Tales from the Towers, Chapter 30: Fear of 2.4GHz for Public Safety Defies Logic

That’s not exactly how it’s sung by Frankie in “How you wear your hat” but if the slipper fits…  Public Safety is scared to use 2.4GHz. Fears of hackers and the fact everything on the planet that is WiFi enabled runs in 2.4GHz.  And why should they use it when the government has given them their own system in 4.9GHz?  The reality check is this, when you share a taxi with someone going in the same direction, you both get to where you are going and you save a little money.

The problem with the 4.9 GHz spectrum band

Having your own frequency band is really cool.  It’s kind of like having your own street where anybody who drives on it without permission is going to get a really big ticket. However, the FCC didn’t do any favors for public safety when they stuck it up at 4.9GHz. Giving them the same rules for 700MHz back then would have been a whole lot better for mobility although it works for line-of-sight (LOS) cameras. What they erroneously did was not to specify “exactly” what it should be used for. The rules leave open a lot of interpretation and because of that, there is a lot of use in the band, meaning interference.  The only thing that’s really slowed it down is limited equipment options due to more stringent filtering issues thanks to Motorola among others. This leads to lower volumes, higher prices, and ultimately fewer customers.

The other problem with 4.9GHz is it couldn’t get through a tree with a chainsaw. Even bestowing it with a little more power doesn’t help. An extra 3dB doesn’t do much when a brick wall or a tree is 20dB or more. It’s like when your mom gives you $2 to go to the movies and she hasn’t been to one since Jerry broke up with Dean. You either bring $10 or you are not getting in. You aren’t even getting close enough to smell the popcorn! And the reality is that no vendors I know of actually have 802.11 OFDM transmitters capable of 33dBm anyway at maximum modulation levels.

In a municipal environment, it takes about 40% more APs to provide the same level of coverage as 2.4GHz system.  If there are a lot of trees, maybe even more.  Considering that the APs are significantly more expensive to begin with, $1500-$6000 per AP, which translates to $15K-$60K more per square mile, that alone is enough to make a Police Chief have a coronary in this economy.  Aha, but what about security since that’s of primary importance?

Security over 2.4 GHz networks

The reality is that even our defense contractors have the ability to set up VPN tunnels over Internet securely to some extent.  In their case, they don’t manage the transport and they don’t know where someone is connecting from. They only get to control part of the equation and the government still lets them do it. In the case of a city-wide 2.4GHz WiFi system, the security equation is a whole lot stronger since not only does the city get to control all the radios, they control the transport and can control it with multiple levels of security ranging from SSIDs, varying frequency sizes, offset frequencies, VPN tunnels, NAC, AES encryption up to 256bit, etc.

And here is the other part that the police departments aren’t thinking through. Most of them can’t connect cruisers to nationwide databases through laptops provided by the city, or even through internal networks in some cases.  I’m not saying that some of them haven’t done it since I’ve seen it, but that’s the reality. That means for the most part, the data for smaller departments is localized. Given the value of that information, even an average level S.P.I.R.I.T. wireless security structure is going to stop everyone short of a government agency.  It would be easier to compromise an internal person than it would be to try and hack in, even if someone had physical access to an AP.  If the required security is defined as needing to be at absolute maximum, the system can be designed to take on pretty much anyone without backdoor high level authorized access including governments or private industry, wired or wireless.  The system we designed for the project in Evansville, Indiana in response to a bid by Johnson Controls, was almost at the level.  Keep in mind that Evansville isn’t considered as high a value of a target as a city with a military base or some other type of critical infrastructure near or in it.

So what happens if an AP is compromised?  That is handled by a combination of NAC and other techniques that we employ.  When somebody tries to plug in, NAC and IDS will pick it up in a second and execute whatever security measure is appropriate.  Personally I’m all for a 50,000 volt feedback jolt but that’s one thing I’m not sure if I can pull off.  If a vehicle or laptop is compromised, the result is the same.  At the highest levels, the system will also monitor things like abhorrent behavior.  If a user normally logs in as Sgt. Biff Cuffim on a specific laptop and gets his email and looks up license plates, and then all of a sudden the laptop starts surfing improper internet sites or other database sources are being accessed, an immediate disconnect will be executed.  We can also re-route that user to a honey-pot structure if necessary and alert the appropriate individuals.  Having that type of automated users analysis just adds to the security levels.

The cost of all of this type of security can easily be paid for with the savings from not having to deploy the extra APs needed for 4.9GHz over 5 square miles.  Although everyone thinks that 2.4GHz is a crowded band, think about what you are going to see in most cases.  An outdoor AP is going to have an EIRP of close to 36dBm. Assuming you are using a 20MHz channel, which also is optional if the system isn’t used for public access, it’s clearly going to stomp any indoor AP with an EIRP of about 20.  Throw in the fact the indoor AP may not even be on the same channel and it’s behind a brick, stucco, or aluminum wall or walls, and it’s not even going to affect a street based AP.  Since the outdoor AP is your unit, you also get to set sensitivity levels.  Turn them down to reasonable level and they won’t even see most of the indoor units, which means they don’t respond to them.  If you want to get more fancy, add in Rogue AP detection and block them out.  There are several ways to handle this, both high and low-tech that makes it a non-issue in most suburbs.  Even with reduced sensitivity, 2.4GHz will be far more cost effective and will perform significantly better.  4.9GHz is just not a good idea for mobile if there is a tree growing in Brooklyn, or multiple trees all over the place.

I would suggest going back and reading the article entitled “Is Law Enforcement is the Red-Headed Stepchild of the Broadband Movement?”.  I cover many of these things in that article, but the S.P.I.R.I.T. design for Evansville, Indiana went to a whole new level of security.  We don’t just look at what could happen wirelessly, we monitor the activity of over 3000 devices and every single device that connects.  Users with viruses for example, can’t even connect to the network.  Even if a user is missing a critical service pack, we offload or disconnect them so that public users who have unwittingly been compromised, can’t do any damage.

Anybody can develop wireless security but developing an integrated solution that incorporates the needs of public safety in tandem not only on the front end but the back end as well, means that 2.4GHz can be as safe for public safety as that cloth diaper your mommy wrapped you in as well as less expensive than 4.9GHz.  S.P.I.R.I.T. delivers that level of security.

* * * * *

Previous chapter - Tales from the Towers, Chapter 29: That’s the S.P.I.R.I.T.

Next chapter – Tales from the Towers, Chapter 30: When in doubt, use your W.I.T.T.S.