Two-Way Radio Communications Security
by Jim Gilley

Terrorism is the greatest threat facing humanity in modern times. Many terrorist acts are well planned, and depend on information that, while sensitive, is often easy to obtain. Sensitive information conveyed via two-way radio is vulnerable to interception by terrorists, who will use this information to their advantage.


Secure radio communications are critical
during tactical military operations.

The Need for Communications Security

Two-way radio communications are easy to intercept using inexpensive and widely available consumer electronics. Terrorists are most likely monitoring every message, hoping to obtain information that will help them plan death and destruction. What sort of sensitive information can a terrorist obtain by monitoring two-way radio communications of law enforcement or military operations? Some examples include:

• identity and location of high value targets
• existence and operation of countermeasures
• deployment and alert status of forces
• tactical orders
• strategic plans

Sensitive information such as this requires security.

Achieving Communications Security
Without communications security, terrorists intercept more sensitive information every day. This should encourage immediate action to end the vulnerability. However, overly hasty attempts to provide communications security rarely achieve the desired results. Securing two-way radio communications requires careful and comprehensive planning. Security is a process, not a product. The best way to begin this process is to create a security policy.

A security policy is a document that:

• lists goals, objectives and purpose
• describes the overall system
• defines assets, threats and risks
• presents rules, procedures, standards and controls
• contains contingency plans

Essentially, the security policy documents why security is necessary and how security will be achieved.

One central theme of the security policy is risk: the combination of the likelihood and impact of a specific attack. Another central theme of the security policy is trust: who is trusted and what are they trusted to do.

Although a thorough security policy may be of substantial size, even a relatively simple security policy will be helpful when evaluating two-way radio communications security solutions.

 
A voice security module is installed inside
a portable or mobile two-way radio.

Communications Security Procurement
Once the security policy is complete, the next step is to explore the available options. Decisions typically include:

• upgrade or replace existing system
• determine price of equipment, training and support
• estimate time frame to complete all tasks
• identify qualified vendors
• select appropriate products

Funding often precludes replacing an entire two-way radio system, but even a small budget is usually adequate to upgrade the existing system while still achieving the objectives of the security policy. For system upgrades, the total cost should include not only the equipment cost, but also the cost of installation, training and support. Try to choose a vendor that is capable of providing all of these as a package.

Vendor qualification is critically Important in choosing two-way radio communications security solutions. Many solutions are based on proprietary technology, forcing the customer to rely on the trustworthiness of the vendor. Ideally, security equipment should be designed to published standards and tested for security compliance by an independent lab. At a minimum, the vendor should have a well-established reputation of trustworthiness with a broad base of customers. Additionally, make certain the vendor is willing and able to supply the necessary training, since a lack of training usually compromises security. Post-sale product support is also essential, since few complex systems will be without some initial issues that require vendor assistance.

Maintaining Communications Security
No matter how well-designed a system is, it is only as secure as the end-users allow it to be. All secure systems require proper management and vigilance.

Examples of actions necessary to maintain genuine security include: changing keys prior to their expiration

• conducting periodic security audits
• properly screening trusted personnel
• practicing the contingency plan
• updating the security policy as circumstances require

Conclusion
Securing two-way radio communications is a process that requires planning and preparation. A security policy forms the foundation on which communications security is based. Careful research into the available options will produce a short list of suitable vendors and products. A qualified vendor can evaluate the security policy and the radio system, then recommend an appropriate solution. Furthermore, the right vendor will provide user training and post-sale product support, ensuring that the system meets its security objectives, both now and in the future.

Two-way radio is an important weapon in the war on terror; however, unless the inherent vulnerability to interception is secured, two-way radio may very well aid terrorists rather than defeat them. Fortunately, potent two-way radio communications security is readily obtainable and affordable.