New security standards for electronic device detection: Are military and federal facilities ready?
StoryNovember 25, 2024
Brett Walkenhorst
Bastille
Military and government facilities that store or handle classified information must comply with new security requirements aimed at detecting unauthorized electronic devices. Following a June 2023 directive from Secretary of Defense Lloyd Austin, all SCIFs [sensitive compartmented information facilities] and SAPFs [special access program facilities] were instructed to program for electronic device detection and mitigation systems by September 30, 2024.
The growing insider threat
This mandate is part of a larger effort by the U.S. Department of Defense (DoD) to centralize its approach to combating insider threats, a priority heightened after the 2023 arrest and 2024 sentencing of Jack Teixera, a Massachusetts Air National Guard member. Teixeira’s unauthorized sharing of classified military documents regarding Russia and other sensitive issues underscored the potential damage posed by insiders with access to classified information. Following the breach and arrest, a DoD security review revealed the need for more stringent protections against electronic device threats.
Secretary of Defense Austin’s memo emphasizes a comprehensive strategy to secure and audit all access to classified spaces and data. This approach involves a complete inventory of locations where classified work is conducted, strict access controls to ensure thorough audit trails, and detailed control over data on on-network devices. Additionally, the memo highlights detection and monitoring of off-network devices that could pose a risk to classified information. Together, these measures aim to establish a centralized framework to address insider threats throughout the DoD.
The risks of electronic devices in classified areas
Personal electronic devices (PEDs) are ubiquitous and pose increasing risks in high-security environments. Devices capable of emitting signals – such as smartphones, tablets, laptops, and even wearables like smartwatches – can be used for espionage, cyberattacks, or data theft. The widespread availability and low cost of these devices, coupled with easily accessible tools and code repositories for wireless hacking, make them an attractive vector for malicious actors.
Attackers now have greater capabilities to exploit these devices, even without the owner’s knowledge. Many devices contain vulnerabilities that enable them to be compromised without the owner’s knowledge. Consequently, even well-intentioned employees with authorized access to classified information can unknowingly record conversations, extract sensitive data, or serve as entry points for malware, all with potentially devastating consequences for national security.
Wireless attacks encompass a variety of techniques, including rogue cell towers, smartphone spyware, physical malware injection, “Evil Twin” or fraudulent Wi-Fi access point attacks, password spraying, denial-of-service (DoS) attacks, session hijacking, man-in-the-middle (MitM) attacks, keystroke injection, credential sniffing/cracking, jamming, and many more. Each of these attacks poses a risk to device integrity and can alter device functionality with some methods potentially introducing malware, transforming the target into a covert surveillance tool for attackers.
All kinds of low-cost COTS [commercial off-the-shelf] devices are readily available and can be used for wireless attacks or to exploit wireless protocols for command, control, and data exfiltration. Examples include Wi-Fi Pineapple, O.MG Cable, USB Ninja, Flipper Zero, and Deauth hacking watch. Other inexpensive devices like narrowband software-defined radios, Wi-Fi dongles, and Bluetooth dongles can also be adapted for various wireless-attack methods.
Path to compliance
To address this, SCIFs and SAPFs must implement wireless intrusion detection systems (WIDSs) that continuously monitor for unauthorized devices and suspicious wireless activity. WIDS solutions help organizations detect and prevent data leaks by identifying and locating rogue devices before they can leak or compromise classified information.
Current industry solutions offer a comprehensive and effective wireless detection and localization solution that uses passive (zero transmissions) radio frequency (RF) sensors to provide comprehensive monitoring of secure facilities. Unlike traditional lobby-based detection systems, which are prone to false alarms and often miss critical threats, the most innovative systems provide continuous and robust detection and localization with decoders for multiple protocols, leading to high detection confidence. When decoding a packet, there is no doubt that a wireless device sent it; such systems enable accurate identification of unauthorized devices, whitelisting of approved devices, and zero false alarms for device detection.
The central focus of the defense secretary’s memo is the DoD’s comprehensive approach to tackling the issue. The goal seems to be creating a joint capability by integrating systems which would allow the DoD better oversight with coordinated analysis of both on- and off-network activities. For detecting off-network electronic devices (such as through wireless intrusion detection), these capabilities are largely new and will require prioritization, funding, planning, design, deployment, and implementation over time. The DoD has made significant progress in supporting the memo’s directives, addressing the issue based on both risk severity and available resources.
By meeting the SECDEF memo’s requirements, military and federal facilities can ensure they are equipped to handle the evolving landscape of wireless threats, protecting both classified information and national security.
Dr. Brett Walkenhorst is the Chief Technology Officer of Bastille.
Bastille • https://bastille.net/
