Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps
AFCEA logo
 

WildCAT Prowls for Wireless Predators

August 2012
By George I. Seffers, SIGNAL Magazine
E-mail About the Author

 

WildCAT technology one day could be used to protect the wireless networks at critical infrastructure facilities, such as major U.S. ports.

A cybersecurity technology with multiple agency support prepares for fielding.

A new technology

aimed at finding unauthorized wireless devices on critical infrastructure networks could be fielded within a matter of months. Developed by the departments of Homeland Security and Defense, the system teams physical security forces and cybersecurity forces to enhance protection of the nation’s vital networks.

The system, known as WildCAT (for cyber access tracking), recently completed a prototype development effort with the Department of Homeland Security’s (DHS) Science and Technology Directorate. It is designed to protect wireless networks used by critical infrastructure facilities, such as military installations, ports, nuclear power plants, transportation hubs or communications hubs. Once commercialized, the system also could protect commercial interests such as banks or restaurants where wireless intruders might try to steal account information, Social Security numbers or credit card data.

Because wireless network signals do not necessarily remain within the facility, they are vulnerable to cyber intruders in the vicinity. Even hardwired networks can become vulnerable to wireless attacks if an end user plugs a wireless card into a laptop while connected to the network. Authorized users can create vulnerabilities mistakenly, or they can do so intentionally either to circumvent policy or to steal information. Additionally, wireless networks can be misconfigured, creating inadvertent vulnerabilities. However, because wireless attacks require the perpetrator to be nearby, it presents an opportunity for cyberdefenders to detect, locate and respond to the threat.

To enhance wireless network security, some organizations use a suite of fixed sensors, sometimes referred to as wireless intrusion detection systems, or WIDS. But those systems often leave gaps in coverage, according to experts. Wardriving is another common means of detecting nearby cyberpredators. It involves driving with a laptop running a wireless discovery program, seeking to detect unauthorized wireless devices. But because traditional wardriving is expensive and time-consuming, according to experts, it is not done very often.

WildCAT, on the other hand, is designed to be installed in the trunk or under the seat of an existing security patrol car, which already is likely to be on the move constantly in search of physical threats. The system also requires a magnetic, omnidirectional antenna on top of the vehicle. It provides a real-time monitoring, analysis and reporting capability that increases the chances of thwarting wireless network attacks.

A WildCAT solution installed in the trunk of a patrol car automatically collects network data during its routine rounds and securely transmits that data to a centralized monitoring and analysis center, explains Christine Lee, the program manager within the DHS Science and Technology Directorate who oversaw the WildCAT development effort. “Analysts in the center view incoming data, in real time, and use WildCAT to easily filter and parse the data. If an analyst discovers a potential threat, a message is immediately sent back to an information display inside the patrol car, giving the patrol officer instructions on how to proceed and providing a location to physically investigate suspicious activity.”

WildCAT’s development history includes a veritable zoo of technology names and a smorgasbord of government agencies. WildCAT is based largely on the company’s MeerCAT technology, which provides a 3-D geographic visual of satellite imagery, graphical views of physical objects, their attributes and relationships, and visual representations comparing data that has been collected over time. MeerCAT now has more than 1,600 users among the Defense Department, National Security Agency and defense contractors.

MeerCAT was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The DHS contract for WildCAT was awarded through the Long Island Forum for Technology and was an extension of the earlier DARPA effort. WildCAT funding went through the Applied Science Foundation for Homeland Security, a research center in Bethpage, New York. Under the DHS program, the contractor partnered with the Naval Research Laboratory (NRL), Washington, D.C., and integrated MeerCAT with the NRL’s Flying Squirrel technology to create the WildCAT prototype. The Defense Information Systems Agency also supports the NRL effort.

Flying Squirrel is a wireless discovery and mapping system that uses government off-the-shelf software to provide real-time discovery, analysis and mapping of wireless networks. “We are continuing to improve MeerCAT at NRL’s direction,” says Anita D’Amico, director of Secure Decisions, a division of Applied Visions Incorporated, Northport, New York. “This is actually a wonderful story of government agencies working together with each other and with a small business to make something useful and to invest research and development money into something with true operational capability.”

