Key Security Concept: Dual Control

This blog is a continuation of our key security concept blog series. If you have not already, check out our first blog from this series, which discusses nonrepudiation. In today’s blog, we are going to look at another important, but rarely discussed concept, dual control. Simply put, dual control is defined as requiring two or more employees to carry out a task. The most famous example of this is missile silos. In our nuclear missile silos, there are 2 officers who each have a key and a unique code. When they get the order to fire, they both must enter their key and enter the code before the missile fires. This prevents one user from being malicious and starting a nuclear war. At a minimum, there would have to be two officers that conspire together.

So where do we see this concept in information security? Most commonly in cryptography operations. Sometimes, data is encrypted and protected by a shared key. This is called symmetric encryption (we could probably do an entire blog on that, too). For example, a business has a Los Angeles office that is virtually connected to a San Francisco office. Due to cost constraints of running an actual wire from LA to San Fran, this runs over the already existing Internet. This can be done because all that data is encrypted with a really strong key.

This key will occasionally have to be changed and installed at both offices so the data can be encrypted as it is sent and then decrypted on the other side. However, this key is really sensitive, and perhaps you want more controls in place to ensure a single IT admin can’t just change this key without authorization and steal information in transit. Enter dual control. With dual control, two employees will each know half of the code, password, or whatever else. This way they will both have to enter their password to access or generate this key.

This is obviously not very efficient and can cause a significant amount of overhead, so you should probably only use this in areas that require this level of security. Interestingly enough, some compliance bodies (e.g. PCI) require dual control for the cryptographic keys used to encrypt stored credit card data. In summary, dual control is a term for a control that requires two or more employees to complete a task, access a file, or perform an action. This naturally increases your overhead, so should only be used for highly-sensitive functions, but it is an effective means to reduce the risk of an attack by a malicious insider.