GovWiFi moves a step closer

A new WiFi service for public sector organisations has moved a step closer after the Government Digital Service (GDS) announced it is working on an automatic WiFi sign-in for government buildings.

GovWifi, managed centrally by GDS, can be operated across existing infrastructure and hopes to provide a seamless, secure WiFi connection for both staff and guests as they move from building to building.

A guidance document explains how the cloud-based authentication service merges various WiFi networks into one infrastructure, via the RADIUS open standard. The service offers high-availability, automatic scaling, failover and load balancing.

The guidance document says that each end-user is protected with unique credentials and encryption keys when they log into GovWifi and access the internet. The user credentials are randomly generated so they cannot be used to access other systems if stolen.

When logged in, users are able to access their organisation’s resources just as if they were working remotely. The document further notes that user’s devices are isolated from each other in order to prevent the spread of malware and protect secure devices from less secure ones.

The GovWifi network is also able to establish its identity in a manner that cannot be spoofed, adding a further security measure against potential malicious actors.

The government advises that participating WiFi installations must meet the requirements defined in the department’s Guidance Sharing workplace wireless networks. The recommendations include configuring user devices to automatically check that the correct certificates are presented by the network so that users do not connect to a fake network.

Organisations are also required to implement WPA2-Enterprise (AES) encryption to guarantee privacy, client isolation to protect users from each other, and anonymous identity to encrypt usernames.

For now, the initiative remains in private beta with the GDS still making improvements before the official release.

Related reading