Hendon Publishing - Article Archive Details
Encryption and other factors that may impact interoperability
Written by Doug Onhaizer
Interoperability—you either have heard about it, are doing it or have done it—so what is all the fuss? Many of us are still just trying to maintain or improve our operability, so thinking about interoperability becomes an afterthought. If we are ever to reach a point of being a nation of interoperable systems, the vision of “systems of systems,” then as we build out our local systems we need to be aware of what may impact interoperability in the future. One such consideration is encryption—or more simply stated, the need to ensure the people who need to hear the message hear it, and the people who do not need to hear it don’t.
So, what is encryption all about? Can you read the following? Knowing the encryption key to start with will help. So, if I shared the key with you in advance and sent the above message you would know how to decode the alphabet.
Now, with the key you can fill in the blanks below:
Encryption falls into the larger cryptography world and has been around for thousands of years. Before there was digital encoding there was written encoding going back to the days of when hieroglyphics were carved into the pyramids. We have certainly evolved from those days and moved toward more mechanical methods, which became very popular in national defense during both World Wars. The Germans used what was known as the Enigma machine back in World War II. The Allies spent many days trying to figure out the basis for the Germans’ encryption—which ultimately turned out to be tied to mathematical calculations.
What Does Encryption Look Like Today?
Encryption was largely a federal government or Department of Defense (DOD) capability until the implementation of public key encryption. There are many types of encryption today and they have been evolving since the early 1970s. The different standards are all variants of each other. The more common encryption standard is the Data Encryption Standard (DES), which was the original public key encryption standard developed in 1970. When it first came out it was certainly secure, but it has since been broken and has proven to be inadequate.
Triple Data Encryption Standard (DES) is based on DES, but to improve the security limitations the encryption key was tripled. Theoretically, three times the number of potential key combinations makes the encryption code more difficult to break.
Advanced Encryption Standard (AES) is a standard that came on the scene in early 2000 and has since become the standard of choice. The encryption key length is larger than DES and is far more secure—to the point where AES became the first public encryption standard to be adopted by the National Security Administration (NSA) to protect secure communications.
This intent here is not to make you an expert on encryption, but rather to make you aware that there are many options to consider. The salient point for this article is about encryption and the effects it has on interoperability.
Why should you care? Take a look at the diagram below:
The system with encryption (System A) affords a level of security within the system itself. However, the ability to talk to radios on the non-encrypted system (System B) is inhibited because of incompatibility. Remember, without the encryption key from System A to decipher the message users on System B cannot understand the information received. So, if you are considering a new system or encrypting your existing system, do not forget that the type of encryption you choose and how you choose to implement it could end your existing mutual aid with a neighboring jurisdiction, region or state.
Interoperability and Encryption
You want encryption, but you also want to maintain interoperability—are these mutually exclusive objectives, or is there some happy medium? Luckily, there are ways to move forward today with encryption without significant impact on interoperability.
What To Do
Meet and discuss your intentions with your mutual aid partners. You might be surprised to learn that they too may be considering encryption.
Consider what needs to be encrypted. The operative word is “need.” It is easy to say we want everything encrypted but that comes at an expense. Obvious candidates include any operations with a covert or undercover dimension.
Stick With an Industry Standard Encryption Scheme
DES is an encryption standard listed within the current digital radio standards (known as P25). However, as of 2005 the federal government no longer supports this standard for secure communications.
AES is the encryption standard currently endorsed for all federal communication systems, and it is recommended that you consider this standard to ensure future interoperability. It is also supported within the current digital radio standards (known as P25).
Develop a standard operating procedure (SOP) for operating in un-encrypted mode or “in the clear.” This SOP should address when to use encryption and when not to use encryption. If you are considering encryption it is best to order radios with encryption installed. Many times the process to retrofit a radio requires the radio to be opened, which adds additional expense and subjects the radio to potential damage.
