The Army went the proprietary route. By the time you read this, itshould have begun rolling out 11,000 access points that will connect85,000 mobile Army users during the next four years. The Army'sproject is unique, not only because it carries sensitive informationabout battlefield logistics but also because the access points aren'tpermanently installed in an office. Instead, the access points areradios that travel along with troops. Each access point talks to aworkgroup bridge that has computers cabled to it. The information onthe WLAN is also encrypted using AirFortress devices from FortressTechnologies in Tampa, Fla.

Johnson won't give specifics, but he admits that the solution wasexpensive, which was especially painful because the WLAN project wasalready underway before he knew he'd need to purchase extraencryption. "Obviously we would have liked to use the nativeencryption within the radio" as planned, he says. "But since that isnot doable we have had to incur the cost to put the device into thesystem."

5 Wait and see.

The trouble with proprietary solutions is that they are proprietary,and CIOs may find themselves locked into one vendor. Optimists hopethat real security can be built back into WLAN devices some day. TheIEEE is working on it. Standards currently in draft form would add twomore levels of optional encryption: temporal key integrity protocol(or TKIP), a new version of WEP; and advanced encryption system (AES),which committee member Greg Chesson calls a super-scrambler. For WEPto be secure, users need to change the key every 200 packets of dataor so, says Chesson, director of protocols at Atheros Communications,a Sunnyvale, Calif.-based company that makes chipsets for wireless LANdevices. In comparison, TKIP would require key changes every 30,000packets, and with AES, users would need to change the key only everyfew billion packets.

The standards draft could be ratified by the end of 2002, withproducts starting to appear several months later, but Chesson iscautious of setting a date. "It's pretty rambunctious. It's a lot likethe U.S. Congress," he says of the IEEE meetings, describing heateddiscussions, a bog of details and votes based on party (vendor) lines.Meanwhile, for development purposes, Atheros has already let WLANhardware vendors get their hands on updated chipsets that incorporateparts of the new AES security protocols. Analysts recommend thatbefore making a purchase decision, CIOs should make sure that a vendorwill be able to migrate to the standards once they are ratified, asAtheros promises.