# Encryption at Rest and in Transit
Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a key. Only someone who possesses the correct key can reverse the transformation and recover the original data. Encryption protects data confidentiality: even if an attacker accesses the storage medium or intercepts the network traffic, the data remains unreadable without the key.
Encryption at rest protects data stored on disk: databases, file systems, backup repositories, cloud storage, endpoint hard drives, mobile devices, and removable media. Encryption in transit protects data moving across networks: between a user's browser and a web server, between application components, between data centers, and between an organization and its cloud providers.
Together, encryption at rest and in transit ensure that data is protected in both states it occupies during normal operations. A third state, encryption in use (protecting data while it is being processed in memory), is an emerging capability with technologies like confidential computing, homomorphic encryption, and secure enclaves, but it is not yet widely deployed in production environments.
Encryption is the primary control in the DPS (Data Protection and Sovereignty) domain of the Planetary Defense Model because it functions independently of every other layer. If the network is breached (VSD failure), if the endpoint is compromised (SPH failure), if credentials are stolen (IAT failure), if the threat was not detected (TID failure), the data remains protected if the encryption holds. Encryption is the vault door that still works when every outer wall has fallen.
Symmetric encryption uses a single key for both encryption and decryption. The same key that locks the data unlocks it. Symmetric algorithms are fast and efficient, making them suitable for encrypting large volumes of data.
AES (Advanced Encryption Standard). The dominant symmetric encryption algorithm. AES operates on 128-bit blocks and supports key lengths of 128, 192, and 256 bits. AES-256 (256-bit key) is the standard for sensitive data. AES is approved by NIST (FIPS 197), adopted globally, and has no known practical attacks against the full algorithm with proper implementation. AES replaced DES (Data Encryption Standard) and 3DES, which are deprecated due to insufficient key length and block size.
ChaCha20. An alternative symmetric cipher used in some modern protocols (WireGuard VPN, some TLS implementations). ChaCha20 performs well on hardware that lacks AES-specific instruction sets and is resistant to timing attacks. Google adopted ChaCha20-Poly1305 for TLS on mobile devices where AES hardware acceleration is unavailable.
The operational challenge with symmetric encryption is key distribution: both parties must possess the same secret key. Transmitting the key securely is itself a problem that asymmetric encryption solves.
Asymmetric encryption uses a key pair: a public key (shared openly) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the corresponding private key. This solves the key distribution problem: the public key can be transmitted openly because it can only encrypt, not decrypt.
RSA. The most widely deployed asymmetric algorithm for key exchange and digital signatures. RSA key lengths of 2048 bits are the current minimum; 4096 bits are recommended for long-term protection. RSA's security relies on the computational difficulty of factoring large prime numbers.
Elliptic Curve Cryptography (ECC). Provides equivalent security to RSA with shorter key lengths (a 256-bit ECC key provides security comparable to a 3072-bit RSA key). ECC is faster and more efficient than RSA, making it preferred for resource-constrained environments (mobile devices, IoT) and modern protocols.
Post-quantum considerations. Both RSA and ECC are vulnerable to quantum computing attacks (specifically Shor's algorithm, which can factor large numbers and compute discrete logarithms efficiently on a quantum computer). NIST standardized three post-quantum cryptographic algorithms in 2024: ML-KEM (FIPS 203, key encapsulation), ML-DSA (FIPS 204, digital signatures), and SLH-DSA (FIPS 205, stateless hash-based signatures). Organizations should begin crypto-agility planning: the ability to migrate to post-quantum algorithms when required, without redesigning the entire encryption architecture.
In practice, most encryption systems use both symmetric and asymmetric encryption together. This is hybrid encryption, and it is how TLS (Transport Layer Security) protects data in transit:
Hybrid encryption combines the strengths of both: asymmetric encryption solves key distribution (no pre-shared secret needed), and symmetric encryption provides the speed needed for bulk data transfer.
Full-disk encryption (FDE). Encrypts the entire storage volume. BitLocker (Windows), FileVault (macOS), LUKS (Linux). FDE protects against physical theft: a stolen laptop with FDE enabled yields encrypted data that is unreadable without the boot authentication credential. FDE does not protect against attacks that occur while the system is running and the disk is decrypted (the operating system decrypts transparently for the authenticated user and for any malware running in that user's context).
Database encryption. Transparent Data Encryption (TDE) encrypts database files at rest. The database engine decrypts data transparently when authorized queries execute. TDE protects against unauthorized access to database files (stolen backup, compromised storage) but does not protect against SQL injection or compromised database credentials (the attacker authenticates normally, and the database decrypts data for their queries).
File-level encryption. Individual files or folders are encrypted. Microsoft Information Protection (MIP), VeraCrypt containers, and PGP-encrypted files provide file-level protection. File-level encryption is more granular than FDE (individual files remain encrypted even when the disk is decrypted) but operationally more complex (each file requires key management).
