GovernmentExecutive.com

The Homeland Security Department's planned wireless network of high-tech towers to watch for illegal immigrants crossing the border from Mexico into the United States is vulnerable to cyberattacks that could shut the system down, according to security experts.

The Secure Border Initiative Network (SBInet) surveillance system, a network of 1,800 towers housing infrared cameras, radar and communication equipment along the U.S.-Mexican border that DHS just began testing, will use commercial wi-fi systems to connect the towers to command-and-control centers operated by U.S. Customs and Border Protection and to computers in vehicles operated by border agents. (See "Vast Expanse," Government Executive, April 1.)

In September, DHS awarded Boeing the SBInet contract, which is worth an estimated $2.5 billion. Last month, the company initiated a pilot project to test nine 98-foot towers spanning 28 miles of the border southwest of Tucson, Ariz. But shortly after the towers went up in mid-June, they started knocking out wireless Internet service in Arivaca, Ariz., a town of about 1,500 residents located 12 miles north of the Mexican border.

Allan Wallen, who runs a wireless Internet service provider cooperative serving Arivaca, sent Boeing a series of e-mails about the problem. He said the company confirmed it was using the 5.8 gigahertz wi-fi band (also known as industry standard 802.11a) for communications on the SBInet towers -- the same frequency the ISP used to provide Internet service.

Using standard commercial 5.8 gigahertz wi-fi equipment could leave SBInet open to intentional interference. "A drug dealer could buy a laptop with built-in 5.8 gigahertz wireless and could launch a denial of service attack against SBInet," Wallen said.

He said he could detect that the SBInet wireless network used a strong form of encryption, Wi-Fi Protected Access. But the encryption would not be useful in stopping denial of service attacks, said Wade Williamson, director of product engineering for AirMagnet, which sells wireless intrusion detection systems.

Williamson said mounting a denial of service attack against a wi-fi network is a "trivial exercise" because even on an encrypted network, the address of an end user device or wi-fi access point -- known as a media access control address -- is clearly broadcast and retrievable. Anyone who wants to knock out the transmissions from the SBInet towers could capture that address, spoof it and then flood a tower or end user with data packets, Williamson said. He added that SBInet communications also could be jammed by inexpensive signal generators that could knock out the signal from the towers.

An intrusion detection system would help DHS and Boeing detect such cyberattacks and zero in on the location of intruders by triangulation, Williamson said. DHS and Boeing could also "fight fire with fire" by launching reverse denial of service attacks, he said.

George Teas, director of field engineering for Fortress Technologies, which sells wi-fi systems hardened with multiple layers of security for government users, said his company provides multifactor authentication systems that include a unique device identifier, which insures that even if hackers spoof a media access control address, they will not be able to get into a network. An attacker would not be able to take down all of the SBInet with a denial of service attack, Teas said, but just one node with traffic routed around that node.

Boeing referred all questions to Customs and Border Protection. CBP officials did not respond to a query on the security of the SBInet wireless system.

Boeing evidently is looking to increase security for the next phase of SBInet. Teas said Fortress just responded to a request for proposals from Boeing for a secure wireless network. Boeing wants jam resistant wi-fi equipment that also has low probability of detection and interception, according to a data sheet on Boeing's SBInet business opportunities Web page.

As for Arivaca's Internet service, Boeing told Wallen in an e-mail that it had stopped using frequencies used by the ISP cooperative to eliminate interference. Wallen said he has less interference than when Boeing first turned on the Arivaca tower, but he said his network still experiences interference if the SBInet wireless network periodically switches frequency channels.

COMMENTS

• I was an engineer on the intial project 1997-2004 that deployed over 250 remote survellance sites on the borders with analogy IMC 7/15 GHz analog microwave radios, Betatech PTZ recievers, and Alcatel OC-3 relay backhauls with Televideo MPEG-2 encoders. This was a reliable solution since the analog radios could run at temperatures of up to 150F. The problem was that got bad press is that the govt. bought thermal imaging technology from a company called ISAP that was unreliable. Hence, the system design was flawed. They would not climb the 80' foot poles to maintain a system that operated in these extreme temperate environments. Now that Boieng had the contract, they are going with off the shelf technologies. This is the fleecing of America. Why not utilize the current reliable technology and maintain it. We operate a 4.9 GHz network in Maine and observe radio temperatures approaching 129F (rated at 134F). How do they expect to avoid this and also avoid interference. The real solution is to create a WiMax mesh system with military components that operates at 7 GHz with Megapixel MJPEG cameras if they want to go digital. The other solution is to maintain the current reliable infrastructure (most people change the oil in their cars afterall). Jeff Hinckley Posted July 15, 2007 9:48 PM
• Neither WiFi nor WiMAX should be used for these projects. Any technology based on a standard such as 802.11b,g or a and 802.16 will be vulnerable to all attacks; DOS, jamming, spoofing, etc. There are many proprietary products in the licensed and even un-licensed bands, that have superior encryption and protection capabilties built-in along with some advance FHSS modulation which is much more difficult to jam or detect. So LPI is better served compared to DSSS or OFDM hands down. Lastly, as I understand it, the agents are going to have a mobile solution coming for their trucks...the 5.8GHz band is not true NLOS (OFDM helps but can not break the laws of RF physics) and range will diminishing quickly since vehicles can not have a high gain directional antenna tracking the base AP without a special system. I hope to get in touch with someone at CBP that will listen. Jaime Solorza Posted July 13, 2007 5:09 PM
• The headline of this article was misleading. It should not have said, "could fall prey" but said "will fall prey to cyberattacks." Just another example of failed leadership and failure to grasp fundamentals from Secretary Chertoff on down. The US DoD has been engineering and installing perimeter and border security systems since 1941. We and our contractors are very good at it. [search for "Integrated Base Defense System"] When this was first proposed by DHS two years ago it was obvious to DoD Security Engineers that it would not work. And especially not work at the cost quoted. Underbudgeted by a factor of 2.5x and no evidence of competent adult supervision in the engineering planning phase. But... no one asked us what would work. Wi-Fi and VOIP have always been easy soft kills with no real technical expertise required by the attackers. That is why we try hard not to use them and when we do - it is for convenience and not cost reasons. Because we have to purchase lot's of security devices to protect the rest of the network from those devices. Hence you do not save any money. Any system built with either of these two technologies can never be considered mission critical. First you build real fences and real physical barriers. Then you begin trenching in the electric power cables and communications cables (both a major cost not accounted for by DHS). As the surveillance towers go in then you can build regional Surveillance Operations Centers. Not one but four. All of this technology... is to aid the Field Officers. The Goals must be: reduce intrusions, faster response to real intrusions, no surprises and no ambushes. Not a foolish attempt to replace LEOs. This proposed system as planned will not accomplish any of the goals. Waste, Fraud and Abuse. A tip: Wi-Fi is bad for Video transmission and nothing eats up bandwidth more than real time video. The only RF technology currently available that can actually handle securely transmitting multiple cameras video feed is Motorola's WiMax system. But this technology is used to provide instructions and video feed to mobile Officers in the field, not as a backbone network for the true command and control system. Sam Waite Posted July 11, 2007 7:40 PM