In defense of data

Today’s secure storage technologies help deliver mission-critical information in the hands of awaiting defense and aerospace personnel, while maintaining various levels of data security.

BY Courtney E. Howard

Battles increasingly are fought with information—with bits and bytes, rather than with bullets. Competitive advantages are gained by the abilities not only to tap into the stored data of adversaries, but also to protect and defend one’s own data storage. In this new kind of information warfare, offensive tactics most often are classified, yet defensive approaches are the subject of much discussion, debate, and attention.

Data at rest

Defense and aerospace organizations must secure data in transit (DIT), that which is being transmitted or communicated, and data at rest (DAR), which is being stored. “Protecting classified data at rest is a complex issue,” admits Shubhagat Gangopadhyay, director of business development at Curtiss-Wright Controls Embedded Computing in Ashburn, Va.

“Broadly speaking, there are really two ways to secure data storage: by removing the memory from its unsecure environment [where it is being used] to a secure location [such as under lock and key] or encrypting the data such that risk of compromise is vanishingly zero,” Gangopadhyay continues. “In situations where there are potentially hundreds of memory devices to be managed (e.g., a tactical deployment by the Army), the burden of physically securing every bit of unencrypted classified data is logistically cumbersome, thus increasing the risk of compromise.”

Encryption of data in transit has been around for decades, but the application of encryption technology for DAR is relatively new and “brought on by huge capacities that can no longer be destroyed or wiped in a timely manner,” notes Thomas Bohman, senior product manager at Curtiss-Wright Controls Electronic Systems in Santa Clarita, Calif.

“In the past year, there has been a significant increase in demand for mil-aero systems with data storage encryption, as well as rugged, high-speed, high-capacity characteristics,” Bohman adds. “With encryption, only the small key and authentication data needs to be purged to render the data useless to adversaries that capture the storage device.”

Lockheed Martin Aeronautics selected Curtiss-Wright’s Vortex Compact Network Storage (CNS) subsystems for the C-130J Super Hercules airlifter program.

Encryption explained

Developing and certifying the technology and policies for encryption of U.S. Department of Defense (DOD) classified data is managed by the National Security Agency (NSA), Gangopadhyay explains. The NSA National Information Assurance Glossary, defines and certifies four levels of encryption products and keys: Types 1 through 4. Type 1 product is defined as: “cryptographic equipment, assembly, or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed; developed using established NSA business processes and containing NSA-approved algorithms; and used to protect systems requiring the most stringent protection mechanisms.”

“For large deployments, the cost of such encrypted devices makes it cost-prohibitive,” Gangopadhyay laments. “Additionally, the certification process can be quite long, sometimes resulting in the underlying technol- ogy becoming obsolete prior to the completion of certification.” Type 1 certification is considered a rigorous process in which myriad elements—cryptographic security, functional security, tamper resistance, emissions security (EMSEC/TEMPEST), and security of product manufacturing and distribution processes—are tested and formally analyzed.

NSA officials also define two suites of security algorithms: Suite A and Suite B. Suite A encryption, used for highly sensitive, national-security information, refers to “a specific set of classified cryptographic algorithms used for the protection of some categories of restricted mission-critical information,” according to the National Information Assurance Glossary. Suite B, applied to a majority of data and devices, is “a specific set of cryptographic algorithms suitable for protecting classified and unclassified national-security systems and information throughout the U.S. government and to support interoperability with allies and coalition partners.”

Security guidelines, procedures, and certifications help secure stored data and information at various classification levels. Yet, the growing implementation of commercial off-the-shelf (COTS) devices and systems in mil-aero applications is exacerbating the secure data storage challenge.

COTS conundrum

Defense organizations are increasing ly adopting COTS solutions, such as computer tablets, which is driving the need for a layered approach to securing stored information.

“In the current environment of DOD fiscal austerity, and for devices where technology is experiencing rapid technological change, such as solid-state memory, we see a trend toward using commercial solutions for tactical classified data,” Gangopadhyay says, “especially if the data gets stale in a relatively short time and the encryption technology is based on Suite B cryptography. By using a layered approach toward securing the memory, such technologies can be used for data up to Secret.”

