Encryption issue highlights importance of cybersecurity policy management
- Written by Amy Dinsmore
- September 21 2015
The Washington Post recently obtained a draft document of a National Security Council draft report to the Obama Administration pertaining to the issue of giving law enforcement agents access to encryption keys. There are many nuances to this issue, some controversial, some not, but one clear message coming out of this revelation is that police must begin considering cybersecurity issues in their policy management efforts.
A quick look at the encryption issue
The draft document highlights a major cybersecurity issue that has far-reaching implications in law enforcement – giving officials access to encryption keys so they can decrypt encrypted data. The thought process here is fairly straightforward – criminals are increasingly encrypting all data they transmit through electronic means, meaning that law enforcement agencies can’t effectively use that information as they attempt to solve cases. Some industry experts believe it would help police if encryption solutions were designed with keys that law enforcement officials would have in hand, making it easier for agencies to access evidence.
The NSC draft report does not recommend giving law enforcement agencies this power. While the report acknowledged that building solutions so that law enforcement groups can easily decrypt data could be helpful, the NSC believes that building this weakness into encryption technologies will ultimately do more harm than good. The thought process here is that powerful encryption delivers benefits to civil liberties, cybersecurity and privacy that are greater than the advantages law enforcement would gain through simpler decryption. That said, the NSC also points out that law enforcement agencies do need to continue working to use all of the tools they have legal access to in efforts to access data relevant to protecting the public.
Making sure your policies are ready for cybersecurity considerations
Policy management is essential as law enforcement organizations get more involved in cybersecurity issues. Whether you are dealing with digital forensics, surveillance methods or efforts to obtain digital information that may be relevant to a case, you must carefully follow industry best practices. As the law enforcement sector solidifies laws surrounding the way officers can gather and access digital evidence, police must be prepared to keep their internal policies up to date and train their personnel effectively.
Creating policy management frameworks that can keep up with cybersecurity demands
In law enforcement, cybersecurity isn’t just a matter of protecting data, it also involves getting key data that could be evidence. In other words, creating a secure environment in a digital world means protecting public privacy in cyberinvestigations. Law enforcement agencies must keep their policies and training documents aligned with best practices and regulations at all times to keep up with the rapidly changing demands emerging in this segment of the industry.
Policy management software plays a vital role in this process by giving your agency the tools it needs to make efficient policy updates, distribute materials out to end users and perform audits all in the same digital platform. Centralizing all of your policies, training documents and similar files into a common, web-based platform simplifies document management and can help agencies keep up with cybersecurity demands.