5.1 What is the purpose of this chapter? This chapter:

A. Provides policy for Fish and Wildlife Service (Service) employees and contractors on the use of desktop and laptop wireless connectivity, and

B. Establishes specific methods of wireless communication to connect to the Service network using Wireless Local Area Networks (WLANs), insecure public Internet hot spots, and all cellular based wireless connections.

5.2 What is the scope of this chapter? This chapter applies to:

A. Service employees and contractors in travel status who may use wireless connectivity to conduct official business in areas such as, but not limited to, Internet cafés, restaurants, and airports; and

B. Service teleworkers, field employees, and contractors who may operate in remote locations and need wireless access to conduct business operations.

5.3 What is the authority for this chapter? The authority for this chapter is the Department of the Interior’s Information Technology (IT) Security Policy Handbook.

5.4. Who is responsible for proper use of wireless connections?

A. The Director reviews and approves policy related to wireless connections.

B. The Assistant Director – Information Resources and Technology Management:

(1) Develops and updates this policy,

(2) Works with other programs and the Regions to ensure employees use wireless connections according to the policy, and

(3) Meets the needs of employees for wireless connectivity by ensuring, when appropriate, that desktops and laptops are capable of accessing available wireless connections.

C. Assistant Directors and Regional Directors ensure the employees in their programs/Regions comply with this policy before allowing wireless connectivity.

5.5 What is the relationship of this policy to the Department of the Interior’s Information Technology (IT) security policy? This chapter clarifies the conditions under which we may authorize wireless access to address risks defined in the Department’s Information Technology (IT) Security Policy Handbook (see section 5.6).

5.6 What does the Department’s IT Security Policy Handbook require and what risks does it address?

A. The Department’s IT Security Policy Handbook outlines the security requirements for wireless networking devices. The requirements apply to all devices transmitting Departmental data or interfacing with the Department’s network infrastructure, including:

(1) Major applications,

(2) General support systems, and

(3) Any Departmental IT resource using 802.11 standards. The Institute of Electrical and Electronics Engineers developed 802.11 standards to help ensure security for wireless communications.

B. Employees must be careful when using Departmental resources to protect them from loss or corruption. The loss of a laptop or Personal Digital Assistant (PDA), while a concern, is less troubling than the loss of sensitive data or information on the laptop or PDA. The risks associated with using wireless technologies are:

(1) When connecting to non-Departmental networks or resources, Sensitive But Unclassified unencrypted data/information could be inadvertently or intentionally stored or copied to a non-Departmental resource.

(2) In places such as airports, hotels, libraries, and cafes/restaurants, laptops, PDAs, and cellular phones connected to any publicly or personally-owned kiosk, computer, etc. are subject to interception.

C. The Departmental guidance recognizes the risks but delegated the authority for implementing wireless and accepting the risks to bureau Chief Information Officers.

5.7 What must Service employees and contractors do to use wireless?

A. To reduce or mitigate risk, Service employees and contractors may use wireless for official business only when they meet the conditions in Table 5-1:

B. Detailed instructions for implementing wireless connections are on the Service intranet.

C. We may revoke users’ wireless privileges and take disciplinary action for users who disable, deinstall, or tamper with the security settings or software once configured for wireless use by Regional or program IT support personnel.

5.8 What are the restrictions for using wireless network connections in the field?

A. Employees must not rely exclusively on wireless network availability for the protection of life and property. Because wireless connections may degrade or fail during bad weather, a backup system may be necessary (e.g., paper-based, satellite phone, or land line) when life or property is at risk.

B. Employees must reasonably assure wireless networks are suitable for the work they are doing. For example, it would be reasonable for law enforcement officers to use 802.11 broadband or air cards to check the Federal databases for criminal information while in the field, but they should always have a backup method, such as a radio, to call for additional help.