“In the commercial world, several schemes have been developed and are available to meet data security requirements,” Gangopadhyay says. Seagate Technology in Cupertino, Calif., offers several lines of self- encrypting hard drives, for example.

The general trend is that for high-volume and lower-level security needs, techniques based on commercial technology are deemed “good enough,” Gangopadhyay explains. For applications on aircraft or spacecraft, where there is a threat of falling into an enemy’s territory or the data is of high value, more robust techniques will be used. “Therefore, the trend going forward is to split the data storage security into two realms: the lower level based on commercial solutions but with certain additional augmentations, and a higher level.

“The ‘good enough’ solution for securing classified data is an interesting challenge,” Gangopadhyay admits. The encryption part is often straightforward, given that most commercial solutions use a SATA controller with built-in AES-256 (256-bit Advanced Encryption Standard). “The real work is to figure out the key management aspect of deployment, including authentication and key recovery—features that are not always available in a commercial solution. The other part is to put in one or more additional layers of security beyond what is available commercially, making the solution suitable for data up to the Secret level.”

Solving security challenges

The increased use of COTS devices capable of information storage in mil-aero applications and environments has driven the need for increased security considerations and measures. In response to this need, officials at the NSA/CSS (Central Security Service) launched the NSA/CSS Commercial Solutions Center (NCSC). The NCSC is designed to address “the strategic needs of the NSA/CSS and the national security community by harnessing the power of U.S. commercial technology."

Concurrently, officials at the National Institute of Standards & Technology (NIST) Computer Security Division manage “the certification of solutions for securing less sensitive data via the Federal Information Processing Standards (FIPS) certification process,” Gangopadhyay says.

Four major defense and aerospace programs have adopted data-at-rest products from Curtiss-Wright Controls Electronic Systems. Among them are the company’s 3U VPX Flash Storage Module and half-ATR Compact Network Storage (CNS) rugged file server for airborne and ground vehicle DAR applications. “Critical to these programs was the NIST FIPS 140-2 certified encryption technology,” Bohman explains.

“Devices such as tablets and tactically deployed computers in Army vehicles, which will be enormous in number, can use [FIPS] techniques. For handling data at a classification beyond Secret or that needs to be secured for a longer time, Type 1 methods will continue to be used.”

Curtiss-Wright’s CNS is incorporated in the avionics on C-130J aircraft.

Airborne applications

Lockheed Martin Aeronautics personnel in Marietta, Ga., have selected Vortex Compact Network Storage (CNS) subsystems from Curtiss-Wright Controls for the C-130J Super Hercules airlifter program. The initial order, placed last month, is valued at $800,000, with a potential lifetime contract value of roughly $7.5 million.

Curtiss-Wright’s Vortex CNS will serve as the network file server in the U.S. Air Force Air Combat Command’s MC-130J special mission aircraft, as well as the Air Force Special Operations Command’s HC-130J personnel recovery aircraft. The new HC/MC-130J Super Hercules extended-range transport aircraft are designed for special missions, including search and rescue (SAR) and combat search and rescue (CSAR).

The rugged, conduction-cooled Vortex CNS network attached storage device enables critical data to be shared over the aircraft’s internal network. The solution, designed to optimize file sharing in military platforms deployed in harsh environments, stores data securely on solid- state memory encrypted with the AES-256 algorithm. Staff at Curtiss-Wright Controls Electronic Systems are designing the CNS in Dayton, Ohio, and manufacturing the subsystems in Littleton, Mass.

Expense at issue

“In today’s environment of defense budget cuts, we see a trend to lower security requirements,” Gangopadhyay relays. “Further, not many low-cost solutions for data storage security will also satisfy DOD needs.

“The situation is temporary and, in the longer term as more ‘good enough’ solutions are developed, every data storage device—even for unclassified data—will be secured via encryption,” Gangopadhyay continues. Already, in the unclassified laptops of military and DOD contract personnel, as well as those of some commercial companies, the hard drives are software-encrypted to protect sensitive data.

As encryption technology is increasingly applied to data-at-rest protection problems, new, better, and faster products will emerge, predicts Bohman. “As important, the market will become more educated on all the issues involved and, hence, make better decisions about the cryptographic characteristics required to protect sensitive information from compromise, and not interfere with the performance of the mission.”

