A New P25 Best Practices Document is Now available detailing Operational Best Practices for P25 Encryption Key Management.

The Full Document can be downloaded using the link below:

Operational Best Practices for P25 Encryption Key Management

Or from the DHS Cybersecurity & Infrastructure Security Agency (CISA) Website Encryption page

https://www.cisa.gov/publication/encryption

The Best Practices Document was developed by the Federal Partnership for Interoperable Communications (FPIC) in coordination with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC). The work was developed in partnership with the National Law Enforcement Communications Center (NLECC), the National Institute of Standards and Technology, and subject matter experts from federal, state, and local agencies.

This document is the fourth in a series of documents informing public safety on encryption. The first document, Considerations for Encryption in Public Safety Radio Systems, described agency requirements related to land mobile radio (LMR) encryption. The second document, Guidelines for Encryption in Land Mobile Radio Systems, addressed encryption methodology—the strategy for determining which encryption method or algorithm best protects sensitive information. The third document, Best Practices for Encryption in P25 Public Safety Land Mobile Radio Systems, provided an overview of encryption key management related to Project 25 LMR systems. (Links to these documents are available on the CISA Website Encryption Page above)

This New document—Operational Best Practices for Encryption Key Management—continues the education efforts. This document thoroughly explores encryption challenges relevant to public safety LMR systems and provides the public safety community with specific encryption key management best practices and case studies that illustrate the importance of secure communications.

The need for encryption in the public safety community is increasing as technologies for monitoring public safety communications become more accessible. Scanners and smart phone apps make it easy for anyone to access sensitive law enforcement and emergency medical services (EMS) information transmitted in the clear (without encryption). At the same time, encrypting an LMR system can potentially interfere with interoperability within and among agencies if encryption protocols are not shared among users.

Public safety agencies face a broad range of options when it comes to encryption key management, including choice of encryption algorithm, various protocols for key generation, and determining cryptoperiods (the length of time between system-wide changes of encryption keys). These options can be simplified by following a number of common-sense practices developed by public safety agencies not only to protect their own systems’ communications but also to maintain interoperability with their local, state, and federal mutual aid partners.