MTS2000des
5B2_BEE00 Czar
The decision to encrypt radio channels was made to ensure the safety of first responders as they operate at dangerous or complex emergency scenes.
So, here is what I just sent the PIO:
Captain Rutledge,
With the decision to encrypt all dispatch and operating (tactical) talkgroups with proprietary ADP encryption, does this not compromise firefighter/responder safety on mutual aid incidents? The United States Department of Homeland Security has released a guideline in late 2013 that strongly recommends only the use of industry standard AES-256 hardware based encryption.
http://www.azpsic.gov/library/links/Guidelines_for_Encryption_in_LMR_Systems.pdf
First, this ensures interoperability with all P25 land mobile subscriber equipment, which allows for agencies including other local, state and Federal users who use different manufacturers of subscriber radio to operate on secure channels/talkgroups.
Second, AES-256 is robust, secure FIPS compliant encryption. The ADP (advanced digital privacy) sold by Motorola Solutions currently used by GCFD is a horribly weak 40 bit cypher which has already been compromised by amateur cryptologists with minimal hardware and software. It is essentially "security through obscurity". Furthermore, the key fill is done by the radio's customer programming software and is easily extractable by trained persons. It is hardly secure and is outright dangerous to rely on it for the purpose of transmitting anything of a sensitive nature.
Third, the decision to encrypt ALL fire communications including dispatch operations gives the appearance that the Gwinnett county fire services does not want the watchful eye of citizens or the media observing the operations. In this modern day and age of social media and a connected society, citizens rely on quick and unfettered access to incidents as they occur.
While some may argue that keeping dispatches in the clear mode allow the "bad guys" to get a head start, the facts and figures do not support the model that unencrypted radio communications hinders responder safety. In many cases, having citizens more aware of incidents allows them to be an asset, an additional set of eyes and ears aiding law enforcement catching suspects, and the media uses this information to get road closures out and also keeps them from calling your communications centers hindering your calltakers and dispatchers' work with questions about ongoing incidents.
The use of encryption in the fire service has proven to be more of a liability during large scale incidents, such as the recent incident in Washington, DC. The DC tunnel incident highlighted exactly how encrypted fire communications impacted a speedy and coordinated response to a mass incident. One of the largest factors that is coming to light was the tremendous delay in personnel reaching the scene, and their inability to communicate while on the scene as a direct result of issues with encryption on the DC FD radio network. As a result of the delays in response, many more were injured, and a civilian casualty resulted.
The recent decision on the part of the DC fire department management was to utilize encryption on all dispatch and operational talkgroups. In the post incident response, the department administration has ceased encryption DCFD communications, as they have learned a valuable lesson on how encryption directly hinders interagency interoperability and increases response time.
I STRONGLY suggest that your command staff review the decision to encrypt all Gwinnett county fire and emergency service radio traffic that utilizes ADP, and should instead consider using industry standard AES-256 encryption. Encryption should ONLY be used for sensitive tactical operations such as SWAT assists, arson investigations, or other security sensitive operations. Routine dispatch and fireground operations should be in the clear mode in the interest of mutual aid response and citizen oversight and accountability.
I encourage you to review the attached link on DHS recommendations on P25 land mobile radio security standards, and also the post incident reports on the DC smoke in tunnel incident, and revise your department's decision to encrypt accordingly.
Respectfully submitted,
Erik M. Bagby
COM-L,
General Class Amateur Radio operator N4XTS