Content control: Data in motion: When is content in transit encrypted?Options:Options are split into three dimensions.Dimension 1:
Option 2: When convenient and available. Option 3: When required by others. Option 4: Never use encryption.
Option B: All information.
Option ii: When transiting untrusted networks. Basis:Required: When encryption is required by others, whether by contract, government mandate, or by customer demand, when encryption is required, it should be used.Feasible: Encryption is not always feasible. For example, real-time control data at a rates or with delay requirements beyond technical capabilities to encrypt are infeasible. Infeasibility may be fed by economic concerns, complexity of operations, political sensitivities, or any number of other factors. Convenient: Encryption is often convenient and readily available. For examples, SSL to Web servers, WPA for wireless systems, and ssh for remote terminal access are almost always as each or nearly as easy to do as operating unencrypted. When use of encryption is as easy, reliable, fast, and allowable as non-use, encryption should be used. Alternatives: There are, of course, alternatives to encryption (and other modes of coding) in transit. For example, physical separation of infrastructure and local wiring may be used in some cases. Signals may be sent via multiple paths or protocols to make it harder to intercept complete information, etc. But without physical containment and a great deal of additional control, access will be attainable. Sensitive information: All (other) information: Internal: External: Surveillance:
Note also that surveillance of this sort tends to be ineffective against steganography or other covert channel methods. The use of encryption for information in transit, as opposed to other techniques, is specifically and solely for the purpose of preventing unauthorized revelation of content or information about the systems exchanging the content. It is expensive to do well and prevents internal surveillance that may be important to intrusion detection, network debugging, and other similar uses. Therefore, the only justification for encryption in transit comes from external requirements or risks. However, it is very inexpensive in most cases today to encrypt less well, so unless there is a need to surveil the communications, encryption is sensible at some level or quality in most cases. Low risk: In low risk situations, encrypting all content traveling through internal networks may be too hard or expensive, is often unnecessary, and may be difficult to manage. If required for some contractual or other reason, external traffic should be encrypted. Sensitive information should be internally encrypted if it is convenient because, while the risk is low, the cost is also low in this situation. External sensitive information should be encrypted if required for regulatory, public perception, or contractual reasons. Medium risk: In medium risk situations, all internal network traffic should only be encrypted if convenient. Most information is not likely to be important if leaked, and this keeps unnecessary costs down without sacrificing anything critical. All external and internal sensitive information should be encrypted if it is convenient because, in the case of external information, it increases the difficulty of understanding which information is important, and for internal information, it doesn't hurt to encrypt if it is convenient. Sensitive information with value this high and identified threats should always be encrypted in transit, even internally. High risk: In high risk situations, loss of life or similar high consequences may be the result of sensitive information leaks. As a result, all sensitive information should be encrypted in transit. Non-sensitive information should be encrypted internally if convenient and externally if feasible, for the same reasons as the medium risk situation. |