GAO Finds Hackers Could Exploit Wireless Vulnerabilities

By Matthew Harwood

The widespread use of wireless technologies, like WiFi-enabled laptops and smartphones, by government agencies has Congress's watchdog fearful that hackers could access critical networks and steal or manipulate sensitive information.

The findings of a wide-ranging 11-month-long audit of wireless security practices across 24 major federal agencies by the Government Accountability Office (GAO) are summarized in a report that concludes many agencies inconsistently apply leading security best practices and guidelines from the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST).

The report comes as the government tries to plug information security holes in the wake of WikiLeaks' disclosure of State Department cables. (CORRECTION BELOW)

The GAO found that numerous federal agencies have failed to:

  • manage their wireless networks centrally
  • establish configuration requirements for wireless networks and devices
  • properly train employees in wireless security practices
  • require secure encryption of wireless communications
  • monitor their wireless networks for suspicious activity

"Until OMB, DHS, NIST, and individual agencies take steps to fully implement leading security practices," the report warns, "federal wireless networks will remain at increased vulnerability to attack, and information on these networks is subject to unauthorized access, use, disclosure, or modification."

Of particular concern to GAO auditors was the threat of dual-connected laptops, or laptops connected to a wired network and a wireless network simultaneously. According to NIST guidelines, devices like laptop computers should only be allowed to access one network at a time. Nevertheless, the GAO found that many agencies did not address the risk of dual connection in their security policies.

The report cautions that dual-connected laptops could allow a hacker to exploit an insecure wireless connection to gain access to the wired network and sensitive information stored within. "Turning off or disabling the wireless capability when a laptop is connected to a wired network mitigates this risk," explains the GAO.


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.