Flying Fox: Enhancing Cybersecurity Through Continuous Wireless Device DetectionContinuous Wireless Device Detection

Case Study

Docs/Case Study/Continuous Wireless Device Detection
Image Credit: U.S. Army photo by Steve Stover

Enhancing Cybersecurity Through Continuous Wireless Device Detection

March 24, 2020

The Challenge

To protect its sensitive compartmented information facilities (SCIFs), the U.S. federal government has implemented no wireless policies with strict 24/7 compliance mandates to ensure wireless technologies are not brought into secure spaces. Proving compliance with these policies is an urgent and growing challenge for facilities directors.

A picture containing a wall of small lockers, used for phones

PED lockers like this are nearly universal when entering a SCIF, yet almost all organizations are struggling to ensure personnel always remember to use them.

The Solution

Integrating Epiq Solutions' Flying Fox, the only real-time passive wireless intrusion detection system on the Department of Defense's Information Network Approved Products List (DoDIN APL), as part of a layered security approach. Upon deployment, the simple Flying Fox graphical user interface (GUI) provides real-time detection and geo-location of any cellular, Wi-Fi®, or Bluetooth® device within the secure facility.

The Need for Wireless Device Detection in Secure Facilities

Across the United States there are thousands of SCIFs that need to be protected from wireless intrusions. The most common, and therefore risky, wireless intrusion is from personal electronic devices (PEDs) with cellular, Wi-Fi, and/or Bluetooth capabilities that are intentionally or mistakenly brought into secure spaces by authorized personnel. These devices are ubiquitous, easy to conceal, and not hard to forget about.

As a response to these threats, several regulations are now in place to address the presence of PEDs in secure spaces, including DoD Directive 8100.02: Use of Commercial Wireless Devices, Services and Technologies in DoD GIG, Army Regulation 380-28: Army Sensitive Compartmented Information Security Program, and DHS Management Directive 11021: Portable Electronic Devices In SCI Facilities. These regulations and policies make compliance the responsibility of the facility director and impose strict requirements for keeping PEDs out of secure facilities 24/7.

To make compliance even more complicated and challenging, in today's highly connected world, the number of commercial PEDs that can transmit signals via Wi-Fi, Bluetooth, or cellular is constantly growing. Thus, the likelihood of an employee accidentally bringing a PED into a SCIF is ever increasing.

Classic Cybersecurity Solutions Don't Provide Accurate 24/7 Detection and Protection

A picture of a sign indicating that phones are not permitted

As part of their layered cybersecurity approach, secure facilities have standard "no wireless devices" policies in place. It is likely that there are numerous signs reminding personnel to remove all devices, and most facilities will have PED lockers installed at the entrance to the secure area. Despite these obvious efforts to prevent PEDs from being brought into a SCIF, cell phones continue to accidentally remain in pockets and smart watches are often inadvertently left on wrists, resulting in policy violations and elevated cybersecurity risks.

To discover and locate devices that make it into a SCIF, some organizations have relied on manual detection methods. Armed with unique equipment, a specialist regularly sweeps the facility to manually look for Bluetooth, Wi-Fi, or cellular signals. While this tactic is effective at that moment, it does not provide the 24/7 monitoring required by today's federal regulations.

To replace or supplement manual detection, many facilities are installing devices that constantly passively monitor for all RF emissions. However, since RF emissions are generated from a wide variety of sources including IT equipment and microwaves, these tools generally result in an overwhelming number of false alarms. Users of RF emission monitors often hear alarms only to find out it was just someone using the microwave in the next room. Thus, the frequency of false detections with emissions-based solutions typically results in the unnecessary work of sending personnel to look for threats that do not actually exist.

The Need for A Better Wireless Device Detection Approach

As a result of the pain points associated with manual detection and emissions-based monitoring systems, facilities directors were demanding a more accurate wireless detection system to add as a final layer to their cybersecurity approach. Besides offering high accuracy, this new system also needs to provide 24/7 PED detection so facilities can prove to be in compliance with monitoring requirements in the latest federal policies. Additionally, this new system needs to be on the DoDIN APL so it can be procured and quickly integrated into existing secure networks at these facilities.

Developing a Wireless Device Detection That Actually Works

Working with the U. S. Naval Research Laboratory (NRL), Epiq Solutions used its industry-leading RF expertise to develop the Flying Fox Enterprise system. This system is a passive sensor that can be setup in existing networks to offer the continuous high-accuracy wireless monitoring and detection facilities directors and government personnel need.

The Flying Fox Enterprise system differs from prior wireless detection methods because it provides 24/7 detection with 100 percent accuracy when it identifies a wireless intrusion. This is possible because the Flying Fox sensor demodulates and decodes messages between a handset and cellular tower, offering complete accuracy and zero false positives. Thus, no time is wasted reacting to false detections.

Flying Fox Delivers on Promises of Accuracy and Reliability at a Department of Defense Joint Base

Recently, Epiq Solutions was approached by the information systems security officer (ISSO) of a joint military base seeking to enhance their existing 24/7 monitoring systems, especially in light of the new AR 380-28 policy regarding PEDs. The ISSO had heard of Flying Fox, knew it was on the DoDIN APL, and wanted to setup a proof of concept at his facility.

A group of people working out of a secure control room (Credit: U.S. Army photo by Steve Stover)

Military personnel working inside the secure area at a joint military base. (Credit: U.S. Army photo by Steve Stover)

Within just a few hours, Epiq Solutions' engineers deployed the Flying Fox sensors in several strategic locations within the facility's ceiling and developed a geo-fence around the network operations center (NOC) and the trap, an area where personnel swipe badges to enter the facility. At the end of the 48-hour trial, Flying Fox had already identified a Bluetooth and Wi-Fi device that entered the trap at 0100, then entered the NOC, and then left the area through the trap shown in the image below.

A diagram showing the path taken of an individual through a secure area

The path taken by the individual carrying a PED during the proof of concept.

This device was accurately geo-located by Flying Fox, allowing the ISSO to filter out device detections that happened outside the secure area. In addition to accurate real-time detection of the device, Flying Fox also provided historical reports with locations and other data the ISSO could use to investigate incidents. As a result, the ISSO was able to immediately identify the person who brought the device in by reviewing the badge swipe logs and then take the necessary next steps. In just two days, Flying Fox clearly helped improve the security posture for this joint military base.

Since Flying Fox is on the DoDIN APL, it was easy to integrate into the base's network, and once the system was deployed, it was simple for the ISSO to configure, manage, and use. Additionally, Flying Fox can be easily scaled or changed as the facility expands or requirements change. Upgrades are simple and inexpensive since Flying Fox offers a variety of third-party integrations and has software-upgradable sensors. As a result, the ISSO can stay on top of the ever-increasing number of waveforms and devices used today and prepare for those that will be used in the future.

Achieving the Highest Level of Security with Flying Fox

During this proof of concept, Epiq Solutions used the Flying Fox Enterprise system to provide this joint military base with a zero-false-positives PED detection solution that was quick and easy to setup and proved itself within hours. The Flying Fox alerts were real and actionable and allowed the ISSO to focus on actual events occurring within the secure area. Overall, the system provided the monitoring needed for compliance with AR 380-28 and helped improve the base's security posture.

What are your Wireless Security Needs?

Learn how Epiq Solutions can help you meet operational requirements and improve the security posture of your facility with Flying Fox.

We'd love to hear from you >