Since its inception, one of the major tenets of the Project 25 Compliance Assessment Program (P25 CAP) is to provide increased interoperability for first responders. During a mutual aid scenario, it is essential that first responders from different jurisdictions using subscribers from different vendors use the standards-based tested and approved encryption algorithm to ensure successful and secure communications. Unfortunately, the spread of non-standard encryption in the land mobile radio environment has threatened this goal.

The P25 CAP requires the standards-based P25 Advanced Encryption Standard (AES) encryption be used if a radio requires encryption. Additionally, P25 CAP interoperability testing must be done with three different subscribers using the Standards-based P25 AES encryption to ensure interoperability.

AES 256 is the approved published encryption standard and has the broadest support across all levels of law enforcement. It is more secure and meets federal standards as compared to other algorithms (e.g., 40-bit encryption).  AES 256 is defined for P25 in the TIA-102.AAAD Block Encryption Protocol document, originally published in July 2002, and is endorsed by the P25 Steering Committee and SAFECOM.  Additionally, the Federal Communications Commission has specified the AES 256 encryption algorithm as the only encryption algorithm to be used when operating on the 700 MHz channels.

Thus, based on its widespread acceptance and endorsement, AES 256 is the encryption algorithm for P25 secure interoperable communications.

Issues are periodically raised by the stakeholder community, one such issue was the use of non-standard encryption and its impact on interoperability.  The P25 CAP Advisory Panel (AP) deliberated over many months concerning the widespread use of P25 CAP subscriber units with non-standard encryption algorithms that lack access to the P25 Standard AES 256 encryption. First responders with radios that feature incompatible, proprietary, and untested algorithms do not meet interoperability criteria; create a safety issue; and may result in mission failure. However, if a subscriber unit would provide users access to both the standards-based and the non-standards based encryption, users can then always revert to the standards-based encryption during a mutual aid scenario or situations where users have different subscriber vendors/models.

The P25 CAP Advisory Panel (AP) and Department of Homeland Security’s Office for Interoperability and Compatibility (DHS OIC) want to improve secure communications interoperability between federal, state, and local agencies and ensure access to the appropriate encryption algorithm.

To this end, OIC has issued a draft Compliance Assessment Bulletin (CAB) to update the P25 CAP equipment approval process such that if a state or local agency needs encryption and chooses P25 CAP-approved equipment (posted on the Approved (Grant Eligible) List), they can be assured that the subscriber unit includes user access to the AES 256 encryption algorithm. The CAB offers the P25 CAP AP’s suggested resolution, which recommends DHS OIC take actions to stop the practice of manufacturers providing subscriber units with a non-P25 standard encryption without also including P25 standard AES 256 encryption. Further, the CAB outlines a remediation process that begins with asking manufacturers to provide a path for public safety users to add AES 256 to fielded P25 subscriber units that are now only equipped with non-P25 standard encryption. Specifically, this action should be taken for equipment bought with federal grants and those equipment purchases intended to be P25 CAP Approved equipment. The CAB is posted to the DHS P25 CAP website for public comment through January 25, 2017.

The P25 CAP website contains the latest information about the P25 CAP updates, including additional CABs.

Sridhar Kowdley is the P25 CAP Program Manager, Department of Homeland Security Science and Technology Directorate.