Airtight encryption makes cybersecurity a challenge
Wednesday, June 15, 2016 8:47:40 PM
Airtight encryption makes cybersecurity a challenge
If I were to choose a word that encapsulates the focus of the cybersecurity industry for the last two years, it would be “encryption.” However, the boon in increased encryption has created new challenges for enterprises.
Some point to the illegal disclosures of classified information by Edward Snowden as the spark that ignited the encryption revolution. U.S. Director of National Intelligence James Clapper commented that the use of encryption accelerated as a result of the Snowden leaks. Recently, former U.S. Attorney General Eric Holder commented that Snowden provided a “public service” in triggering the debates on surveillance but should be punished for illegal disclosures of classified intelligence documents beginning in 2013. These debates have spurred efforts by application developers to thwart the ability of any entity, especially government entities, to intercept and read the electronic communications of their users, including email, website browsing, instant messaging and other data transfers.
This has led to a burst in encryption technologies being implemented in all types of services. Application developers now tout end-to-end encryption, which ensures that only the sender and recipient can read the message, as a key feature. Messaging app WhatsApp has received particular attention for its end-to-end encryption. With over 1 billion international users, law enforcement is particularly concerned that terrorist groups and other bad actors will use it to plan and execute crimes. Facebook recently announced plans to allow users to enable end-to-end encryption of its messaging application.
In 2015, Microsoft enabled encryption by default so that all searches, queries and results on Bing.com are encrypted. In addition, nearly all major webmail providers enable encryption by default. By providing this level of security, these application developers and service providers have made their products and services more desirable by addressing the fears sparked by the Snowden leaks.
Accordingly, business enterprises now favor services with encryption enabled by default. As a result, 40 to 60 percent of their company network traffic is encrypted. This is great for businesses and consumers in securing information and preserving privacy, but it also creates a cybersecurity challenge. For example, with end-to-end encryption, increased diligence in the security of the endpoint devices (for example, computer, mobile phone, tablet) is required. Enterprises need to implement security tools that more closely monitor the devices to compensate for the blind spots created by encryption.
Traditional network intrusion prevention devices deployed by enterprises are effective only if they are able to read and interpret the packets to identify malicious activity. Data loss-prevention tools that detect and prevent sensitive data such as Social Security numbers, banking information and other sensitive customer information leaving the network are also rendered ineffective by encryption.
With encryption being enabled on nearly every web-based service, enterprises will be blind to attacks and compromises occurring on encrypted channels. They will need to rethink their strategy to detect and prevent malicious activity on their network.
Enterprises own and fully control their private corporate networks. Through corporate policies and currently available technology, enterprises have the ability to reverse the encryption of the information on their networks for the sole purpose of inspecting for malicious activity and then re-encrypting the information so that it is protected when it leaves the corporate network and traverses the internet. Enterprises will need to ensure they have clear policies and procedures governing decryption and inspection activities.
Enterprises also need to clearly communicate these policies to their employees and customers who will need to be reassured their data privacy and confidentiality expectations are preserved. In addition to the policy challenges of implementing a decryption program, decryption technologies are expensive and complex to implement and are not guaranteed to address all encrypted transmissions.
Now that encryption technologies are a hot topic, they have the attention of hackers and researchers who are working to identify weaknesses. This has led to the discovery of new vulnerabilities in encryption software that has been fundamental to securing our communications for years (for example, OpenSSL, TLS). As a result, enterprises are struggling with the challenges of upgrading encryption software that secures core critical business applications. These challenges will continue to arise as hackers focus their energies on cracking encryption technologies, which will increase the upgrade-and-patch cycles for system administrators.
In some ways encryption is a double-edged sword of the cybersecurity industry.
Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at firstname.lastname@example.org
© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser