Securing critical infrastructures against cyber quantum attacks

04 April 2023

Brian Murgatroyd, chair of ETSI’s TCCE committee

Brian Murgatroyd,
chair of ETSI’s TCCE committee

With the world facing growing challenges including the war in Europe and a global energy crisis, it is essential that the mission and business critical communications networks used by the public safety, critical infrastructure, and utilities sectors (including transportation, electricity, natural gas and water plants) are secured against third-party attacks, to protect communications and sensitive data.

With more than 120 countries using dedicated TETRA (Terrestrial Trunked Radio) networks for these critical services, work has been undertaken to ensure the ETSI TETRA technology standard remains robust in the face of evolving threats. Demand for TETRA technology will continue to increase at a CAGR of 4.7% in the 2021-2026 forecast period, according to Omdia.

To adapt to technology innovations and potential cybersecurity attacks, including from quantum computers, the ETSI technical committee TCCE has completed work on new algorithms designed to secure TETRA networks for at least the next 20 years. These new specifications have been developed in close collaboration with quantum safe cryptography experts from ETSI. This work was carried out with the support of TCCA, the global representative organisation responsible for the enhancement of the TETRA standard.

TETRA is widely used by public safety agencies around the world as, in addition to secure and resilient network communications, it also offers direct peer-to-peer critical communications without the need for a supporting network in situations such as natural disasters and emergencies.

Professional users generally need features to enable them to work effectively. These include secure encrypted networks, calls, and two-way radio messaging, assured coverage and call quality, the ability to send voice, data and images, direct mode operation as mentioned, which allows rapid communications between groups of workers (such as an emergency service response team at a major incident), and managed fall-back for additional resilience. TETRA has characteristics in common with the mobile networks with which we are all familiar but offers the additional features which are required to meet these needs.

By far the largest market for TETRA is that of public safety, where the trend is for the deployment of nationwide networks shared by all public safety organisations for reasons of economics, autonomy of operation for routine communications and the ability to fully interoperate with other services during emergency situations and disasters. TETRA networks are also operational worldwide in many vertical markets including transportation, utilities, oil and gas, mining, government, and the military, commercial and industry, and are deployed for major events such as the Olympic Games.

Communication security is an essential prerequisite for the success of mission critical operations. The protection against eavesdropping and manipulation of voice and data as well as the exclusion of third-party use are therefore indispensable requirements for mission critical communication systems. This is particularly true against the background of increasing cybercrime. TETRA’s security features, developed by mission critical communication experts, are modular and complement each other to meet the security requirements of mission critical applications. They are an integral part of the standard and thus guarantee security even when using devices and infrastructure from different manufacturers.

The TETRA standard supports powerful mutual authentication of a device on the one hand and the network on the other. This makes it possible for a TETRA system to control the access to it and for a device to check if a network can be trusted. In addition, applications enable authentication down to the user level. If a device is lost or stolen it is fundamental in a mission critical environment to exclude this device from using the network. TETRA supports different options for secure disabling over the air. The disabling can be either temporary, which leaves the possibility to enable again or permanent, which is irreversible.

As all air interfaces are vulnerable to eavesdropping, TETRA provides air interface encryption where user and signalling information is encrypted over the path between mobile devices and infrastructure, both for individual and group communications. The air interface encryption mechanism is available for voice and data and direct mode operation. The use of several encryption algorithms, both standard and proprietary, is also supported, and in addition, a user organisation may easily add an end-to-end encryption system to its own requirements. This flexibility is essential and unique in TETRA, which can be implemented in many forms for different user groups.

TETRA networks can operate either completely standalone, i.e., disconnected from the network, or integrated into the user organisation’s communication and IT environment, which enables the use of the protection mechanism of the organisation against cyberattacks and other threats.

The work carried out by ETSI is vital to keep the TETRA cryptography updated with the latest cybersecurity algorithms. This is critical to the variety of sensitive organisations and applications served by TETRA systems. Maintaining TETRA’s outstanding and unrivalled level of security is essential, especially in a continuously evolving and challenging context where new cyber threats are coming not only from isolated cybercrime actors, but from organised hostile countries.

These new air interface encryption algorithms will support TETRA into the foreseeable future. They are designed to withstand brute force attack beyond the year 2040 even if quantum computing becomes a viable means of attack, with new over-the-air key management algorithms and authentication keys to further strengthen the security of the standard.

TETRA is essential to the organisations using it. Its use is tightly integrated in the operational procedures and when organisations want to evolve to critical broadband services those operational procedures will also need to evolve.

Simply switching TETRA off and switching critical broadband on in one go will not be possible, so TETRA and broadband will co-exist for quite some time.