Curtiss-Wright’s XMC/PMC-552 is an example of a high-performance security encrypted solid-state drive for rugged military applications.

In the cloud

With military organizations under pressure to do more with less, secure data storage in cloud computing is becoming more and more popular, says Pete Stoneberg, deputy chief information officer, Government Cloud, RightNow Technologies in Bozeman, Mont. (Oracle Corp. in Santa Clara, Calif., is acquiring RightNow Technologies.)

“Cloud-based knowledge management systems not only reduce costs for the Department of Defense at a time when they are experiencing severe budget cuts, but they ensure consistency of information, increase uptime and system availability, and enable shorter implementation times and exceptional scalability,” Stoneberg continues. “For military organizations, meeting security requirements and accreditation standards are essential to providing usable information storage solutions.”

RightNow’s defense-ready hosting capabilities conform to DOD security requirements, enabling the DOD to reap the cost-saving benefits of a secure cloud, says Stoneberg. The RightNow Secure Government Cloud uses the DOD Information Technology Security Certification and Accreditation Process and the DOD Information Assurance Certification and Accreditation Process to ensure compliance with DOD Instruction 8500.2 and U.S. Federal security standard Federal Information Security Management Act (FISMA) NIST 800-53.

U.S. Air Force Personnel Center (AFPC) managers sought to improve the accessibility and consistency, while maintaining the security, of personnel information for members of the Air Force. AFPC officials found their solution at RightNow Technologies, employing multiple components of the RightNow CX suite. They also converted from an on-premise solution to a hosted, Software as a Service (SaaS) model using RightNow’s secure Department of Defense Cloud.

“For the more than 1.5 million active-duty military personnel serving overseas, defending our nation is a 24/7 job. To serve these customers, the DOD will increasingly need to implement multi-channel contact center and Web self-service solutions that allow warfighters to promptly access accurate information at any time from anywhere in the world,” Stoneberg explains. “We see secure software solutions becoming more prevalent for federal government and military agencies alike.”

RightNow CX replaced AFPC’s previous case and knowledge management systems, described as old, outmoded, and poorly integrated. The initial priority was to create a secure Web environment with a user-friendly interface. Recent and significant staff reductions also drove the need for a more efficient system.

“Given the lack of functional personnel in the field due to recent reductions, we needed to get more efficient, and the Web quickly became a critical component in our strategy,” says Captain Michelle Richards, AFPC customer relationship management operations chief. The AFPC, using RightNow CX, reduced the average customer inquiry time from 20 minutes to two minutes, while increasing utilization of the Web knowledge base from 180,000 to 2 million hits per week. The system modernization enables Air Force personnel to dedicate more time to accomplishing missions, rather than spending time hunting for personnel data or performing in-person personnel actions.

Security without sacrifice

Performance is paramount in defense and aerospace applications, and as important as security. Mil-aero personnel, applications, and budgets increasingly require robust systems that meet strict size, weight, power, and cost (SWaP-C) limitations. Robert Day, vice president of marketing at LynuxWorks Inc. in Santa Barbara, Calif., sees “more consolidation, more security requirements, more mobile devices, and more multi-use systems using more standard hardware and software solutions to reduce costs and increase performance.” LynuxWorks offers its LynxSecure Type 1 embedded hypervisor and separation kernel, to enable this next generation of system without compromising performance or security.

“Taking advantage of modern multi-core hardware with secure virtualization, like LynxSecure, allows tactical systems to consolidate from multiple physical systems to multiple secure virtual systems,” Day explains. It saves size, weight, and power for deployed systems without compromising security, as well as allows for the redeployment of multiple legacy software systems onto new hardware platforms without compromising security.

Day sees the requirement to use “standard” hardware and operating systems in tactical deployments, such as Google Android-based smartphones on the battlefield and Microsoft Windows- and Linux-based systems on standard laptop or desktop systems. “Using secure virtualization, commodity hardware and software solutions can be used, but with protection for both sensitive data and applications, as they can be isolated from one another.”

