged with making the nation more secure, the Department of Homeland Security has not taken the steps needed to secure its own wireless communications, according to a report from the department's Inspector General.
Wireless messaging services played a critical role following the September 11, 2001 terrorist attacks. While cellular telephone service was out, key personnel remained in contact using messaging services.
But wireless technology can facilitate unauthorized access to wired networks and data through eavesdropping or theft. Those vulnerabilities increase the need for strong security controls.
The Inspector General says the department has not established security measures to protect its wireless networks and devices.
As such, the report concludes that Homeland Security cannot ensure that its sensitive information about terrorist threats and security is not being monitored, accessed, and misused.
A Homeland Security handbook, for instance, does not give instructions on how to report and deactivate stolen handheld devices.
In some instances, security controls that have been instituted do not provide adequate protection or were not implemented. The Inspector General found instances in which there were no firewalls between wired and wireless networks, or checks to see if rogue devices had been introduced.
In some tests, investigators detected Homeland Security wireless signals broadcasting beyond the perimeters of secure facilities.
"We detected wireless signals ... in the parking lot, on public roads behind the facility, and in the surrounding residences," the report says. "These wireless signals create security vulnerabilities such as eavesdropping and denial of service attacks."
Investigators also detected wireless signals from surrounding residences and businesses within some Homeland Security facilities.
"These signals can be used to monitor or gain access to DHS wireless networks and sensitive data," the report says.
The Inspector General makes five recommendations for improving wireless security in the department.
In a written response, the department said it has already taken steps to implement the recommendations.