Managing Risk in an Encrypted World

Data flow

by John Gilroy, Faculty, Master's in Information Technology Management

Encryption is normally of interest to math geniuses, bank vault manufacturers, and criminals. As a result, the general interest in the term "encryption” was steadily declining . . . that is, until a major blip in April 2016. That’s when Apple made a big splash by resisting the federal government’s security request. Since then, we have seen hospitals get hit with ransomware—malicious code that encrypts important data until a financial payment is made. Since most of us are living a digital life through online banking, shopping, and news gathering, the question is: should you be concerned with encryption?

It has been estimated that from September 2014 to June 2015, the Department of Defense had 30 million known attacks. This works out to 3 million attacks per month or 100,000 attacks per day! Security professionals like to point out that 99.9% of these attacks are thwarted—but that still leaves up to 30,000 successful attacks.1

New technologies for threat detection and investigation are being deployed everywhere. Some new systems are extant or are on the horizon, including Security Information and Event Management (SEIM) software, Network Packet Capture, Next-Gen Firewall, Next-Gen Antimalware, Endpoint Forensics, User Behavioral Analytics, and encryption.

The topic of scrambling and unscrambling data (encryption) is part of a systems administrator’s job when setting up Virtual Private Networks (VPN). One aspect of encryption that has “dripped” down to the masses is using a Secure Socket Layer (SSL) on a website. Consumers are informed of this encryption with a special icon in the browser. Google is rewarding websites for this encryption. It gives higher rankings to sites that are SSL encrypted. Because of this preference, it has been estimated that 77% of Google Internet traffic is now encrypted.2

But this doesn’t mean that encryption is only available to ethical system developers. In a strange turn of events, criminals with malicious intent have placed encryption on the front page of national newspapers (ransomware). If you are responsible for a large IT project or manage traffic on your company’s network, how has this recent development impacted you? What responsibility does an organization have for data inspection of inbound or outbound traffic? How does one detect and investigate threats using existing technology?

Perhaps the answer lies in the network itself. At the 2016 Federal Forum, Federal Chief Information Officer Tony Scott said that we need to modernize the government’s aging IT architecture and applications in order to improve security.

For example, F5 Networks has the capability to inspect inbound and outbound traffic to prevent bad actors from using systems, specifically federal systems, to transfer packages that have malicious content on a trusted network. This concept is frequently referred to as that ability to “break and inspect” encrypted traffic.

Nobody could have predicted hospital information being held for ransom. What will the next target be?


1. http://www.governmentcontractinsider.com/pentagons-dc3i-memo-acknowledges-thousands-of-cyber-breaches-that-compromised-dod-systems-and-commits-to-new-cyber-culture/

2. http://www.pcmag.com/news/342935/77-percent-of-google-internet-traffic-now-encrypted

3. 2016 Federal Forum – The Intersection of Innovation & Action June 14, 2016 Washington, D.C. http://www.fedscoop.com/events/2016federalforum/

Learn more