DHS adds encryption requirements to responder radio equipment
To ensure that first responders have secure interoperability for their communications, the Department of Homeland Security announced that radio equipment requiring encryption must use Advanced Encryption Standard (AES) 256.
Equipment that uses proprietary or other non-standard encryption capabilities without also providing AES 256 capability no longer meets the requirement specified in the Project 25 Compliance Assessment Program Encryption Requirements Compliance Assessment Bulletin (CAB), DHS said.
Project 25 is a nearly 30-year-old effort to develop standards that would let police, firefighters and other first responders communicate across departmental and jurisdictional lines using equipment from various manufacturers.
This change in the Project 25 Compliance Assessment Program (P25 CAP) listing of grant-eligible radio equipment will help ensure that responders from different jurisdictions can communicate securely and successfully, regardless of the brand of equipment used.
“Previously, encryption standards were not part of the initial P25 compliance requirements,” said P25 CAP Program Manager Sridhar Kowdley. “However, the proliferation of proprietary and non-standard encryption capabilities has made it necessary to ensure that a standard form of encryption is available for responders.”
The P25 CAP Advisory Panel has been reviewing this issue for many months, DHS said, and identified AES 256 encryption as the approved published encryption standard with the broadest support across all levels of law enforcement.
Radio equipment manufacturers must now meet the Encryption Requirements CAB to have ‘fully compliant’ status on the approved equipment List, which applies to equipment purchased with federal funds. The P25 website includes a list of fully compliant products, as well as a list of equipment that has been tested to the P25 CAP requirements but has been found to be non-compliant with the new P25 CAP Encryption CAB.
“Not everyone needs encryption capabilities,” Kowdley said. “But for those that do, they need to be able to communicate with others in an encrypted mode using the same standards-based encryption.”
Connect with the GCN staff on Twitter @GCNtech.