Bob Baxley, CTO at Bastille Networks
When secure facilities say “no devices allowed,” that’s not necessarily the case.
Exceptions are granted for personal medical devices, health monitors, and other operation-associated devices, especially in defense areas where human performance monitoring devices can be core to the mission.
Many IoT and personal mobile devices have radio frequency (RF) communication interfaces such as Bluetooth, Bluetooth Low Energy (BLE), Wi-Fi, Cellular, IoT or proprietary protocols to enable communication with other devices and networks.
These devices also run the software and come with a variety of sensors (audio, video, motion sensors, etc.). The RF element provides a new vector of attack, which by their nature are “remote attacks” from beyond the building’s physical perimeters.
Questions are now being asked about the ability to allow some devices in some areas, some of the time. This results in the need for stratified policy and sophisticated technology, which can accurately distinguish between approved and unapproved electronic devices in secure areas.
The Covert Dangers of Malicious RF Devices
RF-enabled devices are standard in the enterprise. According to Ericsson’s Internet of Things Forecast, 22 billion connected devices, and 15 billion of these devices have radios. Furthermore, as the avalanche of IoT devices expands, cyber threats will become increasingly prevalent.
Wireless devices in the enterprise today include building control systems, light bulbs, headsets, and HVAC systems. Increasingly vulnerable and stealthy are wearables. Wearables with data exfiltration capabilities include Fitbits, smartwatches, and other personal devices with embedded radios and various audio/video capture, pairing, and transmission capabilities.
Assessing the Current Policy Device Landscape
The RF environment has become increasingly complicated over the past five years because more and more devices have RF interfaces that can’t be disabled. These devices have a range of data collection capabilities and can live off-network and disconnected from power sources due to longer battery lives.
Secure facilities with strict RF device policies are making exceptions to the “No Device Policy” into a more stratified approach: “Some Device Policy.” Examples of a stratified policy are whitelisting devices with RF interfaces such as medical wearables, Fitbits, and vending machines.
Some companies are geofencing certain areas in facilities, such as Sensitive Compartmented Information Facility (SCIFs) in defense facilities.
Existing Policies are Out-dated
While some government and commercial buildings have secure areas where no cell phones or other RF-emitting devices are allowed, detecting and locating radio-enabled devices is largely based on the honor system or one-time scans for devices, or proximity alerts using hand-held detectors. Bad actors do not follow the honor system and one-time scans are just that: one time and cannot monitor 24×7.
Benefits of Adopting RF Device Security Policy
In a world where security teams need to monitor the multitude of RF-enables devices entering the workspace, there is a need for solutions to detect and locate unauthorized cellular, Bluetooth, BLE, Wi-Fi, and IoT devices, in order to enforce updated device security policies:
- Evaluating solutions to protect your business: Gaining awareness and having visibility into the communication taking place between devices in airspaces are critical in protecting sensitive data in secure facilities.
- Implementing enterprise-grade device policy management to detect threats: Today’s new solutions enable security teams to differentiate between approved and unapproved devices and send alerts when a device is found where it should not be or doing what it should not do.
- Deploying RF technology to combat attacks: Traditional security technology doesn’t operate in the radio frequency. However, most of your communication is moving to the radio now. Deploy technology that detects devices in the corporate airspace in real-time, 24×7, and not just with a one-off security sweep. Deploying RF security technology will equip security teams with improved visibility to detect, identify, and locate known and unknown devices.
No one wants another stand-alone security system, no matter how specialized, so any RF detection system must offer APIs and integrations into your existing security infrastructure. This will enable a complete adjudication workflow for threat alerts, forensics, and incident response.
Deploying RF technology and leveraging current best of breed security tools such as network systems, SIEMS, MDMs, and incident response systems equip security teams with complete visibility and 24/7 monitoring in the RF spectrum to thwart attacks.
Beyond a no-RF device/no cellphone policy in certain restricted areas, implementing and enforcing more nuanced electronic device policies allows CISOs and security teams to accurately distinguish between approved and unapproved electronic devices in secure areas, and detect and locate unauthorized cellular, Bluetooth, BLE, Wi-Fi, and IoT devices, which may carry vulnerabilities and offer new attack vectors for cybercriminals and hackers.
Now is the time for IT teams and security professionals to start monitoring the RF devices that enable vast amounts of data to escape over 5 Gbps radio connections, using unmonitored and unchecked radio waves.