Consolidation and COTS adoption, as well the growing use of encryption to protect data stored on mobile computers, are all recent trends that call for “extra security without compromising on the performance or usability of systems,” Day affirms. Secure information storage challenges typically associated with legacy systems, the use of commercial systems, and the hosting data and personnel having different security levels and clearances on a single system can be met by using high-performance, secure software virtualization combined with modern multi-core hardware, he continues.

Engineers at LynuxWorks and Wave Systems in Lee, Mass., are collaborating on the use of self-encrypting drives (SEDs) with the LynxSecure separation kernel and hypervisor for running multiple operating systems simultaneously on a single endpoint. The solution links individual encrypted disk bands to different secure virtual domains provided by LynxSecure running on a single device.

Portable and mobile

The use of portable and mobile endpoints increase the risk of data compromise; yet, the collaborative use of SEDs and secure virtualization on an endpoint offers protection, says a LynuxWorks representative. “SEDs are a better option than traditional software encryption for protecting data when using virtualization on an endpoint, given that the encryption is ‘built in’ to the drive itself. Multi-banded SEDs feature separate bands on the disk, with each band separately encrypted for storing data with separate levels of security or sensitivity on a single system.”

An end-point device linked to secure virtualization enables multiple virtual machines on a single physical machine, enabling different operating systems and applications to run simultaneously. “Each OS and application set is held in its own secure partition, and the data for each is protected using encrypted drive bands with different encryption keys per partition,” Day explains. “This provides a true secure multi-use/multi-security level system housed in an industry standard endpoint.”

“The LynxSecure separation kernel and hypervisor is helping to bring new levels of protection to sensitive data held on portable endpoint devices,” says Robert Thibadeau, chief scientist/senior vice president at Wave.

The secure data storage needs of mil-aero organizations and end users are unlikely to subside as time wears on; rather, professionals will likely require greater access to data at an increasingly rapid pace on more robust, compact systems. Mil-aero technology firms are luckily working to deliver on future needs and demands.


Aitech Defense Systems
Barracuda Networks
Cavium Networks
Crystal Group
Curtiss-Wright Controls Electronic Systems
Curtiss-Wright Controls Embedded Computing
DRS Technologies
Elma Electronic
Extreme Engineering Solutions (X-ES)
Galaxy Data Storage Inc.
General Micro Systems
Germane Systems
Green Hills Software
Targa Systems
Phoenix International
RightNow Technologies
SANBlaze Technology
Themis Computer
Vanguard Rugged Storage
VersaLogic Corp.
Western Digital
Wind River

More Military & Aerospace Electronics Current Issue Articles
More Military & Aerospace Electronics Archives Issue Articles

Get All the Military Aerospace Electronics News Delivered to Your Inbox or Your Mailbox

Subscribe to Military Aerospace Electronics Magazine or email newsletter today at no cost and receive the latest information on:

  • C4ISR
  • Cyber Security
  • Embedded Computing
  • Unmanned Vehicles

Get All the Military Aerospace Electronics News Delivered to Your Inbox or Your Mailbox

Subscribe to Military Aerospace Electronics Magazine or email newsletter today at no cost and receive the latest information on:

  • C4ISR
  • Cyber Security
  • Embedded Computing
  • Unmanned Vehicles

Military & Aerospace Photos

Most Popular Articles

Related Products

XPedite7575 | 5th Generation Intel® Core™ i7 Broadwell-H Processor-Based Conduction- or Air-Cooled 3U VPX-REDI Module

The XPedite7575 is a high-performance, 3U VPX-REDI, single board computer based on the 5th genera...

XTend7103 | COM Express® Carrier for COM Express® Type 10 Mezzanine Modules

The XTend7103 is a COM Express® carrier card designed to provide a low-cost and compact platform ...

XPort6173 | 3U VPX Carrier for Two 2.5 in. Solid-State Drives (SSDs)

The XPort6173 supports two, standard, 2.5 in. Solid-State Drives (SSDs) in a single 0.8 in. or 1....

XCalibur4443 | Intel® Core™ i7 Processor-Based Conduction-Cooled 6U VPX SBC

The XCalibur4443 is a high-performance, multiprocessing, 6U VPX, single board computer that is id...

