The Case for Out-of-Band Key Delivery in Energy’s Critical Infrastructure Plan (CIP)
(QuantumXchangeBlog) The North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC CIP) consists of several security standards designed to help electrical energy supply and delivery systems protect themselves from attacks – may they be physical or electronic-based. It’s worth noting the petroleum and natural gas industries have similar protection plans in place.
The CIP standards include areas such as personnel training, physical security, and supply chain risk management. But most of the CIP standards are focused on specific areas of cybersecurity to protect the Bulk Electric Systems (BES) from attack. For example, CIP-005-6 covers Electronic Security Perimeter(s) and the management of access to BES cyber systems.
The rapid evolution of next-generation computing platforms will break network encryption as we know it. NIST is expediting the evaluation of algorithms to replace the vulnerable RSA and ECC PKI algorithms that currently negotiate symmetric encryption keys used to secure our digital universe.
This means that in the not-so-distant future, organizations will need to be able to switch to new encryption technologies quickly without disrupting current business processes. This global cryptographic transition will be the largest in history and requires crypto agility and highly scalable solutions.
But changing algorithms that are built into commercial encryption solutions is a disruptive task and depends on the vendor’s ability to deliver on these changes. New algorithms may also come with an unacceptable performance or reliability cost. Historically, new algorithms have fallen prey to unanticipated implementation flaws and/or side-channel attacks resulting in data breaches. For these reasons, security vendors and end-users are hesitant to move forward. Arthur Herman of the Hudson Institute’s Quantum Alliance Initiative says, “complacency disguised as confidence” is no way to be. It puts our enterprises, digital economy, and national security at risk.
There is a way to add a simple overlay architecture that addresses these issues and extends your encryption infrastructure, and investment, into the future. By decoupling key generation and delivery from the data, several additional benefits are realized:
- Performance of the existing data delivery infrastructure is not impacted.
- New algorithms or key-delivery technologies such as QKD can be rapidly integrated into the new architecture without impacting the production data delivery networks.
- Keys can be generated from high-entropy sources such as QRNGs, delivered to low-entropy systems such as virtual appliances and IoT devices.
- Large high-entropy keys can be delivered to endpoints that use them to generate one-time pads (OTP) via local pad-generating functions – avoiding the doubling of data volumes associated with OTPs.
For example, two-factor authentication secures network authentication by delivering a secondary credential out-of-band from the user identification and password. Deploying this same architecture, we can secure communications by sending a secondary key out-of-band from the first key and the data that is being protected. This effectively decouples key generation and delivery from data transmission thereby overcoming the inherent flaws and outdated architecture of legacy encryption.
With this new out-of-band key delivery architecture, man-in-the-middle (MITM) attacks can no longer succeed, as there is no single point of attack. If an algorithm is compromised, the data is not exposed because the attacker has to obtain two sets of keys and determine how and when they were used. This is in stark contrast to the impact of a compromise in a one-key system. Another benefit is that with minimal effort, enterprises can build secure remote networks that behave as if they are running on-premises in the enterprise.