Ciena 6500 first optical platform to achieve FIPS 140-2 Level 3 encryption certification
Pictured above, Ciena’s optical encryption expert Patrick Scully with our optical encryption module for the Ciena 6500 platform.
Just when it seemed the buzz around the need for improved data and cyber security couldn’t get any louder, another major breach has made the headlines. Clearly, today’s security landscape requires a multi-layered approach to threat prevention and detection.
One key security component is encryption, and encryption at the optical layer during transport provides a strong and effective safeguard. With more data moving to the cloud and between data centers, encrypting sensitive and mission-critical data while ‘in-flight’ is critical to an overall data security plan.
Source: 2015 Global Encryption & Key Management Trends Study, Ponemon Research, April 2015
Encrypting that in-flight data is now easier than ever thanks to Ciena’s Federal Information Processing Standard (FIPS) 140-2 Level 3 certified wire-speed optical encryption solution. The solution comes in the form of an Optical Transponder (OTR) card for the Ciena 6500 Packet-Optical Platform, so no separate device is required.
This high-capacity encryption module has just received certification as FIPS 140-2 Level 3 compliant, and has been validated by the National Institute of Standards and Technology (NIST).
This makes Ciena’s optical encryption module the industry’s first FIPS 140-2 Level 3 solution that is integrated into a transport platform. Customers such as Forsythe Data Centers are already using this encryption solution in their networks (see Ciena Selected to Connect New Forsythe Data Centers’ Chicago Facility).
FIPS 140-2 Level 3 compliance: A higher standard
FIPS certification can be achieved at several levels. For example, Level 1 provides basic security for a cryptographic module, while Level 2 requires physical security of the encryption module (“the clamshell”) and the ability to detect tampering through methods such as tamper-evident seals.
Level 3 compliance adds further physical security and detection requirements, as well as measures to prevent access to sensitive information and encryption keys in the module. If Ciena’s encryption module is tampered with, all critical security data is immediately erased upon detection of any physical tampering, even when the card is not plugged into the shelf. This added level of security guards against the undetected modification of the cryptographic module.
FIPS 140-2 Level 3 approval allows the 6500 module to be more widely deployed by U.S. and Canadian government agencies, and several of those agencies will be in attendance this week at the AFCEA Defensive Cyber Operations Symposium in Baltimore, MD. Ciena’s booth will feature a live demonstration of the encryption module as well as a glimpse of the future of wavelength encryption capabilities.
Why encrypt at the optical layer?
Encrypting in-flight traffic doesn’t have to be done at the optical layer, but there are distinct advantages over other encryption options such as routing layer encryption.
- Encrypting at higher layers can contribute significant amounts of latency. Ciena’s optical encryption module is very low latency and can encrypt at wire-speed
- The traditional operational model for deploying encryption solutions is cumbersome and costly, often requiring standalone encryption devices for individual traffic streams specific to the protocol involved. Conversely, Ciena’s optical encryption module is protocol agnostic and uses industry-standard OTN framing.
- Complexity of the network and encryption management is increased with higher-layer encryption, with more devices to manage and complex encryption key management.