When considering wireless security using Blackberry Communication Devices, there are several areas to analyze. The first are the numerous network connections created. This drawing shows the network connectivity required when a message is sent from one Blackberry to another. Note that all red links are protected by encryption. This encryption is from the Blackberries on the left to their respective Blackberry Enterprise Servers on the right. To eavesdrop on these communications paths would require the ability to defeat the encryption algorithm. The two green network connections within the installations on the right are physically protected by the data center’s physical security. While it is possible to encrypt these links, since the links are already protected, we do not. The one vulnerable link has nothing to do with wireless communications. It is the Exchange Email Server to Exchange Email Server connectivity between these two theoretical data centers. This link is sometimes encrypted but more importantly, when the communications is between two State of Georgia email accounts, this link is usually within the same data center or it uses our MPLS network to avoid the internet.
The second areas of consideration are the information at rest in the actual Blackberry, the Blackberry Enterprise Server, the Exchange Email Server, and possibly an external email server if one party to the email is not using a state email account. The Blackberry Enterprise Server and the Exchange Email Server are within the physical protections of GTA’s data center. As such, only authorized state workers have access to these systems. The external email server for non-state email accounts is an issue, but it is not a wireless issue. Some agencies have deployed solutions for this but that is not part of this report. The Blackberry itself is addressed on the next slide.
The major vulnerability is the Blackberry itself. GTA has the capability of erasing all messages in a Blackberry. This is done remotely when we receive a report of a stolen or lost Blackberry. The Blackberry Enterprise Server also has the ability to force users to have passwords on their Blackberries. It can set requirements for strength level, frequency of change, etc. However, discussions around using this capability have led to user objections in the past. At this time the user has the option of setting these features but we are not doing it from the server. Even if a Blackberry is password protected, an attacker can attack the messages using forensic techniques. To protect against this type of attack, the messages must be encrypted in memory. GTA has not deployed a message encryption solution to address this concern. In closing, IBM has requested that we leave the security features alone at this time. They are developing what they call an iSec for the Blackberries, and once the security features are agreed upon, they will role them out to the in-scope agencies.
Talking Points provided by: Rich Calhoun March 17, 2009 Federal provisions The $7.2B will be distributed under two federal programs The Broadband Technology Opportunity Program and the Rural Utilities Services programs Unserved and underserved is not yet defined c. No guidance on how waivers will be granted GTA Involvement Have meet with the Georgia Telephone Association; Georgia Cable Association; BRIDGE Applicants; Wireless Communities GA Recipients; etc. to encourage development of high quality projects GTA has created a preliminary guidance document for stimulus funding GTA working with Department of Community Affairs to develop high-level map of unserved and underserved areas throughout the State. Target date for project repository availability is March 27, 2008 GTA fully engaged with Celeste Osborn Governor’s lead for stimulus