Increasing cases of cyber-attacks have been reported over the recent few years. This is due to the continued growth and development of the information and telecommunication sector which in turn, has allowed millions of people across the globe to have access to the internet and to smart devices. These attacks are not only directed towards individuals but also towards prominent institutions such as the banks, military, and hospitals, that handle sensitive information (Chigozie-Okwum, Michael & Ugboaja, 2017) . As recently as 2015 the OPM database was hacked, with negative effects on more than 22 million people (Nakashima, 2015). The hackers in this particular case managed to get access to the U.S. government databases containing security clearing files and personal records of millions of people. Since then, those affected have reported instances of being threatened with blackmail, with some being asked to give vast sums of money in exchange for their confidential information (Fonseca & Rosen, 2017) . To avoid such instances of cyber-attacks, it is significant that institutions such as the military apply effective measures of information protection such as the use of the encryption mechanisms. These mechanisms guarantee the safeties of the data stored and exchanged over the internet, in that even if the hackers have access to such files, they are not able to read them. This paper focuses on the practical systems which could be applied to protect sensitive military information like the PII of military personnel.
In developing a secure encryption system, it is worthwhile first to note the kind of information that must be protected. Personnel records that must be encrypted include all personal information belonging to military employees. This includes their medical history reports, their bank account numbers and transaction reports, family members identities, educational background information, and their secret mission assignment reports (Chigozie-Okwum et al., 2017) . Other information that must be encrypted includes the military’s future missions and weaponry data records. This information should be secured using the Advanced Encryption Standard (AES) algorithm because it’s impervious to attacks, having proven reliable in many organisations across the US. This falls under symmetric key encryption, most widely applied in protecting top secret military information. The AES constitutes of three block cyphers AES-192, 128, and 256, which can individually safeguard sensitive information. This system shall use a key length of 256 (Gueron et al., 2017) . This will make it hard for hackers to crack it and therefore, denying them the opportunity to access top secret military information.
Delegate your assignment to our experts and they will do the rest.
The security of the keys is vital in securing and attaining the overall goal of inhibiting illegal sensitive information access. To ensure that these essentials are secure, they will be encrypted and the key- encrypting the keys protected by restricting access. By allowing few specific officers to have access to the key-encrypting keys, chances of information loss will significantly be reduced. In this case, apart from efficiently tracing the steps of the hackers, it gives the security specialists the opportunity to identify internal threats which might include officials with allowed access to the keys (Chigozie-Okwum et al., 2017; Fonseca & Rosen, 2017) . For example, if the army major general and his or her deputy are the only individuals with access to the keys, and it emerges that these keys were shared to the hackers, then these two individuals shall be held responsible. Of significance to note is that all hackers targeting military organisations are majorly linked to terror groups or other rivalry countries. Therefore, in case the hackers manage to access the information, the nation under attack risks being attacked and thus, the need for extra vigilance in protecting the keys.
The storage of the keys is another vital process that determines the security of the top-secret information. The current high-tech innovations such as cloud computing have proven to be a secure and most effective place for organisations to store their data. Therefore, in this particular case, the keys shall be stored at the clouds and access given to only the senior most military official, who shall set a password that shall be only known to himself or herself. The password shall be updated after every two weeks to reduce chances of hackers cracking it. Aside from that, the encryption keys can also be secured using encryption systems that only the allowed individuals shall have access.
The fact that an individual who would have had access to these keys could lose their computers to hackers or any such other cyber criminals, requires the establishment of extra-protective mechanisms to guarantee the safety of the stored data (Fonseca & Rosen, 2017) . Here, the networks will be installed on a system that will automatically shut down and block any login attempts exceeding two attempts. However, in case the hacker manages to gain entry, then he or she must enter the unique password known to only a few of the individuals in the military. Equally, there shall be just one allowed attempt for employees on any document, after which the said document shall lock itself, requiring the user to request for another password known only by the designer of the system in order to proceed with using it. This unique feature shall ensure that even if a person who has access to the system goes rogue, then there still, will be enough time for the situation to be kept from going out of hand.
While the information is being shared from one department to another through the internet, there shall be a mechanism that shall protect that information. To note is that during such transfer is when hackers get better opportunities to still information in case an organisation fails to secure their data efficiently. Therefore, encryption techniques such as hashing, symmetric, and asymmetric methods shall be applied to ensure the safety of these documents while being transferred using the internet.
Policy and Process Related Controls
Access to encryption keys
Individuals with access to the encryption keys shall be held responsible in case it comes out that such keys are given to the hackers.
Passwords
Passwords for sensitive documents and computers must be updated after every two weeks, failure to do that shall attract heavy punishments and fines. Also, password login attempts shall be limited to only one attempt, after which the documents shall lock, and just the system builder shall be able to unlock them. Members allowed access to those passwords should therefore never forget them.
Protection of computers
All computers containing sensitive information must be kept safe at the military base to avoid being stolen and subjecting confidential data at risk.
In conclusion, encryption of top-secret documents is a vital process that must be undertaken seriously by all organisations dealing with sensitive information. Such information includes personal and institutional information which when unlawfully accessed brings about unwanted consequences such as terrorism and blackmailing cases. Therefore, these security mechanisms guarantee the safeties of the data stored and exchanged over the internet, in that even if the hackers have access to such files, they are not able to read them.
References
Chigozie-Okwum, C. C., Michael, D. O., & Ugboaja, S. G. (2017). Computer forensics investigation; implications for improved cyber security in Nigeria. AFRREV STECH: An International Journal of Science and Technology , 6 (1), 59–73. https://doi.org/10.4314/stech.v6i1.5
Fonseca, B., & Rosen, J. D. (2017). Cybersecurity in the US: Major Trends and Challenges. In the New US Security Agenda (pp. 87–106). Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-50194-9_4
Gueron, S., Feghali, W. K., Gopal, V., Makaram, R., Dixon, M. G., Chennupaty, S., & Kounavis, M. E. (2017). 9634828 .
Nakashima, E. (2015). Hacks of OPM databases compromised 22.1 million people, federal authorities say. The Washington Post. Retrieved from https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/?utm_term=.43b7b874f8fc
