That’s right, the 72-page directive published in 2004 (updated several times since) does not even contain the word ‘wireless’, much less “Wi-Fi”, even though 802.11 networks are, and have been, deployed in every branch of the U.S. Military. The 8570 upgrade to NICE does contain the words “wireless” (once), “WLAN” (once) and “Wi-Fi” (twice), so that’s a start, but we all know it needs far more depth on our favorite subject.
The good news is they are asking for help! The NICE team is accepting comments on the current framework. You can find that framework PDF located here. The terms “Wi-Fi” and ”Wireless” are both found in the “Network Management” competency section on page 54 of the PDF, in Task ID 902 and 903, respectively. You’ll find “WLAN” at Task ID number 278 in the “Telecommunications” Competency section on page 69 of the PDF. (the PDF’s pages are not numbered, so you’ll need to rely on Reader or Acrobat)
The high level outline of NICE, which you’ll find explained on page 4 of the PDF, contains seven (7) “specialty areas”, probably more commonly referred to as “knowledge domains.” These areas are:
- Securely Provision - conceptualizing, designing, and building secure IT systems
- Operate and Maintain - support, administration, and maintenance to ensure effective and efficient IT system performance and security
- Protect and Defend - identification, analysis, and mitigation of threats to IT systems and networks
- Investigate - investigation of cyber events or crimes which occur within IT systems or networks
- Operate and Collect - collection of cybersecurity information used to develop intelligence
- Analyze - evaluation of incoming cybersecurity information to determine its usefulness for intelligence
- Support - provide critical support (including training) so that others may effectively conduct their cybersecurity work
It is our contention that Wi-Fi knowledge needs to be required for each of these specialty areas, as the NICE team has defined them. In the current initial framework, the requirement for Wi-Fi, WLAN, or other Wireless knowledge is only present in specialty areas 2 (Operate & Maintain) and 3 (Protect & Defend). We certainly agree that Wi-Fi knowledge is necessary to those areas of knowledge, but to a far greater depth than is currently stated:
- “Knowledge of different types of network communication”
- “Knowledge of the range of existing networks”
- “Knowledge of wireless fidelity (WIFI)”
These barely scratch the surface. We firmly believe the cybersecurity of any enterprise, much less a sovereign nation, must now include deep knowledge and applicable understanding of how to design, deploy, secure, administer, and troubleshoot enterprise 802.11 network systems.
Do you agree? If so, we’d like your help.
What can you do? COMMENT! Download the comments template here. Comment on the instances of Wi-Fi, WLAN, and Wireless. Specifically, we urge you to recommend that knowledge of Wi-Fi be applied far more broadly than only in Network Management. Wi-Fi, WLAN, and Wireless should all be included in the required knowledge for each of the seven specialty areas. You and your specific enterprise or government experience will determine the depth of the knowledge required in any given area. Send your comments on the template via email to NICEFrameworkComments@nist.gov.
Thank you for your help in securing Wi-Fi cyberspace!