Wireless Local Area Networks (LANs) have been around for years, but how can state and local governments manage wireless networks efficiently and effectively from an enterprise perspective? Assuming continued technology changes with budget challenges, what governance strategies can help balance security requirements while ensuring adoption and ease of use?
Rhea Linn, who is our wireless LAN project manager for the Michigan Department of Information Technology's Office of Telecommunication, wrote an excellent article on this topic for State Tech Magazine. The article is offered as a best practice for wireless security and safeguarding wireless LANs.
Here is a brief excerpt:
"Our improved solution has helped us to achieve the following:
· Improved wireless security that matches or exceeds our wired standards;
· Enterprise standards and service capability;
· WAN/wireless integration that allows us to provide a WLAN for wide area customers;
· Integrated wireline and wireless policies and practices that provide a seamless logon experience; and
· Affordable, cost-effective service.
So far, 16 state offices throughout Michigan have WLAN services -- 13 in the Lansing Metropolitan Area Network, where the largest number of state employees are concentrated. We also have wide area WLAN implementation in three counties, and APs are installed and awaiting a security decision in five other counties."
Rhea goes on to describe such topics as the specific technology we used, the guest access process for visitors, the policies required and governance involved. You can read more details about this project by downloading this PDF from the National Association of State CIO's (NASCIOs) award web site.
A few observations:
1) Getting the right balance for any infrastructure project between security and ease of use is usually difficult, and wireless networks are not an exception. Speaking from personal experience, there are almost always different perspectives from the networking staff and the security staff - even if they are in the same organization. The battles can get difficult and even nasty at times.
Back in 2004 when I was Michigan's CISO, I was even in the "no wireless" in government camp. I quoted many experts from the National Security Agency (NSA) and other three letter agencies who said that wireless networks were simply not able to be protected. My boss at the time was Teri Takai, now California's CIO. She challenged us to deploy "secure wireless" following private sector advice from companies like Dow Chemical or the Big Three automakers.
Teri was right. With fast food restaurants and millions of other now offering free wireless access, governments needed to offer workable solutions to our clients and visitors.
I give Rhea and the others who worked on this wireless LAN project credit, because they stuck with it and had the perseverance to get the project working and widely deployed. I have spoken with many people from governments around the country that gave up on secure wireless projects out of frustration.
2) Effective governance and a good billing model are essential. I like Rhea's list of lessons learned. She is so right on each of her points regarding policy, processes and technology. We tested, and tested, and tested. We modified our approach several times. Wireless LAN service offerings require constant tweaking.
3) Finally, you need the right staff to get the job done. Proper execution of a good plan should not be assumed. Many things can set a technology team off track. I am thankful for Rhea, the others in MDIT Telecom who worked on this important effort, other infrastructure staff who helped and our Office of Enterprise Security (OES) staff. While the battles got bruising at times, the proof is in the pudding, and the end product works well.
What are your thoughts or questions on implementing wireless LANs in governments?
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.