U.S. Department of Energy Audit Report: Security Over Wireless Networking Technologies [open pdf - 915KB]
"An increasing number of the Department of Energy's organizations are using wireless communications devices and networks. Such technologies enable the transmission of data without physical connection using radio frequency. Wireless technologies range from such complex systems as wireless local area networks, cell phones, and personal digital assistants to relatively simple devices that do not process or store information, such as wireless headphones, and microphones. The trend toward wireless technology has many benefits, primarily in terms of operating efficiencies and effectiveness. However, the technology carries with it certain security implications which need to be addressed, especially when dealing with sensitive information. In fact, the National Institute of Standards and Technology (NIST) reports that risks in wireless networks are equal to the sum of the risk of operating a wired network plus the new risks presented by weaknesses in wireless protocols. As such, NIST recommends specific strategies to mitigate risks as wireless technologies are integrated into computing environments. We initiated this audit to determine whether the Department had taken actions to reduce the risks associated with its wireless networks. […] Four of six Department organizations we reviewed that had deployed wireless networks did so without assessing the risks associated with their use. We noted that most sites did not routinely implement or test the effectiveness of wireless security measures and that organizations had not focused sufficient attention on properly securing wireless networks or preventing the unauthorized use of such devices. In particular, they had not developed specific guidance or configuration management policies outlining approval, security, and wireless connection requirements. Lack of attention to wireless security placed the Department's information systems at risk of attack from internal and external sources and could ultimately result in the compromise of critical systems and information."
Department of Energy, Office of Inspector General, Report No. DOE/IG-0617
Department of Energy, Office of Inspector General: http://energy.gov/ig/