UK builds secure wifi network for government
Only for official government devices.
UK’s Government Digital Service (GDS) has built a secure wifi network for its public sector, allowing seamless roaming between government buildings.
Only government devices can connect to the wifi; personal devices will not be able to access the network.
Accessing wifi through such devices gives “better security” because there is “no risk of connecting to a rogue network”, and device certificates “can’t be stolen by a rogue network”.
It is more secure because it uses random user credentials rather than an existing user name and password so that if they “are stolen then all an attacker gains is access to the internet”, according to the Common Technology Service, the team in charge of the project.
“The clients are also isolated from each other on the wireless infrastructure so that an attacker can't just sign up as a guest and harm other users.”
Staff and guests can sign up for internet by sending an email to government email addresses; visitors can text a number shown on posters, agree to the terms and conditions and receive credentials for network login.
Users will not have to repeat the registration process after logging in for the first time.
The government is currently rolling this network out across UK offices. “The more buildings we get on board, the more places users can roam to,” according to the Common Technology Service, the team in charge of the project.
Signing up buildings for internet “can be implemented in just a few minutes”, it writes. This is “currently being piloted in a few buildings”, and “there is no cost for departments”.
The team will be moving the project to beta phase in a few weeks when it will be “be made available to all government organisations”.
“It’s worth cautioning that there is no silver bullet when it comes to cyber security”, said Tony Jarvis, Chief Strategist at Check Point - a cyber security company.
“Today, we see laptops and mobile devices, such as smartphones and tablets, replacing workstations. Workers are becoming increasingly mobile or even working from home. These factors, combined with the increasing adoption of cloud services, make it clear that there really is no such thing as a network ‘perimeter’ any more.”
“There are a multitude of threats that need to be addressed, and not all of them are external. Disgruntled employees can and sometimes do seek to cause harm; a serious threat due to the level of access they already have. For these reasons, although securing wi-fi is an important part of an overall security program, it should be viewed in the context of an overarching solution”, he added.