Security level 2


Transmission data protection is the description of the security used for the communication of the data. 

This can be Tranmission Layer Protocol (TLP) when considering two or more systems communicating directly communicating with each other over the internet, and securing the communication itself by means of encryption and decryption on either end. 

Other means can be by using (other) VPN technologies, where usually an encryption layer between devices and applications running VPN-type services and applications are being used. 

Public operators such as Internet Services Providers, Mobile Operators, ... in most cases use encryption technologies to protect the data transmssion over the public network, when providing specific business to business services. In 3G, 4G and the up and coming 5G mobile data provisioning transmission data protection has been enabled.

However, operators and platform providers should assure themselves about which transmission data has been facilitated, or should require a security baseline for it. Additionally, digital platform can start providing transmission security as part of the platform. This will be especially necessary when working with edge devices transmitting and cloud platforms receiving data. 

Transmission data protection should also be considered for machines and equipment on site, or nearby. Many robot instructions and  their commands for instance, are being transmitted  in clear text. Many technologies exist today to prevent this from happening, even at high speeds.

The tranmission data itself should also be protected and prevented from leaking. The transmission data can also be used as a control protocol, checking the transmission for arrival and audit. 

Following a risk analysis, and upon the choice of a risk framework and definition of security policies, a password policy can be derived. 

The password policy is to be set up by organizations, both end user organizations manufacturers and digital platform and system providers.

Password policies should at least include :
- strong passwords or passphrases
- users to regularly update their passwords
- advise the use of multifactor (use an additional authentication device)

Digital Platform providers should provide a mechanism for single sign on or federated authentication, allowing for passwords not to be stored into the platform itself, but by accepting tokens from third party suppliers. 

 

Physical Security refers to the part of physical access control, borders, gates, identity verfication, passport control, manned guard services, videosurveillance, biometrics and related components. Physical security also considers physical attacks such as terrorist and criminal attacks, fire and water challenges. 

 

Multi-factor authentication describes the necessity for using more than 1 token as a proof of identity. As an example, when a user logs on to to a digital platform the basic means of authentication are user name and password. 

In addition to the password (single authentication), the user can be asked for a physical token (RFID-key, ID-card, ...). This can also be a mobile phone, an authenticator app token, a SecurID or Digipass token, or biometric (fingerprint, facial recognition, ...) elements.

In security terminology this related to the concept on assuring someone's identity by something the user knows (password) and something he/she has (physical token). Additional layers can be built into this concept in order to further improve and strenghten the security levels. 

When proving someone's identity at the front gate on the basis of an ID-card, Driver License or verifiable photo-ID, it can be enhanced with a log into the system that the person has reached the premise. With his personal RFID-token, he will be able to access his office. Meanwhile video surveillance camera's might have identified him in the building. Finally when logging on to his system on the network, he can be asked for an authentication code coming from his company mobile phone. 

These additional levels of authentication harden the security and can be continuously expanded, depending on the security levels required.