Cpl. Adam Hudson, USMC, communications maintenance technician, U.S. Marine Corps Forces Pacific, installs a radio frequency identification tag on an external hard drive. The tag provides real-time asset tracking and location identification through dashboard and email alerts.
Once viewed by many as a security liability, wireless has become a security asset for the U.S. Marine Corps Forces Pacific. In its effort to identify valuable items and devices inside its facilities at all times, the command recently implemented its first wireless system ever accredited for use in secure areas. This system soon could transition to the tactical world.
The impetus for the system came during preparations for a Command Cyber Readiness Inspection, which is a technical and operational inspection conducted by the Defense Information Systems Agency to ensure compliance with information assurance and computer network defense policies. The Marine Corps Forces Pacific (MARFORPAC) G-6 fell short of three Defense Department requirements: a Federal Information Processing Standard (FIPS) 140-2 certified wireless intrusion detection system; a method for tracking the location of removable storage and external connection technologies; and a process for tracking heat and humidity within its facilities.
To satisfy the requirements, the command pursued an all-in-one solution, explains Capt. Susan L. Tincher, USMC, operations officer, Information Technology Services Branch, MARFORPAC/G-6. The resulting system, developed by Cisco Systems Incorporated, uses wireless access points placed throughout command headquarters to provide constant data and alerts to cybersecurity and information technology personnel through a dashboard, known as the Wireless Control System, and through email messages. It is based on the company’s Adaptive Wireless Intrusion Detection and Prevention System and its Mobility Services Engine.
As a primary function, the system conducts wireless detection to continuously pinpoint rogue access points, unauthorized wireless devices and wireless attacks along with providing automatic protection against such threats. If a person enters the command’s secure facility with an unauthorized Wi-Fi device, the intrusion creates an alert, and cybersecurity personnel can locate the device within minutes.
Additionally, the system tracks information technology assets using Wi-Fi radio frequency identification (RFID) tags. The command places the tags on devices or items such as portable hard drives, laptops and removable storage devices, which contain sensitive information that could be lost or stolen. Within range of the wireless access points, the command can track the exact location of these assets in real time and archive the data for long-term use.
Advanced RFID tags also track heat and humidity, assisting the command in its effort to regulate and monitor its Network Operations Center. “It could be Saturday night and the A/C goes out, and we’ll get an alert through our recall notification system,” Capt. Tincher explains.
The combination of these functions already is saving the command manpower and resources. Previously, two or three Marines would walk through the facility on a monthly basis to survey the assets physically based on photographs of the devices and data on their intended locations. Over the course of two to three days, the team would account for every information technology asset within the headquarters.
In addition to the required staffing and time, the process disrupted the flow of operations, Capt. Tincher says. The procedure also left a 28- to 30-day information gap during which assets were unaccounted for. “With this new solution, we know 24/7 where all the assets are without ever having to leave our office, and our information gap is minutes,” the captain notes.
Two teams handle monitoring the dashboard and data influx. Cyberdefense personnel constantly watch for rogue wireless detection. If someone enters the facility with an unauthorized Wi-Fi access point, that flags an alert, and the team is dispatched for an investigation. The same team also monitors the location of assets from a security perspective to identify issues with missing devices containing sensitive information.
In addition, the command’s information technology asset manager examines the data from a logistics standpoint. This person uses the system to monitor when devices need to be serviced or refreshed, and they also can be tracked by location in a fraction of the time previously needed.
“We’re just tapping into the asset management elements of this system as far as saving the government money by quickly locating devices. Having accountability for where things are has been really significant,” Capt. Tincher relates, adding that the transition to the new system was seamless. Including dashboard operators, engineers and architects, training the full staff took approximately five days. In addition, the total project cost came in just under $250,000, including vendor support for engineering, installation and training.
“Combining these features in a single system has been unprecedented,” the captain states. “It’s not like we brought in eight different components and had to have eight different training cycles. It’s just a full package—a multipurpose, multifaceted solution.” The system provides a tremendous amount of utility and information without reflecting administrative or resource burdens back on the command, she emphasizes.
The Marine Corps already is pushing to migrate the technology into the field, states Scott Widdifield, regional account manager for the Marine Corps at Cisco. In June, Marines at the Blount Island Command in Jacksonville, Florida, took on a semi-mobile version of the MARFORPAC wireless system to demonstrate its potential outside of secure facilities. “Any time [the Marines] can stretch their budget dollars to a program or a set of architectures that can assist them both in garrison and in the tactical world, that’s going to be a win for them,” Widdifield notes.
Future iterations of the solution will aim to provide secure wireless access, including potentially allowing end-point devices such as smartphones and tablets to retrieve sensitive information. For example, the system would roll forward to support Suite B, a set of algorithms from the National Security Agency’s Cryptographic Modernization Program designed to protect both classified and unclassified data. “That’s kind of taking place across industry today,” Kurt Sauter, wireless product specialist for defense at Cisco, says. “We’re all working on the next generation of security.”
Sauter allows that using wireless for security purposes marks a turning point for the Marine Corps and the Defense Department as a whole. As one of the first wireless systems accredited for use in a secure area, the solution helps to counter perceptions of wireless as a liability. “People always questioned the security of wireless, and here in this instance, we’re actually using wireless as security,” he points out.
According to Widdifield, several drivers pushed the Marine Corps to consider wireless as security for the first time. First, potential budget cuts of up to 25 percent across the board put pressure on all communications and electronics programs to do more with less, he notes. The Marines also are taking back their network, the Navy/Marine Corps Intranet (NMCI), by moving to a government-owned and -operated system (SIGNAL Magazine, June, page 53). “The Marine Corps needs to get a handle on how it can control, manage and monitor its own assets,” Widdifield emphasizes.
And perceptions of wireless are evolving beyond the Marine Corps as well, explains Chris Coleman, director of cybersecurity for the U.S. public sector at Cisco. The company is seeing customers across the board change their views of wireless networks as solely for transport. The network is now a sensor, and it becomes a question of how a customer integrates the information that comes off the network and how it can serve as business intelligence from a security perspective, Coleman states. “I think we’ll continue to see applications of sensory-type components and specifics being developed,” he notes.
Widdifield agrees, stating, “When anybody starts to treat their communications structure as a weapons system and not just a means to communicate, I think you put on a little bit of a different hat.” Moving forward, wireless applications will only continue to grow. As the Defense Department finds more functions for wireless, understanding who is using the network and where those people are located will become an important part of its security posture. Location tracking ultimately could apply anywhere from classrooms to training centers and the tactical edge, he says.
Cisco Wireless: www.cisco.com/en/US/products/hw/wireless/index.html