It is commonly believed that optical fibres are much safer than copper infrastructure as they do not radiate and, in consequence, they are considered to be more resistant to tapping. Unfortunately, it is not true.
Research findings in the last few years have shown that optical fibres can easily be tapped. In consequence, more and more companies, in particular, financial and government institutions place a lot more emphasis on data security, including the data that is transported over optical systems. One of the major priorities for network administrators is to build safe and secure networks, in the meaning of their reliability. Thus, they use the wavelength multiplexing technology, build independent optical paths and implement automatic methods of switching transmission to backup paths in order to provide high data availability in case of failure of a single fibre or device. There appears a question of whether in our rush for a larger capacity, shorter switching time and larger availability we have not forgotten about data security in the meaning of its confidentiality and integrity.
Nowadays, cyberattacks are a threat to all enterprises. An optical fibre can be tapped and confidential information revealed with the use of relatively easy to access tools. It means that having optical fibres does not guarantee data security. However, with the help of encryption methods that have previously been used by military and intelligence forces, it is possible to secure sensitive data.
When we get involved into the subject, we have to face a number of significant challenges.
First, data encryption must be done without information loss, it must be transparent and enable full capacity. We cannot forget about keeping latency low, which is of primary importance to the financial sector.
Second, we have to comply with the law that regulates the aspect of sensitive data security. Third, how to integrate all this into the existing infrastructure without replacing links or devices that have already been working in it?
If a given solution is to provide a high level of security in a fibre optic infrastructure, it must include both cryptographic security of data transmission, a firewall, secure network management protocols and the monitoring of optical fibre parameters. Only the joint combination of the above elements will allow us to provide three critical security functions:
- Confidentiality – the protection of information against unauthorised disclosure,
- Data integrity – the assurance that the data has not been modified in any way,
- Authorisation – the confirmation that the parties involved are the ones they claim to be.
It is also necessary to provide network administrators with an intermittent information on optical fibre parameters, as their rapid degradation may indicate that a fibre tapping has been installed. Thus, the security of the first layer is the key part of the total cyber security solution. Taking into account the above requirements and complementing them with specific policies and standards, we receive a set of recommendations for an encrypting platform. Among these are: the layer-1 encryption at least with a key of 256bit (GCM-AES-256), the compliance with NIST FIPS 140-2 and NSA Suite B standards, the support of the following protocols: 1/10/40/100Gb Ethernet, 4/8/16/32G Fibre Channel, and OTU2/3/4.
So, what kind of solution do you need to secure your data?
- Do you wish to build an xWDM network with data encryption from scratch?
- Do you need to encrypt your data and transport it over the existing xWDM network?
- Or maybe you need to build a secure point to point connection?