Birds on the Wire

Birds on the Wire

Wireless LANs were supposed to change the way we work and live, but the reality - at least where government is concerned - is very different.

With their varied and often geographically distributed operations, government departments have long been enthusiastic users of wireless communications technologies - point-to-point microwave links for linking buildings, for example, or entire wireless communications networks for exclusive use by police, fire and other emergency services.

The government's collective comfort with wireless communications would have led many vendors of wireless local area network (WLAN) equipment to assume that the sector would be an easy target in an overall market that analysts had given rosy prospects. Years later, however, the picture remains far less optimistic.

Certainly, somebody is buying WLAN equipment. An IDC assessment of the 2003 Asia-Pacific (except Japan) market said the total market grew 67 percent that year, to be worth around $US250 million. IDC attributes $US133.35 million of this to enterprise customers. However, sales of enterprise switches - necessary to manage large numbers of WLAN access points - were just $US4 million, confirming that very little of the revenue that IDC classifies as "enterprise" is coming from the big end of town where government and big business dominate. Rather, SMEs would account for the bulk of current enterprise revenues, with home users making up nearly as much at $US117.2 million.

That companies see promise in WLAN technology is without question. In a recent user survey conducted by Nortel Networks, for example, 86 percent of respondents agreed that WLANs would increase employee mobility and 60 percent perceived WLANs as "critical" to improving employee productivity.

Seeing is not necessarily doing, however: only 14 percent of respondents were actually implementing WLAN technology, with an additional 20 percent deploying it in limited departmental settings. The other two-thirds, by inference, are still watching and waiting - and that was in the commercial space. Government, where experience has shown a much more conservative attitude, has all but ignored WLAN in its network upgrades.

Beating the Security Bugbear

Google searches and anecdotal discussions confirm that if Australian government departments are using WLAN, they are not telling anybody about it. Or, as is the case in many companies, they may be using it but do not even know it - in the form of "rogue" access points installed for the use of one or a small group of employees in a local area. In dense commercial areas, employees could even be connecting sensitive government laptops to open access points that other organizations have implemented and failed to secure.

That such casual access to WLAN resources is even possible reflects the industry's ongoing push to make access points easy enough for home users to install and manage. Its security implications, however, are significant. A recent Gartner security summit warned that WLANs would be a major security issue for most organizations through to 2008, with 70 percent of WLAN attacks due to misconfiguration of WLAN access points and client software. One bad WLAN, it appears, can spoil the whole network.

Security of WLANs has been a major stumbling block for the technology ever since the successful penetration of its rudimentary WEP (Wireless Equivalent Privacy) encryption technology several years ago. The idea that a third party could potentially listen in on WLAN traffic has, not surprisingly, been enough to put most government organizations right off the technology.

"The Department of Foreign Affairs and Trade does not use wireless technology," a DFAT spokesperson recently reported. "The nature of the technology means it is inappropriate to use near secure systems."

Similar responses from other Commonwealth agencies confirm that the spectre of WEP is still proving hard to move past. Broadly, government approval for the use of WLANs is restricted to systems handling unclassified - publicly releasable - information. This rules it out within most departments, where even slightly sensitive information is deemed too important for any potential security compromises a WLAN might introduce.

Fortunately for those interested in the technology, post-WEP security standards including WPA (Wi-Fi Protected Access), its successor WPA2, and now the recently ratified IEEE 802.11i, have progressively both tightened and standardized the encryption of information over WLANs. One particularly helpful feature of WPA2 and 802.11i is their ability to use AES (Advanced Encryption Standard) encryption technology, which was developed by the US Department of Defence and is now in common usage by government organizations around the world.

In theory, confidence in the underlying technologies should ultimately increase overall government confidence in the security of WLAN technology. As newer equipment rolls into the market, vendors are hoping their increased security will give them a second chance to woo government clients.

The Business Case That Wasn't

Proving WLANs are secure is only the beginning of the challenge facing the industry, however. Far more problematic is the simple fact that many government organizations will struggle to build a viable business case for the technology no matter how well it works.

Within private sector companies, WLAN's ability to improve personal and process productivity has made it acceptable for a range of applications. Warehouse management, for example, has become unthinkable without the benefit of an appropriately implemented WLAN, while wireless boardrooms and common areas are becoming more frequent. Competitive pressures in the private sector dictate that similar companies will all move towards WLAN technology for such applications, even if it is simply to introduce convenience for employees. By inference, competing firms will need to follow suit to avoid being left behind.

In tightly controlled, cost-conscious government bodies, WLAN projects will need a very clear business benefit to get past even the brainstorming stage. Given the already well established aversion to WLANs' perceived poor security, vague promises of personal productivity benefits will certainly fail to inspire stakeholders during risk-benefit analysis. Indeed, many government organizations will never be able to justify a WLAN rollout against conventional project assessment criteria.

