I used to work for a company that required us to remove any proprietary data from our laptop hard drive prior to traveling to some countries overseas. I didn’t know if it was because they could secretly access my hard drive as soon as I passed through immigration, or maybe a government-run internet meant any foreign user access would be monitored, recorded, and analyzed! I didn’t understand the multitude of threats to data security, which also includes backdoors designed into untrusted hardware that can lie dormant until triggered by an outside force. At the time, I did not have access to classified or top secret data, as I was working for a commercial company, but imagine if I did have high value data. What if a backdoor was triggered once I logged onto an unsecure foreign network? What if that backdoor initiated a complete download of my hard drive without my knowledge? All because my employer trusted a commercial SSD without strict supply chain management of foreign-made components.
What is the NSA hiding from us??? Hopefully all classified, secret and top secret data!
As part of their recent initiative to leverage commercial technologies in a sophisticated layered approach, the NSA is enabling an alternative to traditional Type 1 security solutions for the protection of data up to the Top Secret level. By adopting these agile commercial innovations, the Commercial Solutions for Classified (CSfC) Program will save time and money for classified programs in all branches of government — from benign data centers to forward-deployed systems in harsh, unsecure environments. While I discuss the CSfC program in this blog post, the CSfC program’s website is the ultimate authority for up to date information.
Have you ever forgotten your password for your work laptop and had to go to your IT guy for help to reset it? Imagine if it was that easy when the data on the hard drive was classified or top secret.
Commercial SSDs use basic ATA password to access drive data. Military and government applications require higher security and therefore basic ATA passwords must be strengthened and sophisticated key management techniques employed. Self-encrypting drives allow for up to 32 character passwords while Mercury drives 64 characters. One technique is to condition the password. By this you can create a unique suffix to the end of a password that changes with each log-in, making the password impossible to hack.
In my introduction to military grade SSDs I conjured an image from a familiar movie of a data recorder destroyed by internal combustion to remove evidence of high value data. While the end result is the same, the implementation of self-destruct in the real world can be a bit different than in Hollywood. In military-grade solid state drives, self-destruction of data or a data storage device happens through sophisticated non-thermal events. Advanced algorithms are used to erase encryption keys, non-volatile NAND flash memory, and controller firmware. Other mechanisms can be employed to wipe the drive by high powered magnetic exposure. In these scenarios the data and device will be rendered useless with no chance of reverse engineering, but no flames or bodily harm will ensue. Read More
The Engineers in Mercury’s SMP department have been adding to Mercury’s many capabilities and offerings on both Mercury’s 6U and 3U product lines. I will be featuring some of these over the next few weeks and months to show the commitment and ingenuity that our engineers have for our customers’ needs. One of these capabilities is the availability of Hypervisor. Development, Quality and Test Engineers have been looking for this type of capability on these platforms for a long time. With this product, you are able to control the level of security, isolation, authentication and protection to critical software, hardware and components within your system. You determine what level, depending on your or your customer’s needs. Read More