Modern encryption techniques provide several important security properties, well known to most practitioners. Or are they? What are in fact the guarantees of, say, HTTPS TLS cipher suites using authenticated encryption, IPSec vs. SSL VPNs, Property Preserving Encryption, or token vaults? We live in an era of embedded Hardware Security Modules that cost less than $1 in volume, and countless options now exist for encrypting streaming network data, files, volumes, and even entire databases. Let's take a deep dive into the edge of developed practice to discuss real-world threat scenarios to public cloud and IoT data, and look closely at how we can address specific technical risks with our current encryption toolkits. Advanced math not required.
Kenneth White is a security researcher whose work focuses on networks and global systems. He is co-director of the Open Crypto Audit Project (OCAP), currently managing a large-scale audit of OpenSSL on behalf of the Linux Foundation's Core Infrastructure Initiative. Previously, White was Principal Scientist at Washington DC-based Social & Scientific Systems where he led the engineering team that designed and ran global operations and security for the largest clinical trial network in the world, with research centers in over 100 countries. White co-founded CBX Group which provides security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. Together with Matthew Green, White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensive cryptanalysis and public security audit of the widely used TrueCrypt encryption software.
White holds a Masters from Harvard and is a PhD candidate in neuroscience and cognitive science, with applied research in real-time classification and machine learning. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and Nature. White is a technical reviewer for the Software Engineering Institute, and publishes and speaks frequently on computational modeling, security engineering, and trust. He tweets @kennwhite.
Facilities for business continuity may include alternate workspace equipped for continuation of business operations. Alternate facilities may be owned or contracted including office space, data center, manufacturing and distribution.
Systems for emergency response may include detection, alarm, warning, communications, suppression and pollution control systems. Protection of critical equipment within a data center may include sensors monitoring heat, humidity and attempts to penetrate computer firewalls.
Every building has exit routes so people can evacuate if there is a hazard within the building. These exit routes should be designed and maintained in accordance with applicable regulations.
Business continuity resources may include spare or redundant systems that serve as a backup in case primary systems fail. Systems for crisis communications may include existing voice and data technology for communicating with customers, employees and others.
Equipment includes the means for teams to communicate. Radios, smartphones, wired telephone and pagers may be required to alert team members to respond, to notify public agencies or contractors and to communicate with other team members to manage an incident.
Many tools may be required to prepare a facility for a forecast event such as a hurricane, flooding or severe winter storm.
Materials and Supplies.
Materials and supplies are needed to support members of emergency response, business continuity and crisis communications teams. Food and water are basic provisions.
Systems and equipment needed to support the preparedness program require fuel. Emergency generators and diesel engine driven fire pumps should have a fuel supply that meets national standards or local regulatory requirements. That means not allowing the fuel supply to run low because replenishment may not be possible during an emergency. Spare batteries for portable radios and chargers for smartphones and other communications devices should be available.