Lack of compelling enterprise-type applications within government has led analysts to look outside the proverbial "four walls" for potential killer apps. Tim Gower, London-based senior analyst with Datamonitor, recently authored a report on the subject and believes that the embracing of WLAN within government will ultimately come not through conventional projects within departments, but through the gradual trickling-up of projects initiated at a local level.

As an example, Gower points to the Westminster 4G project, in which central London's Westminster Council has blanketed the Soho district with Wi-Fi coverage and is gradually expanding the network's footprint across its entire council. Initially, the network will provide a cheaper way for connecting CCTV surveillance cameras and noise monitoring equipment, which becomes very expensive when installing each new device requires ripping up pavement and laying of wires. The council estimates the Wi-Fi network could save the council £30,000 per camera while allowing cameras to be moved around according to changing police requirements.

Over time the network's usage will be expanded to allow, for example, council workers to lodge reports and access databases while walking through the streets. It could eventually provide Wi-Fi services to the general public, although the possibility of such a move raises a number of thorny regulatory and commercial issues.

Similar projects are emerging the world over as local government authorities toy with public WLAN services. In Australia, Queensland's Redland Shire Council recently partnered with private sector organizations to roll out an extensive WLAN network that is being paired with live mentoring, software, taxation and legal advice at a starting price of $160 per month. The service is initially targeted at encouraging innovation and a sense of community amongst area SMEs, but over time the range of applications to which it is put will likely increase.

Experiments with various delivery modalities will typify the experience of WLAN within most government bodies for the next few years. Gower believes the creation of dual-purpose WLAN networks will help many government organizations both justify the technology from a commercial sense, and give it the internal impetus to begin limited trials. Carefully controlled access to a blanket WLAN could, for example, allow council workers to log in to their work systems over encrypted virtual private networks (VPNs).

"It's going to have far more relevance for government departments if they can get past security concerns and deploy it for its productivity benefits," Gower says.

While this structure might be appropriate at a local level, however, it would not easily translate to a state or Commonwealth government agency. There, the first breaks for WLAN will likely come when specific business plans can be constructed to achieve particular goals - and when the means to reach those goals satisfy the requirements of existing security control policies.

One problem WLANs face in government is that there are likely many other ways to get the job done. Department buildings are typically well and truly saturated with fixed network points, so access to the more secure fixed network is often not a problem. In such situations, the slight convenience of WLANs will struggle to be seen as being worth the potential security issues they would introduce.

Similarly, out in the field there will likely be a number of alternative ways of getting the message across. Some vendors talk about the potential for wireless VoIP, but mobile and satellite phones are well established, highly directional, have universal coverage and are relatively secure compared to public access WLANs. And even though VPN encryption provides a way for remote workers to safely connect to the department's headquarters via Internet-connected WLAN nodes, it is often just as easy to have them dial in or connect to a fixed ADSL line at their home office. Although there are thousands around the country, public hotspots simply do not have the mind-share and acceptance of more conventional remote access methods.

Meta Group has suggested that wireless e-mail will be a key driver for uptake of WLAN technologies, with fully half of enterprises expected to have wireless e-mail in place by 2006 or 2007 and other projects expected to follow soon afterwards. Those projects will largely focus on a specific goal, such as field force automation. Such services are not necessarily as valuable in government, however. For now, WLAN usage inside and outside the government will probably remain sporadic, if present at all.

Teaching the WLAN Spirit

The only government body where WLANs have enjoyed significant momentum is within the various state departments of Education and Training. Security issues or no security issues, the potential benefits of mobile learning content delivery have driven most education authorities to consider, if not roll out, WLAN technologies across at least a few of their schools.

The value of WLANs as a strategic learning tool was appreciated years ago. In a 2002 submission to the government's Inquiry into Wireless Broadband Technologies, the Western Australia Department of Education and Training noted the "importance and convenience of wireless in the education sector". There, almost every new school is built with Wi-Fi access points, a move that had increased penetration of notebook PCs from 10 percent to 60 percent within a short period of time.

"We have had terrific success with 'narrowband' wireless in ordinary classrooms," ICT consultant Keith Lightbody noted in the submission. "Students using wireless laptop computers in a classroom show much greater integration of the technology with lessons than desktop computers - even those in collaborative clusters. Wireless networks provide great freedom for the users . . . constant access to critical information . . . and smaller, more mobile devices that are less intrusive and save space in the classroom."

Gradually, state governments are taking up the call. Education Queensland is working through a wireless deployment, while the Victorian Department of Education and Training will this year begin rolling out thousands of WLAN access points as part of its $6 million Wireless Networks for Schools (WiNS) project. Similar projects are likely to gain traction nationwide as the benefits of mobile learning become widely recognized.

