By Dieter Klein, Managing Director at KEYMILE Asia
Jan. 17, 2017
This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Security is crucial in mission-critical communications networks belonging to utilities, energy suppliers, railway companies or authorities. As operators of this sort of critical infrastructure are being confronted with a growing number of attacks, attempts at manipulation or espionage, they need to take effective precautionary measures. A comprehensive IT security concept must consider future-proof encryption solution as well as information and IT security standards.
The Asia-Pacific market for mission-critical networks is growing rapidly, with increasing investment in infrastructure within the energy sector, railway companies and in local government to support the booming economic growth in the APAC region. In these sectors, it is crucial to provide highly secure data transmission. Here are three security measures that can be taken:
Encrypt data and authenticate senders in the communications network
Operators today face new challenges, especially when TDM-based communications networks and systems that have been in use for a long time are to gradually extended or replaced with future-proof IP solutions. When providing an IT security concept, they have to consider existing and new IP-based systems. This security concept for mission-critical communications networks must comply with exceptional demands on privacy, integrity and security regarding the data transmitted as well as on the availability of the systems used - implement it in one single information security management system (ISMS). Encrypted data transmission combined with effective authentication and authorisation methods are a necessity to guarantee security.
Implement a future-proof encryption solution
To increase the security of mission-critical communications networks, operators must focus on data traffic encryption and include it as part of an end-to-end solution for the ISMS. Data in packet-based transmission networks should only be transmitted in an encrypted form. The random numbers used to generate the keys play an important role. In contrast to random numbers generated mathematically, a hardware-based quantum random number generator (QRNG) produces factually secure random keys while using elementary quantum optical processes as the source of true randomness. Photons, or light particles, are sent individually to a semi-transparent mirror and detected. The exclusive incidents (reflection or transfer) are linked with 0 or 1 as bit values. These types of quantum processes enable immediate and unlimited entropy.
Encrypting the network traffic between layer 2 and layer 3 has two benefits compared with solely layer 3 encryption. Firstly, there's no loss of bandwidth due to overhead information, and secondly, the latency is only a few microseconds instead of milliseconds. The combination of a hardware- and software-based encryption solution guarantees not only high levels of security, but also future-proofs mission-critical systems. Programmable FPGAs (Field Programmable Gate Arrays) also allow better customisation of a solution because it can be extended and updated, and used for many years.