T 4.34 Failure of a cryptomodule

If an encryption module is used for protecting the confidentiality of data worthy of protection, the error-free function of the encryption module is of particular importance. Any failure of such an encryption module used may be attributable to different causes:

• technical defect having adverse effects on the functionality,
• power failure causing the cryptographic keys stored in a volatile manner to be deleted so that the encryption module is no longer able to encrypt properly as a consequence.
• accidental or deliberate destruction due to mechanical impact, improper use, or such like.

The consequential damage caused by the failure of an encryption module may also be manifold. The following must be mentioned in particular in this regard:

• the cryptographic protection of a data transmission route is no longer possible so that the confidentiality cannot be provided for temporarily. This is especially critical if the failure is not noticed and encryption cannot be executed any more due to the malfunction even though the users rely on the cryptographic module to protect the confidentiality of the data.
• encrypted data cannot be decrypted any more as long as the required encryption module is not available. This may give rise to availability issues for IT applications further processing the decrypted data.
• if the encryption module is working faultily without any complete failure, data is encrypted incompletely or incorrectly. In both cases, it is possible that the recipient cannot decrypt the data properly in the event of data transmission and/or the user cannot decrypt the data properly in the event of local data storage. Without corresponding data backups, this may mean a total loss of the data.