16 September 2019
Critical Infrastructure Depends on Strong Encryption
Increasingly, critical infrastructure relies on internet connected industrial control systems (ICS) and internet-enabled distributed operations. Industrial control systems, such as Supervisory Control and Data Acquisition (SCADA) are central to the operation of infrastructure in electricity, transportation, oil and gas, water, manufacturer, and other critical infrastructure sectors.
And, as automation continues to evolve and become more important worldwide, the use of ICS/SCADA systems are going to become even more frequent.
Encryption is critical to the security of the industrial control systems and the communication channels through which they send/receive sensitive data to keep critical infrastructure functioning. It protects the integrity of data in transit, enables visibility of communications channels, and enables secure authorization to defend against compromise by malicious actors. For example, encryption is used to protect data in transit across the electricity grid, including communications to and from operations centers, power generation systems, distribution substations, and home “smart grid” networks.
Because encryption is among the most important safeguards for managing the risk of data breaches, it is widely mandated by government and critical infrastructure organizations. Strong encryption is recommended by NIST Framework for Improving Critical Infrastructure Cybersecurity, now mandatory for U.S. Government agencies. It is also directed for financial sector entities and Smart Grid operators.
Cybersecurity is critical for national and economic security,” said Secretary of Commerce Wilbur Ross (2018). “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must for all CTO’s.”