WIDS is now required in the Department of Defense
Following high profile SCIF data exfiltration, the Secretary of Defense (SECDEF) initiated a DoD wide review of SCIF and SAPF security. The resulting SECDEF memo on June 30th, 2023 requires Department of Defense Services and Agencies to program and implement appropriate electronic device detection systems and mitigation measures to ensure the integrity of National Security and Mission needs, protecting against US National Security data exfiltration. (Full SECDEF memo available here)
“Electronic device detection shall be continuous, comprehensively covering the entirety of Department SCIF and SAPFs, with immediate identification, precise device location, and alerting to the appropriate facility personnel, with full audit and time series data, providing a device’s pattern of life over time and space. Uninterrupted SCIF and SAPF observation telemetry data shall provide device type, location, and historic accounting of the device’s presence within the SCIF and SAPF, with data provided to the appropriate security and insider threat teams, as necessary. Electronic device detection systems shall protect the integrity of the SCIF and SAPF spaces with a permanently installed observation system.
Systems shall provide complete observability of the entirety of the SCIF and SAPFs spaces. Programming efforts shall include the cost of the electronic device detection system, system installation costs and planned out-year sustainment costs.”
The SECDEF memo follows several Federal policies and instructions, such as DoDI 8420.01 require that agencies secure and protect their Wireless infrastructure, where the WIDS solution:
“must continuously scan for and detect authorized and unauthorized WLAN activities 24 hours a day, 7 days a week. Scanning must include a location-sensing capability that enables designated personnel to locate, identify, and take appropriate actions to mitigate…” DoDI 8420.01 Section 3.
As WIDS solution requirements have evolved, where once it was sufficient to locate and identify Wi-Fi devices, at a minimum a solution must now accurately detect and locate Bluetooth, Bluetooth Low Energy and devices only emitting cellular signals.
For clarity, this means a comprehensive cell phone detection and location product must be able to discover a cell phone even when the Wi-Fi and Bluetooth are not active.