Towards a WLAN Future

Successful (read: secure) rollouts across various state educational departments could provide valuable impetus for the idea of extending WLANs into other departments - as long as the business case adds up. Interestingly, those educational departments that are normally accustomed to reacting to changes in policy at other levels of government will here get the chance to take on an advocacy role and advise other parts of government about the realities and pitfalls of WLAN deployment.

Analysts expect that consolidation around the IEEE 802.11i WLAN security standard, which resolves ongoing issues with vendor-proprietary security schemes, will go a long way towards improving government organizations' confidence in the technology. Datamonitor, for one, believes the situation is improving rapidly, having forecast global WLAN service, consulting, equipment and maintenance revenues from government customers will nearly treble from $US81 million in 2003 to $US225 million in 2006.

Still others will never buy into the WLAN dream. An October 2004 survey of European end users by IDC found that only 8 percent of respondents were interested in WLAN hotspot services. Equally important, only 36.7 percent said they had a formal mobile data strategy.

Lack of WLAN policies could become chronic problems at departments that have simply failed to give WLANs more than cursory attention so far. These include many of Australia's largest departments, whose relatively mature IT infrastructures may see them set the pace when it comes to WLANs.

If they are the ones setting the pace, however, even Datamonitor's projections could be hopelessly optimistic. "We're currently not using wireless technology and don't have any immediate plans to use it," says a Centrelink spokesperson, echoing the mood within myriad other government organizations. "We are investigating the potential benefits and costs, but haven't gotten to the stage of developing a business plan."

Countering government organizations' scepticism about WLANs may take time, but it is not too early for government organizations to start planning for them now. Bjarne Munch, senior research analyst with Meta Group, believes that even in departments where WLANs are banned, it is incumbent to at least have a formal written policy about why that is the case. Policies should also spell out the consequences of violating that ban - for example, by installing rogue access points.

Such policies can also be implemented as a stepping stone towards longer-term WLAN plans, even if just because they encapsulated the criteria by which the department is measuring potential returns on WLAN investment. "Once you have the policies in place you can communicate them to the workforce," says Munch. "If there's any breach it will communicate loud and clear what the consequences are."

For departments that maintain a ban on WLANs, regular manual scans for WLANs are essential. This can be accomplished using a number of portable Wi-Fi scanners and regular walks through the department, or it can be done by using automatic rogue access point detection features built into a number of WLAN access points.

Also on the agenda is an effective authentication system, points out Gartner vice-president of mobile computing Ken Dulaney. "The main thing a government needs to focus on is making sure that any client that attaches to the network has gone through an authentication process that's properly structured," he explains. "If you look at most clients, that's where they're weak. They do bans, and implement short-sighted approaches by grabbing hold of security. But the bottom line is that you've got to have an 802.1x framework that gives you the means to authenticate any user."

Building such frameworks is hardly an overnight exercise, which will keep many departments away from WLANs for the time being. Indeed, lack of concrete knowledge about the fast-moving WLAN product market does little to help its profile within government.

There are signs, however, that official guidance could soon assist government departments that are interested in the potential benefits of the technology. In the US, for example, the Department of Defence has authored DoD Directive 8100.2 and other directives discussing the implementation of secure WLANs. The US Army's Best Business Practices Version 1.25 describes WLAN best practices for classified information within army environments. And so far, just one product - Harris Corporation's SecNet 11 WLAN series - has been approved for WLAN connectivity to networks with a higher security level than unclassified.

Here in Australia, the Defence Signals Directorate maintains a similar role regarding approval of products to security standards through its AISEP (Australian Information Security Evaluation Program). At press time, no WLAN products were contained on AISEP's EPL (Evaluated Products List) and none were being currently evaluated.

This deficit alone presents a further complication for departments that might be willing to begin investigating WLANs if the technology were approved as secure. Other guidance is also lacking. The AGIMO, which has published best practice guides on a variety of topics, has yet to address WLANs, although a spokesperson says the technology is "on the agenda". Beyond that, and the various departments of education's optimistic plans, WLANs barely register a pulse within Australian government organizations.

Meta Group has projected WLAN growth at 30 percent annually, but it is clear that government organizations will be at the trailing, not leading, edge of that growth. Until WLANs are given more priority within evaluation programs, discussions about their role within most government agencies remain largely academic. Wires, it is clear, will long remain the favoured way for moving data across the halls of government.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Advanced Encryption StandardAES EnvironmentalCentrelinkCommonwealth GovernmentDatamonitorDepartment of DefenceDepartment of Foreign Affairs and TradeGartnerGoogleIDC AustraliaIEEEInferenceMeta GroupNortelNortel NetworksOpen AccessPromiseUS ArmyVIA

Show Comments