Cloud storage encryption. Cloud providers offer server-side encryption by default (AWS S3, Azure Blob Storage, GCP Cloud Storage all encrypt at rest automatically). The critical question is key management: does the cloud provider manage the key (simplest, least control), does the customer manage the key in the provider's key management service (more control), or does the customer manage the key in their own HSM outside the provider's infrastructure (maximum control, maximum complexity)?
CDA's Sovereign Data Protocol (SDP) position: "Your data lives where you decide. Period." For data classified as Confidential or Restricted, customer-managed keys (BYOK or HYOK) provide the sovereignty guarantee that provider-managed keys do not. If the cloud provider manages the encryption key, the cloud provider can decrypt the data (and could be compelled to do so by a government subpoena in the provider's jurisdiction). Customer-managed keys preserve sovereignty.
TLS 1.3. The current standard for encrypting data in transit over networks. TLS 1.3 (finalized 2018) eliminated vulnerable features from TLS 1.2 (removed RSA key exchange, removed cipher suites with known weaknesses, mandatory forward secrecy). Every internet-facing service should use TLS 1.3. TLS 1.0 and 1.1 are deprecated. TLS 1.2 is acceptable with strong cipher suite configuration but should be migrated to 1.3.
VPN encryption. VPN tunnels encrypt traffic between endpoints using protocols like IPsec or WireGuard. VPN encryption protects data traversing untrusted networks (the internet, public Wi-Fi) by wrapping all traffic in an encrypted tunnel.
Internal network encryption. Zero trust architecture mandates encrypting traffic even on internal networks (NIST SP 800-207). The assumption that internal networks are trusted is obsolete. An attacker who has achieved lateral movement on the internal network can intercept unencrypted internal traffic (credential relays, database queries, file transfers). Encrypting internal traffic (mutual TLS between services, IPsec between network segments) eliminates this exposure.
Email encryption. S/MIME and PGP provide end-to-end email encryption. TLS between mail servers (STARTTLS, MTA-STS) encrypts email in transit between servers but does not provide end-to-end protection (the mail server can read the message). For sensitive communications, end-to-end encryption is required.
Encryption is the DPS control that works when every other layer has failed. If an attacker steals a database backup (VSD failure allowed access, IAT failure allowed authentication, SPH failure allowed the backup server to be reached, TID failure missed the access), the encrypted database backup is useless without the key. Encryption transforms a data breach into a data theft of unreadable material.
This is not theoretical. Organizations with properly implemented encryption at rest that experience data theft face significantly lower regulatory, financial, and reputational consequences. GDPR provides that encrypted personal data that is breached may not require individual notification if the encryption renders the data unintelligible (Article 34(3)(a)). HIPAA's Breach Notification Rule contains a safe harbor for encrypted PHI. Encryption does not prevent breaches. It dramatically reduces their impact.
Encryption is mandated or strongly recommended by every major compliance framework. NIST CSF 2.0 PR.DS (Data Security) includes encryption as a core protective control. PCI DSS 4.0 Requirement 3 mandates encryption of stored cardholder data and Requirement 4 mandates encryption of cardholder data in transit. HIPAA requires encryption of ePHI (the Security Rule's addressable specification that is treated as required by most auditors). ISO 27001 A.8.24 (Use of Cryptography) requires a cryptographic policy. CMMC 2.0 requires encryption of CUI at rest and in transit.
The timeline for quantum computers capable of breaking RSA and ECC is debated (estimates range from 5 to 15 years), but the threat is actionable today because of "harvest now, decrypt later" attacks. Nation-state adversaries are collecting encrypted data today with the intent to decrypt it when quantum computers become available. Data that must remain confidential for more than 10 years (government classified data, long-lived trade secrets, health records) should be protected with post-quantum algorithms now, or at minimum, the organization should have a crypto-agility plan that enables migration when NIST post-quantum standards are widely implemented in commercial products.
Encryption is the foundational control in DPS (Data Protection and Sovereignty). CDA's Sovereign Data Protocol (SDP) treats encryption as the bedrock: "Your data lives where you decide. Period." That sovereignty guarantee is enforced through encryption and key management. If the data is encrypted and you control the key, you control the data regardless of where it physically resides.
Three TOP missions connect directly to encryption:
The historical parallel: Julius Caesar used a substitution cipher to protect military communications 2,000 years ago. The algorithm was simple (a three-position alphabetic shift). The principle was identical to modern encryption: render data unreadable without the key. The Caesar cipher is documented in CDA.Wiki's dedicated article as history's first encryption standard. The principle has not changed. The mathematics have evolved from alphabetic shifts to 256-bit symmetric keys to lattice-based post-quantum algorithms. The domain is the same. The mission is the same.
Word count: 1,954