Tweet Cybersecurity, Data

Encryption Plays a Key Role in Securing Our Critical Infrastructure

We are surrounded by discussions of the benefits of future technology: smart cities and new services that will ease our commutes and improve our work lives and sensor-laden smart homes that will ease our day-to-day chores through the Internet of Things (IoT).

In many ways, though, that future already is here on a much larger scale. The IoT helps direct the industrial control systems (ICS) that generate and transmit electricity, guide the mixing of reactive substances at chemical plants, and direct automated assembly lines at manufacturing plants, among other examples.

With the benefits of these sector-shifting ICS comes the need to ensure proper levels of cybersecurity in order to protect against the risk of cyberattacks. Central to that effort is ensuring that we make the proper investments in and policy environment for encryption. Software.org: the BSA Foundation released an issue brief today on encryption’s vital role in ICS.

The efficiency, connectedness, and productivity that ICS provide place them at the forefront of our critical infrastructure. From the manufacturing to the energy sectors, such systems continue to rapidly expand and evolve. But the involvement of ICS in critical infrastructure means that we must now work harder to ensure that our infrastructure is safe from cyberattacks and malicious adversaries.

We must guard against the repeat of something like the December 2015 hack of Ukraine’s power grid. In that attack, hackers uploaded malicious firmware to devices used to transmit operator commands to and from substation control systems. Once the devices were under the hackers’ control, it would have been impossible for operators to address any damage remotely. The attack was unprecedented and symbolized a warning for all nation states: this can happen to you.

In 2016 alone, the Department of Homeland Security’s ICS Cyber Emergency Response Team responded to 290 cybersecurity incidents across sectors. Critical manufacturing was targeted most often, followed closely by communications and energy. Many ICS deployed today are built to last decades rather than years, and many were built before the emergence of current cyber threats. Additionally, many ICS devices built today fail to include fundamental security features or may not enable these by default.

To address these issues, we must use cryptographic techniques like encryption and authentication. Encryption is important to ICS in deploying cryptographically signed updates and patches. For devices that may not be able to support encryption, advances like lightweight cryptography offer an alternative. But for these options to be viable, continued investment, research, and development on encryption is essential.

Proper authentication is important because it enables components and devices to communicate exclusively with authenticated components and devices. Strong authentication solutions rely on the same cryptographic systems and algorithms that also power encryption.

Making these systems as secure as possible is in everyone’s best interest: government, industry, and consumers. All sides need to work together to develop not only the best technologies, but also the proper standards for hardening our infrastructure against attack today and going forward in the IoT-enabled world. Fortunately, collaborative efforts aimed at ensuring online protections are underway: The Charter of Trust, signed recently by IBM, Siemens, and other corporate leaders, is one example of efforts aimed to ensure confidence in the digital world by ensuring a proper focus on the essential elements of cybersecurity. Key among those elements: access management and encryption.

The charter and other partnerships between government and industry are essential to create an environment where encryption research can flourish, and promotion of strong encryption can be a universal goal for protecting ICS.

Author:

As the founding executive director of Software.org: the BSA Foundation, Chris Hopfensperger leads the foundation’s efforts to help policymakers and the general public better understand the impact that software has on our lives, our economy, and our society. He also helps translate the foundation’s philanthropic and forward-looking agenda into efforts to address key issues facing the software industry.

Previously, Hopfensperger was a Senior Director, Global Policy at BSA | The Software Alliance. In that role he worked with BSA members to develop and advance the organization’s positions on technology law and regulation across markets. Hopfensperger conceived and helped produce a series of groundbreaking policy papers including the BSA Global Cloud Computing Scorecard, a tool for helping policymakers craft the right legal and regulatory environment for adopting the emerging technology. He advised members in such critical policy areas as cybersecurity, privacy, and encryption.

Hopfensperger has worked with industry representatives and government officials in numerous markets, and he has spoken on the intersection of policy and technology in several key capitals including Bangkok, Brussels, Beijing, Delhi, Seoul, and Tokyo.

Prior to joining BSA, Hopfensperger served as a technology and trade policy associate in the DC office of a large global law firm. While there, he advised companies and industry associations on pursuing legislation and representing their issues before Congress and the federal agencies and in the courts. Previously, Hopfensperger worked for more than a decade as a newspaper writer and editor, including at The Washington Post, The Sacramento Bee, and the St. Petersburg Times. Hopfensperger holds a law degree from the University of Michigan and a bachelor’s degree in journalism from the University of Nebraska.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − 10 =