Secure data storage for battlefield networking
Designers and systems integrators struggle with keeping data secure in proliferating networked devices, and blending systems with new and legacy information storage technologies.
Designers and systems integrators struggle with keeping data secure in proliferating networked devices, and blending systems with new and legacy information storage technologies.
By J.R. Wilson
Information is the fuel that drives 21st Century military tactics, techniques, and procedures (TTPs) and the foundation on which all offensive and defense actions depend.
While the emphasis best known to the public is the collection of information, securing the collected data from the point of origin to eventual archiving is of equal, if not greater, importance. The increasingly rapid evolution of technology also is keeping security measures in a constant state of flux.
“With the emergence of so many technologies, it’s hard to predict which technologies and security measures will be adopted — and some that are adopted may not last long,” says Drew Castle, vice president of engineering at Chassis Plans LLC in San Diego.
The battlefield of today is a monolithic data network, with data continually flowing from ground units, to aircraft, to satellites. This wouldn’t be possible without secure data storage.
“Estimates are there will be 40 billion interconnected devices by the end of next year,” Castle continues. “Look at new technologies that are being developed by individuals at home and wonder how many will be adopted widely, what will trickle into the DOD [U.S. Department of Defense] space.”
Military forces today rely on information technology more than ever before. “We are becoming more and more dependent on technology — and the more dependent we become, the higher the threat,” Castle says. “We will be more rather than less vulnerable as we become more and more dependent on technology and susceptible to cyber threats and the destruction of that technology. And now you have lone actors who can take down networks and cause global problems at far less cost than a nuclear weapon.”
Almost every military, government, academic, and industrial organization in the world today has at least an office, if not a full command, devoted to cyber and electronic security. Although that has placed a greater emphasis on security, especially at various levels of “data at rest”, it also has been done largely on an independent basis.
“Our biggest question in terms of cyber and physical security is where is DOD going. There are huge numbers of briefings on it and we really want to understand how all those are going to join together in a uniform strategy for DOD meeting their future cyber and physical security requirements for storage and networking,” says Chassis Plans President Mike McCormack.
“I think that is still a work in progress. DOD is trying to understand what is the threat, how sophisticated is it, how can they counter and mitigate that, offensively and defensively, McCormack says. “The big question for us is what do we do in the next few years in terms of where DOD is going.”
That question is getting more complicated for those supplying security systems; contractors are told only the requirements — physical or software encryption or both — but not how or where the end system will be used.
“Depending on the mission and application, it goes into the ability to meet FIPS [Federal Information Processing Standard] compliance with your servers, depending on the customers perceived risk and how to mitigate that risk,” McCormack says. “In most cases, the customer won’t discuss with us the utilization of the data being stored, just ask what we can do to mitigate their risk. That may be FIPS compliance, potential outside corruption from an EMP [electromagnetic pulse] blast and so on.”
This chart outlines a process for designing trusted computing systems with secure data storage.
Systems integrators are trying to keep information security risks to a minimum. “It really depends on what the customer wants us to do to mitigate the risk, whether physical security, tamper-proofing, or encryption levels. They give us the requirements and that’s what we develop our products to meet,” McCormack says.
Those requirements evolve not only with new missions but also in response to new developments in security and security-breaking capabilities. Requirements also reflect what the military perceives as the greatest threat to secure information storage at the time. Still, it must take into account every step along the way to creating and implementing security measures, with those requirements becoming pervasive across the network stream as well as in networked storage.
“I would say physical capture is the biggest threat, but a four-star general might say cyber security, being able to gain remote access,” McCormack continues. “The threat is greater, including at the personal level, if you don’t have the proper firewalls in place.”
Third-party DOD information from a contractor to the military also has to have cyber security safeguards in place to comply with NIST 800, which are documents from the National Institute of Standards and Technology that describe government computer security policies, procedures and guidelines. “So the biggest concern at DOD is the cyber threat,” McCormack says.
Dealing with legacy systems
What is certain is the demand for higher levels of security for military information storage only will increase as the ability of an ever-widening list of potential adversaries to penetrate legacy and current state-of-the-art grows. That especially is true for legacy systems, which tend to have proprietary security methodologies, making upgrades difficult.
“There is a level of encryption, but it is proprietary in most legacy systems, where now FIPS 140-2 is an industry standard with regard to encryption,” says Amos Deacon III, president of Phoenix International in Orange, Calif. “Going back 10 or 20 years, companies developed their own proprietary encryption techniques, certified by NSA, but that is really expensive to do. And each future change has to be reviewed and re-certified.”
These legacy systems can be difficult — if not impossible — to upgrade sufficiently to comply with modern data storage security standards. “For legacy systems, you’re looking at a forklift upgrade,” Deacon says. “If you have a system using hard disk drives that have been operating for more than five years, you have the output power and performance requirements of new technologies, in many cases, making it ineffective to try to continue using the older equipment and upgrade interfaces. You just put in a whole new system rather than a legacy tech refresh.”
