Recently, the Netherlands Standardisation Forum issued an advice to the government to ensure that public Wi-Fi networks for guest use are always secure. The independent advisory body recommends improving Wi-Fi security by using the WPA2-Enterprise standard. This recommendation applies to all public and semi-public institutions in the Netherlands and therefore has an impact on thousands of Wi-Fi networks.
The Standardisation Forum facilitates digital cooperation (interoperability) between government organizations and between government, businesses and citizens. It is the advisory body for the public sector regarding the use of open standards. According to its own website, all standards that the Forum recommends have been thoroughly tested, lower costs and reduce the risk of internet fraud and data abuse. The recent recommendation came after a request over a year ago by Privacy First and Wi-Fi roaming provider Publicroam. Privacy First and Publicroam requested the Forum to mandate WPA2-Enterprise as the standard for access to guest Wi-Fi. The Standardization Forum then decided to conduct further research, resulting in its current opinion.
Stop offering insecure guest Wi-Fi
Privacy First chairman Paul Korremans is delighted with the advice: "It took a while, but now there is a clear recommendation. The Standardisation Forum calls for the secure provision of guest Wi-Fi, preferably using the WPA2-Enterprise standard. This recommendation creates clarity for all parties involved in setting up and managing public Wi-Fi networks within government institutions. Moreover, the recommendation will likely have a broader effect: in our view, the Forum is saying that we need to stop offering insecure guest Wi-Fi altogether."
The Netherlands at the vanguard
The Standardisation Forum made its decision in the summer of 2021 after several expert meetings and a public consultation. The recommendation was added to the existing obligation around WPA2-Enterprise in early September. The Netherlands is one of the first countries to have such an obligation.
Experts consider the standard WPA2-Enterprise (and its successor WPA3-Enterprise) to be the most suitable method for achieving secure Wi-Fi access. The standard is mandatory for Wi-Fi access for government employees and is widely used by businesses and educational institutions among others. Because it is a long-standing open standard, it is widely available and easy to implement.