Because WildCAT is designed to be installed on security vehicles already patrolling the vicinity, organizations that might otherwise rarely conduct wardrives can do so hundreds or even thousands of times without significantly increasing costs. That allows them also to analyze greater amounts of data in search of patterns. “When I first met the Flying Squirrel folks, they said they conduct a wardrive, collect the information and come back and look at it. But what their users wanted to do was to look at hundreds or even thousands of wardrives to see if the same unauthorized access point was appearing outside of multiple, geographically dispersed locations,” D’Amico explains. “For example, would that same rogue access point appear outside of three U.S. government buildings in three different countries? They also were interested in any time patterns—were any rogue access points appearing at certain times of day? WildCAT fills that functional gap in Flying Squirrel,” she adds.

 

The wireless networks at critical infrastructure facilities, such as nuclear power plants, can be vulnerable to cyber intruders, but the WildCAT system is designed to protect wireless networks from cyber invaders.

The Flying Squirrel software has been modified so that it begins running as soon as the patrol car is started, and it has potential use on unmanned aircraft as well. The WildCAT detector collects and sends three types of data—Global Positioning System (GPS) network packet and transmitter data. The GPS metadata includes date, time, latitude, longitude, altitude and more. It is used to display the position of wireless devices and patrol vehicles on the maps in a central analysis center. The monitoring system is updated as detection data is relayed automatically from the vehicle to the analysis center.

The DHS contract wrapped up in December 2011, according to Lee, when the contractor successfully delivered a prototype. The company that builds WildCAT is searching for government partners—possibly in the military, intelligence agencies or the DHS—to conduct further operational testing. “We’re in beta. We need two more operational tests, each about three months in duration. If we had two of those, we could work out any problems, and I would say we’re about nine months away from fielding,” says D’Amico.

Chris Horn, an interaction designer and researcher with Secure Decisions, adds that operational testing is important because it reveals issues that otherwise might go unnoticed. A recent operational test with Adelphi University, Garden City, New York, for example, included at least 1,000 devices on the campus. “It’s 1,000 kids running around being connected to wireless. Only when you throw that kind of operational load on things do you discover some of the problems to work through and resolve,” Horn says. “Putting it out into that kind of environment is the best and only way to learn.”

Company officials add that users often find unexpected ways to use the technology, or they uncover features of which even the developers were unaware. They describe one meeting during which both the network security and physical security professionals were in the room at the same time. “For public safety officers, there are two sides to WildCAT—the people who own the physical security and the information technology operations. Those two—at least in my experience—are very separate. The physical security guys don’t really talk to the information technology guys and vice versa,” Horn explains. “But we had them in the room together, and it blew the physical security guy away that he could know where all of his vehicles are at all times. That was the key feature he was most interested in.”

The DHS program manager agrees that the system brings together an organization’s cyber and physical security. “This will fill the gap between cyber and physical security in combating the wireless attack,” Lee says.

Secure Decisions officials have held discussions with a private security firm responsible for protecting sports stadiums. In addition, the company intends to publish a technical paper in a peer-reviewed publication based on data collected during the Adelphi University operational test. “Adelphi is representative of many organizations that have a wireless network, that have a wireless policy and a wireless intrusion detection system, but thought there would be an added advantage to using the wardriving component of WildCAT,” D’Amico says.

However, the NRL’s government-owned software may be a drawback for WildCAT as the company seeks to commercialize the system, the DHS program manager warns. “The current WildCAT prototype was successfully demonstrated, but it has limited use because it was developed using Flying Squirrel, which is Defense Department-classified or controlled technology,” Lee explains. “In order to develop the prototype into a commercial product, the Flying Squirrel technology that detects and locates suspicious wireless signals needs to be replaced with open- source-based technology.”

D’Amico points out that the government-owned software likely will not be an issue with government customers, but the company is investigating whether it would need to replace Flying Squirrel technology with an open-source application for nongovernment customers.

WEB RESOURCES
WildCAT video: http://securedecisions.com/products/wildcat
Flying Squirrel: www.nrl.navy.mil/chacs/5545/flyingsquirrel/#/ov