In a lot of those systems, the software was written for that specific environment and equipment — which may have been out of production for many years. The solution is to move to new systems, many of them Linux-based, which enables the use of industry-standard encryption techniques.
Solid-state drives used in manned and unmanned airborne surveillance present a unique security challenge; if an aircraft is captured there may be no one available to physically destruct or initiate a process to eliminate the sensitive data.
Although the bulk of today’s data storage security is software-focused, physical security remains an important part of most security systems, especially active, online storage at fixed locations and inactive, offline archival storage.
“If you want secure data, that is security in terms of encryption, but also security of the physical drive, especially when it is removed from the deployed asset and returned to a lab,” says Jason Wade, president of ZMicro in San Diego. “So you have to look at how you are cooling the drive, how it can be removed without degradation, and protection against the environment.”
Sometimes the answer is combining technologies. “The state-of-the-art is really when you combine the technologies available in the marketplace,” Wade says. “In just hard drives, there are numerous solutions with self-encrypted drives. The way you get a solution for the end user is to bring together a system that works in concert with the motherboard, the hard drive, and Opal 2 compliance. To provide the strongest level of security, you will put a layer on top of that using software encryption.”
The Opal Security Subsystem Class is a hardware-based hard drive standard developed by the Trusted Computing Group (TCG) in Beaverton, Ore., to encrypt rotating media hard drives, solid-state, and optical drives. The benefits of hardware encryption include the ability to work with any operating system, transference of the encryption process’ computational load to dedicated processors, reducing stress on the host CPU, and thwarting cold-boot attacks by storing the encryption/decryption keys in the hard drive controller rather than in system memory.
“We’re in a sea-change with storage in terms of the advancement of NVMe-based storage modules,” Wade says. “Moving forward, all hard drives will be NVMe-based and that will provide four times the read/write speed. And hard drives with Opal-2 compliance and encryption will become standard,” he adds. “What will become more and more seamless is management of the drives, how they are erased, how the keys are managed. At a certain point, that will become inherent to all hard drives.”
NVMe, which stands for non-volatile memory express, is a host controller interface and storage protocol created to accelerate the transfer of data between enterprise and client systems and solid-state drives (SSDs) over a computer’s high-speed PCI Express bus.
Data security requires a system level approach including self-encrypting drives, host support for secure encryption key management, and physical security features that support robust transportability
The need for physical anti-tamper security was highlighted in 2001 when a U.S. Navy EP-3E ARIES II SIGINT aircraft collided with a Chinese J-8II interceptor jet and was forced to land on China’s Hainan Island. The P-3 was dismantled by the Chinese military before being returned to the U.S. and an undisclosed amount of classified information was extracted from its computer systems.
“The encryption routines have progressed since then to the point that, while not impossible, it is a lot tougher to access data,” says Phoenix’s Deacon. “The use of solid-state storage devices also allows you to physically destroy the data in a much more complete and faster manner. The P-3 was using hard disk drives and there is no way to really quickly erase data on those drives short of destroying the media itself.”
Security keys are the key ingredients of today’s solid-state drives. “With solid-state, in addition to the encryption level, where you destroy the keys to the data, there are physical ways to erase the data much more quickly,” Deacon says. “Even if you pull the power to that device, as soon as power is reapplied, the erasure procedure would continue, so the use of solid-state technology has allowed for an increase in the ability to secure data should it fall into a bad actor’s hands. But anti-tamper also will have to be through software, to have the tamper evident and, proactively, to automatically sanitize the data or block the intrusion once it is detected.”
Deacon agrees with McCormack that physical capture is a greater threat to classified data than remote access.
“You may not have the opportunity to press the button — software command or physical button — to destroy the data,” Deacon says. “Then you have to rely on the level of encryption. The level of computing power these days requires a higher level of encryption, typically AES-256 on a fixed 140-2 device. The beauty of AES-256 is the use of encryption keys, which are what allow you to access the system — and the combination of keys is massive.”
Built-in encryption solves helps safeguard sensitive mobile information since adversaries will be unable to access data on the drive without the authorization key.
It’s extremely difficult to break in to one of today’s secure hard drives. “To put it in perspective, breaking into a 256-bit key by brute force would take something like 50 supercomputers checking a billion AES keys per second and take literally thousands of years to hit every combination,” Deacon says. “There’s just not a computer technology currently capable of cracking that, which leaves only quantum computing, which isn’t there yet. But network security needs physical and software preventative measures, from an enclosed system to a software infrastructure that denies unauthorized access, modification or destruction of the data.”
Trusted supply chain
Another element of increasing concern is a trustworthy supply chain. The prime contractor and its major subcontractors may have the highest levels of physical and digital security in place, but still be vulnerable due to a third-level supplier’s use of components made in China.
The People’s Republic of China has become the world’s leading producer of electronics, from the smallest connectors to major systems, such as satellites. It also has made no secret of its intention to become the world leader in cyber and electronic warfare. The U.S. military has protocols in place blocking the use of Chinese and Russian software and electronics to combat counterfeit parts and potential “back door” security holes.