XCalibur1641 | Freescale Eight-Core P4080 Processor-Based Conduction- or Air-Cooled 6U VPX Module

The XCalibur1641 is a high-performance, 6U VPX, single board computer supporting Freescale QorIQ ...

XPedite7479 | 3rd Gen Intel® Core™ i7 Processor-Based 3U VPX Module with Full XMC J16 I/O Routing

The XPedite7479 is a high-performance, low-power, 3U VPX-REDI, single board computer based on the...

XPedite7670 | Intel® Xeon® D Processor-Based 3U VPX-REDI Module with Dual 10GbE and an XMC Site

The XPedite7670 is a high-performance, 3U VPX-REDI, single board computer based on the Xeon® D pr...

XPm2120 | MIL-STD-704 3U VPX VITA 62.0 Power Supply with Integrated MIL-STD-461E Filtering

The XPm2120 is a VITA 62.0-compliant 3U VPX power supply that allocates 12 V as the primary distr...

XPedite7478 | Intel® Core™ i7 Processor-Based 3U VPX-REDI SBC with Integrated 1553 and CAN Bus

The XPedite7478 is a high-performance, low-power, 3U VPX-REDI, single board computer based on the...

XCalibur1740 | Freescale QorIQ P2020 Processor-Based Conduction- or Air-Cooled 6U VPX Module

The XCalibur1740 is a high-performance, multiprocessing, 6U VPX, single board computer that is id...

Related Companies

Southwest Antennas

Designs and manufactures high-performance RF and Microwave antennas and accessories designed for today’s communicatio...

Curtiss-Wright Defense Solutions

About Curtiss-Wright Defense Solutions Curtiss-Wright Defense Solutions (CWDS) is a long established techno...


Mil Spec EMC/NEMP/ filters and EMC product solutions for military applications.


Spectracom supports mission-critical communications systems with precise and reliable time and frequency synchronizat...

Premier Polymers

Provides seamless epoxy flooring and industrial resinous coatings

CORWIL Technology Corp

CORWIL Technology, the premier US based, IC assembly and test services subcontractor, offering full back-end assembly...


IndustryARC primarily focuses on Cutting Edge Technologies and Newer Applications of the Market. Our Custom Research ...

DiCon Fiberoptics Inc

Offers fiber optic switches, tunable filters, and VOAs. Founded in 1986, the company is a US based, AS9100 certified,...

Harris Corporation

Harris provides advanced, technology-based solutions that solve government and commercial customers' mission critical...

GE Intelligent Platforms

Provides software, hardware and services with expertise in automation and embedded computing. We offer a unique found...


Harsh Environment Protection for Advanced Electronics and Components

This webinar will offer an opportunity to learn more about ultra-thin Parylene conformal coatings – how they are applied, applications they protect today, and the properties and benefits they offer, includin...

New Design Tools That Help You Develop Radar That Sees the Un-seeable and Detects the Undetectable

Xilinx EW/ISR System Architect, Luke Miller, has new tricks and he’s going to tell you all about them in a new Xilinx Webinar—for free. His Webinar will cover new ways to implement Radar functions including ...
Sponsored by:

Press Releases


Curtiss-Wright Corporation today announced that its Defense Solutions division has received a contract from Sierra Nevada Corporation (SNC) to supply its small form factor ...

Innovative Integration Announces the FMC-Servo

Camarillo, CA June 19, 2015, Innovative Integration, a trusted supplier of signal processing and data acquisition hardware and software solutions, today announced the FMC-S...


Curtiss-Wright Corporation today announced that its Defense Solutions division has further enhanced its innovative VRD1 high definition (HD) video management system (VMS) w...

All Access Sponsors

Mil & Aero Magazine

August 2015
Volume 26, Issue 8

Download Our Apps




Follow Us On...


Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information

Cyber Security

Monthly newsletter covering cyber warfare, cyber security, information warfare, and information security technologies, products, contracts, and procurement opportunities

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers

Electronic Warfare

Quarterly newsletter covering technologies and applications in electronic warfare, cyber warfare, optical warfare, and spectrum warfare.

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles