As part of the security procedures for the DNC in Denver the police department changed their radio system (at what I am guessing was a great expense) to use ESK (Edacs system key.) This is a “security” measure that adds encryption to the digital control channel for Edacs systems. It is supposed to prevent eavesdropping and interference. The audio transmissions are still in the clear–all this does is make older trunking scanners less useful, newer models work fine, and how it prevents someone from jamming the data channel or even breaking into a transmission once it is started is a mystery to me!
You can still listen in at scanamerica since they have a newer ESK capable scanner (I just donated to them–if you use it you should too.) Alternatively Uniden is releasing an update to their BCD396T scanner that understands ESK. Of course you can still use your old-school scanner to listen too, but it sounds a bit messy and you no longer get the calling station identifier, it is also a lot less likely that you will be able to follow a full conversation if there is more than one conversation happening at once.
It was late last night when I wrote this post, and have some time to think. So, suppose there was a credible threat that someone might want to get on the Edacs system and use misinformation to redirect the police. The timing for greatest negative impact would have to be during a large internationally covered event, such as the DNC. The only protection that changing to ESK buys is a little bit of time. If an attacker is prepared, has researched the system and planned an attack, he or she would be thwarted for a few days by changing to ESK unexpectedly. It takes time to get updated hardware–maybe a couple of days for an informed and funded attacker; longer for the less informed and funded. This change successfully stops the teenager that found a police radio at a garage sale, but is that who we are really worried about?
After thinking about it, the move, while pretty weak as a long-term tactic, is quite smart because by timing it correctly it maximizes the strategic value of a weak protection when the impact of an event is highest. It is real easy for many security professionals to get caught into the black and white thinking that pervades the academic side of security. But in the real world, sometimes you have to settle–this is a good example of how the value of a weak security control can be maximized. I am not advocating the use of weak controls! I am just saying that sometimes you have to make do with what you have.