“Part of the conversation today is how to reduce vulnerability, but a lot of things are made in China, including most processors. There are processes and procedures in place to verify component providers,” says ZMicro’s Wade. “What’s at issue is the potential of vulnerabilities in hardware, which always needs to be addressed. And that brings you back to the system-level approach, with Opal drives and 256-level encryption and hardware that supports TPM tech.”
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor — a dedicated microcontroller that secures hardware by integrating cryptographic keys. The technical specification was written by the Trusted Computing Group. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.
The Data Transport System (DTS1) from Curtiss-Wright Defense Solutions is a rugged network attached storage (NAS) file server for use in unmanned aerial vehicles; unmanned underwater vehicles; and intelligence, surveillance, and reconnaissance aircraft.
Sometimes it all comes down to the political situation at any given time. “China has now become an adversary in technology and political and economic power in the world, says Chassis Plans’s McCormack. “DOD and the world in general are realizing we have to find other sources that are TEA [technology exchange agreement] compliant. But Taiwan is TEA compliant, but get a lot of their components from China,” he says.
“Do you have processes in place to make sure you are not getting components that are counterfeit or have been tampered with in China? There will be a bigger drive to see that there is more TEA complaint board manufacturing in the U.S., in the DOD space and in U.S. manufacturing,” he says.
On the near horizon is another advance that influences the data security of individuals, governments, corporations, and the military, yet its primary evolution is in the least secure environment of all — the home.
“Who is driving the technology? Look at the Internet of Things, with totally interconnected homes and people who are remote working,” McCormack warns. “Having everything connected is fantastic. But that also will be the biggest threat. It allows the exponential spread of viruses because security in the home, especially, does not protect against cyber attacks. If someone attacks my thermostat, which is connected to my computer, that allows access to my bank accounts.”
The Compact Network Storage 4-slot (CNS4) conduction cooled high-performance data recorder from Curtiss-Wright Defense Solutions offers scalable storage and encryption options for capturing critical data in a harsh environment.
“It’s like building the interstate,” he continues. “It improved transportation, but fatalities increased massively. Between 2005 and 2012, we saw a lot of ransomware attacks. Then we got smarter. Each home, office, and defense component must have more and more firewalls and security measures to isolate them within greater wide area networks.”
The rapid and universal spread of new electronic and computing technologies has increased the vulnerability of today’s deployed military to data interception, spoofing, and tampering.
“That is a consideration that is holding back the deployment of some systems,” says Phoenix’s Deacon. “For example, the fusing of sensors, such as proposed for the Joint STARS recapitalization program, taking a number of independent sensors on-platform and sharing that data.”
Necessary solutions might not be available for some time. “The technology to do that does not exist right now and potentially that won’t be available for another 15 or 20 years,” Deacon says. “So there is a risk of the cancellation of the JSTARS recap program for this fused sensor approach because being able to move that much data around in a real-time environment can’t yet be done — and once you do get there, you run into security problems.”
Determining what security measures to implement in a given system often involves the end user deciding what capabilities are most important to the mission.
“There are tradeoffs you constantly have to make and evaluate,” says ZMicro’s Wade. “For example, if the customer requests 140-2 compliance, we can look at Opal 2 drives; if they are looking for it to be validated, that reduces the number of available drives. Yet if a customer identifies high-speed processing as a paramount factor, software encryption might not work, despite providing a greater level of security, but with a performance hit. But with the ever-increasing performance of today’s processors, the level of that hit is open to question.”
Readily available technology
Advancing technologies, many available to anyone to adapt to offensive applications, have made truly secure military information storage a critical component of military operations and procedures at all levels. But securing data takes more than hardware and software, it also has to address the human factor.
“It will include secure physical access, from passwords to more advanced restrictions,” says Chassis Plans’s McCormack. “Also people not bringing outside media into facilities where malware might get onto the system. You have to make sure the staff is trained on the threats that are out there; human beings are the weakest points of entry and make mistakes, so the training has to be there to understand security requirements, even in the smallest companies. You never know where a thumb drive has been or came from, so you have to make sure you keep physical media from coming into a facility.”
As more sensors and platforms collect and process more and more data, transferring it over high-speed networks to real-time displays, short-term and archival storage, the greater the need for multiple layers of hardware- and software-based encryption and anti-tamper solutions.
As ZMicro’s Wade notes, “Everything is a potential vulnerability if you’re not paying attention to it.”
Aitech Defense Systems
San Jose, Calif.
Chassis Plans LLC
Curtiss-Wright Defense Solutions
DRS Tactical Systems Inc.
Elma Electronic Inc.
Extreme Engineering Solutions
General Micro Systems
Rancho Cucamonga, Calif.
Kaman Fuzing & Precision Products
Upper Saddle River, N.J.
Trusted Computing Group