The new five-page supplemental policy was approved June 2 by the networks and information integration office of the DOD to update its April 2004 Directive 8100.2, which laid out general policies and responsibilities for all commercial wireless devices used by departmental personnel.
Key among the new rules are requirements that network intrusion-detection systems constantly monitor wireless activity and policy violations on all Defense Department wired and wireless networks, as well as requirements mandating the use of open-standard 802.11i WLAN product certification. The availability of the 802.11i wireless protocol gives the department more flexibility to use open standards-based, commercially available products to create a more secure and interoperable network, according to the DOD.
Danny Price, deputy director of the policy communications directorate of the Office of the Assistant Secretary of Defense, said rules updates are typically done every two years so the agency can keep up with improvements in technology and bolster security.
"You either update your policy because there's something new on the requirements side ... or you update the policy when new capabilities are available to implement," Price said. "This was a little bit of both."
This round of new rules only specifically targets wireless LAN operations in the DOD. The new rules don't apply to other wireless or cellular technologies, which could be candidates for specific updates in future memorandums, according to the department.
The new WLAN rules will help "enhance current security posture and set a foundation and road map for increased interoperability that embraces open standards," Price said.
The original 2004 directive said that more complex commercial wireless data encryption by the department would be required as it became available from commercial vendors, Price said. That led to the June 2 update, he said. The previous wireless encryption rules were more general, reflecting the less specialized offerings then on the market, he said.
By using the 802.11i standards, the military can "leverage commercially available equipment instead of having to develop our own," Price said. Higher government certification programs are then used to ensure that the commercial products provide the necessary protection before they are bought and integrated, he said.
"You establish standards, industry builds up to those standards, then you go farther than that," he said. "That certification process is stipulated in this memo as well."