Interoperability standards for information technology security

Secure Chorus assists with the understanding of these issues - and framing a response to them - by providing a platform for government-industry collaboration in the field of secure information technology. Secure Chorus is a not-for-profit membership organisation serving the cyber security sector, with the dual mission of providing thought leadership to the user communities across sectors, while at the same time developing common technology standards and advancing product design based on its standards to assist with providing the global digital economy with baseline security in the field of information technology.

Central to the Secure Chorus philosophy is the issue that to address data security requirements effectively at an enterprise level, vendors need to offer information technology solutions that are secure, regulatory-compliant and interoperable, while also being user-friendly.

Mikey-Sakke cryptography standard

Secure Chorus' members are able to meet such requirements, as their products contain Mikey-Sakke, an innovative open cryptography standard that uses an identity-based approach to key management. This identity-based public key (IDPK) cryptography approach provides the following benefits:

• Data security. This is achieved with end-to-end encryption to ensure that any data processing activity can be undertaken without compromising data security;
• Data ownership. This type of cryptography includes a Key Management Server (KMS), giving the user full control of system security. This is important, as regulators will increasingly require access to an enterprise's data. For example, subject access requests under GDPR; and
• Scale. Identity-based public key cryptography does not require expensive and complex support infrastructure for distributing credentials, allowing for at-scale implementation.

Mikey-Sakke has been developed by the CESG, now part of the National Cyber Security Centre (NCSC), the UK's authority for cyber security. Mikey-Sakke has received endorsement at global level, standardised by the Internet Engineering Task Force (IEFT) and approved by the 3rd Generation Partnership Project (3GPP), the body responsible for standardising mobile communications for use in mission-critical applications, including fire and rescue services and emergency medical services.

Interoperability standards

As Mikey-Sakke is an open cryptography standard, Secure Chorus and its members have been able to develop interoperability standards to ensure that products can work with other products and systems implementing this technology.

Secure Chorus has identified the increasing need across user communities for interoperable secure information technology solutions. Many organisations rely on a mixture of data processing and multimedia communication systems and solutions, sometimes referred to as 'heterogeneous computing environments.'

Even if they have a homogeneous internal computing environment, users are faced with heterogeneity outside their organisation's security perimeter. Security gaps created by non-interoperable systems present a major challenge in terms of data security. The issue of interoperability becomes increasingly important to maintain effective intra- and inter-organisational data security. Further benefits of Interoperability include:

• Reduction in operational cost and complexity. Customers will continue to have internal and external mixed security environments. The ability for these technologies to interoperate reduces the cost of building and supporting a heterogeneous infrastructure.
• Provision of best-of-breed deployments. Users may have security requirements that can only be delivered with specific solutions or platforms. However, these specific solutions often need to work with the other solutions in use within the security perimeter or beyond.

Secure Chorus' vision is to break away from 'vendor lock-in' and move towards an ecosystem of interoperable secure information technology products. This proprietary 'lock-in' creates end-user dependency on specific systems and vendors, while increasing the risk of unsafe information sharing, as third parties step out of their organisation's islands of secure communication.

Multi-stakeholder co-operation

As the global digital environment comes under strain due to cyber-attacks, there is a requirement for greater multi-stakeholder co-operation. Secure Chorus is fostering this collaboration with its Thought Leadership Platform (TLP) that provides free knowledge in the field of information security to user communities from private and public sectors.

Secure Chorus and its members' community are also at the forefront of cryptography innovation. With the growth of quantum computer technology, current cryptography algorithms are under greater threat. In response, Secure Chorus has announced it will work with leaders in quantum-resistant cryptography, adopting a Post-Quantum Identity Based Crypto Scheme to update Secure Chorus's current cryptography standard of choice.

From its origins in 2012 as an industry-led working group, as of 2016 Secure Chorus has evolved into a not-for-profit membership organisation for the advancement of secure regulatory compliant and interoperable information technologies based on common standards. To do so they have brought together organisations from around the world, including representation from government, public and private sector, academic institutions, regulators and trade associations.

Alongside its membership made up of major telecommunication, defence and national security, as well as system integrator organisations, Secure Chorus has welcomed technology start-ups. Secure Chorus has increased the discussion about forward-looking strategies, common standards and tangible capabilities to provide the global digital economy with much-needed security baselines for secure information technology, while becoming recognised as a community of thought leaders that are committed to supporting user communities across sectors through its Thought Leadership Platform. Founding members include the National Cyber Security Centre, which is part of the Government Communications Headquarters (GCHQ), as well as major global industry players such as Vodafone, Telefonica, BAE Systems Leonardo and Sepura. Technology innovators include Cryptify, Armour Communications, SQR Systems, ISARA Corporation and Serbus. It has also welcomed in an observer capacity CSIT (Queen's University Belfast), University College London and techUK.

The National Cyber Security Centre (NCSC), a government member of Secure Chorus since December 2017, commented: "As part of its remit to make the UK the safest place to live in and do business online, the NCSC is always seeking to raise the standard of defences by developing measures that secure our digital services and protect the UK at scale. The NCSC recognises and supports the role Secure Chorus is playing to contribute to the development of a safer UK digital economy, which is one of the reasons it has joined the group."

For more information about Secure Chorus and its work, go to https://www.securechorus.org.