FIPS stands for Federal Information Processing Standards, a set of computer security standards established by the US federal Department of Commerce’s National Institute of Standards and Technology (NIST). The goal of FIPS is to create a uniform level of security for all federal agencies in order to protect sensitive but unclassified information—a large portion of the electronic data not considered secret or higher.
Of most interest to microwave backhaul users are two particular FIPS standards, FIPS 197 and FIPS 140-2. FIPS 197 is straightforward enough: it provides the definition of the Advanced Encryption Standard (AES), which is the basis of so much of the security industry. Many security products from IT vendors are validated FIPS 197 through an organization within NIST called the Cryptographic Module Validation Program (CMVP) that reviews and verifies the testing results of independent labs that put participating company’s cryptographic modules through their paces.
It still begs the question, “Why is FIPS important?” The answer is simple. Rather than take your telecom vendor’s word that its products are secure and will properly protect your payload and network management traffic, FIPS is an assurance backed by the full faith of the United States government that FIPS-validated security solutions defend your electronic information thoroughly within the context of how the solutions were designed and manufactured.
However, not all FIPS validations are created equal. FIPS 140-2 that sets the standard for the Security Requirements for Cryptographic Modules has different levels of validation. For example, a cryptographic module that is validated FIPS 140-2 Level 1 provides that basic level of security by encrypting data going through it to the level of protection provided by AES. However, a cryptographic module that is validated to FIPS 140-2 Level 2 not only provides AES electronic encryption but also physical security of the device itself. This means that a FIPS 140-2 Level 2 validated cryptographic module cannot be tampered with unless the seals on the solution housing are broken in which circumstance the so-called cryptographic officer will know immediately information security has been compromised and she can the take action at once to remediate any data breach.
FIPS 140-2 validated cryptographic modules are required by law for all US federal agencies that handle sensitive but unclassified information. And other industry verticals are making FIPS 140-2 Level 2 a nonnegotiable item for their backhaul security including financials, healthcare industry, legal services, mobile operators and public safety.
Face it: We live in a more and more insecure world. Whether you are a common carrier, a first responder agency or a multi-site hospital system, your customers have been hyper-sensitized about security and expect you do to everything possible to protect theirs. If you don’t have FIPS-validated security on your backhaul now, they may force it on you later. Get ahead of the curve and look into implementing FIPS solutions today.
For more information on FIPS, download the Aviat Networks primer on FIPS.Read More
In an era of ubiquitous broadband communication at work and home, the issue of security in mobile backhaul is more important than ever. The new generation of LTE wireless technology is an enabler for applications such as mobile commerce, voice over IP (VoIP) and high-definition video delivery to smartphones, but it has also opened some sinkholes in the foundation that pre-LTE architectures and applications have established.
Impact of an Unsecure Mobile Network
Security incidents can have severe consequences for mobile network operators (MNOs). Short-term public relations hiccups can be dealt with, but over the long term, carriers are subject to subscriber churn, which can significantly influence profitability. Softpedia.com cited a study performed by Opinion Matters, whereby it was determined that 75 percent of smartphone users in the UK would likely change mobile providers if a security breach occurred on their current network.
In addition to subscriber churn, MNOs can face litigation and legal problems, especially when a security breach affects enterprise service. The economic impact can be several hundreds of thousands or even millions of dollars. In a report presented by McAfee at the World Economic Forum, it was found that more than half of 600 IT executives surveyed have suffered large-scale incidents that have associated downtime costs of over $6.5 million per day. For more on this topic, see the complete white paper below, which discusses the burgeoning need for security in mobile backhaul in terms of benefits to mobile network operators and society.