What Not To Do
You should not implement encryption without first understanding the impacts to surrounding agencies, mutual aid agreements and multi-agency, multi-jurisdictional emergency response partners. Also, stay away from proprietary encryption schemes even if the cost is appealing. You will be able to talk to each other, but your other partners will be left out of the conversation.
Do not take an all-or-nothing approach—you can consider what elements of your operations need to be encrypted and focus on that area. Also, encrypt the channel—you are better off installing the encryption modules in the radio, if possible. That way, the radio can talk on any available talkpath and the data is decrypted at the end point (usually another radio).
Do not install encryption before knowing why you need it. You should check the Health Insurance Portability and Accountability Act (HIPAA) requirements for public safety communications. In most cases the agency is exempt so encryption is not required.
Encryption has its place in public safety communications but make sure you consider the impacts before you add this feature. Otherwise, you may do more damage than good.
Interoperability and Other Considerations
Certainly, any time we can advance our systems and bring in the latest technology we should do so, right? We all know progress is good, or so they say. However, one jurisdiction’s progress may be to another’s detriment. Let me explain by using three scenarios facing public safety communications.
Digital Radio Migration: Some jurisdictions are well on their way to the digital radio age. Installations of digital system are occurring all over the country. Stop for a moment and consider the agencies that, for whatever reason, do not have the capacity to migrate to digital radio systems. This means we have some users in the country still operating on analog and others on digital—not unlike the digital divide between high-speed Internet and dial-up Internet. Sure, it works, but is it optimal? What if User 1A from System A (non-digital) needs to communicate with User 2B from System B (Digital)? Unless there is some form of a patch or gateway, the communications cannot occur. If you are one of the fortunate jurisdictions to have the opportunity to migrate to digital, make sure you consider the impacts to interoperability and your partner agencies.
Narrowbanding: This is basically the ability to squeeze more out of the public safety frequencies we have, which will afford a more efficient use of the existing public safety radio spectrum. However, there are agencies, similar to digital and P25 migration, which have the means to make the switch, but there are many others which do not. Of course, as we consider buying new radios we should ensure they have narrowbanding capabilities, but what if we are not buying new radios? Again, we may create the “haves” and “have nots” where the interoperability between these agencies could suffer. If you are in the narrowbanding equation make sure you talk to your mutual aid, regional and state partners—coordination is the key.
800MHz Rebanding: If you operate an 800MHz public safety radio system, then you have likely had some involvement with the federally mandated 800MHz rebanding process. The outcomes for this initiative are positive for public safety communications by mitigating interference. The process has moved forward in Waves (Wave 1-4) and for the most part the agencies within their respective Waves have coordinated with each other, but there also must be consideration for the other Waves. Each Wave is at a different stage, so for those relying on national mutual aid response, the non-rebanded radios will not work in the rebanded areas. This is most relevant on the National Mutual Aid frequencies used for interoperability. Also, rebanding is occurring across our borders—Canada and Mexico are also players. Understanding the different Waves and coordinating will all of the partners will help mitigate any impacts to interoperability.
It is easy to consider interoperability as one-dimensional—you are either interoperable or you are not. But it is a never-ending cycle brought on by our own need for advancements and improvements in public safety communications. If we could all just operate on conventional analog radios, then interoperability would not be an issue. Unfortunately, that is not the case and public safety communications, not unlike the mass consumer market, demands advancements and improvements.
So, do we just stop here? We may be able to slow it, but we cannot really stop it—these advancements are a necessary evolution of technology. So, what can you do? Hide and maybe it will go away—no. But you can consider each advancement carefully as you evolve your current systems, but be aware of their impacts to your state of interoperability. After all, progress lost is not progress.
Doug Onhaizer is Director of Public Safety Programs for SEARCH, The National Consortium for Justice Information and Statistics (www.search.org).
Published in Public Safety IT, Nov/Dec 2009
Rating : Not Yet Rated
Click to enlarge images.