No such thing as mobile security?

A recent congressionally sponsored report shoots down the notion that anything wireless is secure

The fact is when it comes to security if you’re using a wireless device for voice or data you might as well be standing in any international airport and speaking to a colleague over a megaphone. Oh, and you might want to slow down from time to time to let the crowd around you take notes.

Although no one quite put it that way, that is the crux of the opinion of numerous experts I spoke to about using the current crop of wireless devices for voice or data.

The Center for Strategic and International Studies (CSIS) Monday released a congressionally sponsored report entitled "Securing Cyberspace for the 44th President." The report never directly discusses how at risk we are, but if you want to interpret a 64-page report that calls for almost the entire revamping of what we now call cybersecurity for the 21st Century, you would be justified in believing that, at present, there is no real security whatsoever.

[ For deeper analysis of the CSIS report, see "Cybersecurity report offers Obama some far-reaching recommendations" ]

Prior to report's release, I spoke with two members of the CSIS. Tom Kellerman, chairman of the threats working group and vice president of security awareness at Core Security Technologies, and Amit Yoran, chairman and CEO of NetWitness. Both men spoke to me about the inherent weakness of wireless technology.

As it turns out, while not many executives in private industry require the same level of security as the president of the United States, the current state of mobile security should give them pause.

Kellerman and Yoran point out that billions of dollars of private sector IP is at risk on a daily basis, and not from some lone hacker trying to outwit the experts. Rather, the threat comes from foreign countries that view national security as tightly connected to economic well-being. As a result, they often help their own companies hack into U.S. companies to gain competitive advantage.

By the way, I am also told America does, if not the same thing, stuff that comes awfully close. My source says that while the U.S. government may not hand over private-sector IP from other countries to U.S.-based companies, we do tap into it and use it when deemed appropriate.

After hearing all of this, I got to wondering if there are any secure voice and data technologies available. The answer is yes, of course, if you're willing to pay for it.

The NSA and DoD put out a bid request about three and a half years ago for just such a device. General Dynamics was one of the winners, with its Sectéra Edge device. I spoke with Michael Guzelian, director of secure voice and data products at General Dynamics, C4 Systems, about the company's product.