T&D World Magazine
NERC | CIP COMPLIANCE: Encryption maxkabakov/iStock/Thinkstock

NERC | CIP COMPLIANCE: Encryption

The third in a series of NERC/CIP Compliance briefs from SOS Intl, a provider of training and compliance program services to electric utilities.

Secret codes have long been used by the military to send secure information, businesses to protect trade secrets, and children to play spy games. Now, secret codes have evolved with computer technology to provide protection to our everyday computer use.

Modern computers take advantage of cryptography, also known as encryption or digital signatures, utilizing a mathematical formula to transform data into a string of random unintelligible bits known as ciphertext. The encryption process relies on a key that acts as a password to lock and unlock information.

It is crucial to keep track of the encryption key to access and protect your data. Fortunately, this programming has already been done. A system, known as public key cryptography, manages all of the encryption details. This technique features two keys – one you keep private and one you share with the world. What you lock with the public key can only be unlocked with the private key and vice versa. Software manages this locking and unlocking so we can do a variety of activities such as:

  • File and disk encryption – information “at rest” on a disk drive or solid state memory is stored in encrypted form. When you want to access it, your computer will ask for a password – the key – and, once the password is entered correctly, unlocks the data. If someone steals your computer, they can’t look at your data because they don’t have the key. Even if they open up the case and plug the disk into their own computer, they can’t see the data. The disk encryption makes it look like gibberish.
  • Web encryption – as doing business online has become more and more common, developers have created a technique, known as SSL, which uses public key cryptography to safely transmit private information over a public internet connection. This technique prevents a hacker from tapping the line between the user’s computer and a web site to steal sensitive information such as credit card numbers. You can recognize SSL-enabled web sites by their address – https:// instead of http://.
  • Email encryption – many email reader programs have built-in encryption capability called S/MIME. While requiring a little effort, the setup is worth it to protect your communications.

Many available products use cryptography to help make your electronic life more secure. As always, carefully research and verify any product before installing it on your computer. Both Microsoft and Apple include file, web, and email encryption capabilities in the latest versions of their operating systems.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish