THE BEST HACKER DEFENSE IS A GOOD OFFENSE
By Jim Shaw, Executive Vice President of Engineering
The risks associated with cybersecurity are growing far faster than anyone ever expected. While we hear reports of high-profile attacks on a regular basis, there are many more that go unreported. Consider it unauthorized data mining.
Attacks are becoming more prevalent because more systems and devices are being connected to the Internet, growing the “pool” of vulnerable points. The cyber community calls this “increasing the attack surface.” This is true for just about any market, but certainly includes the military, power and utility industries, security, autonomous vehicle developers, and so on — all places we consider critical infrastructure points — extending into equipment used in industrial spaces, like power substations, smart grids, and petroleum processing plants. As we populate these areas with more sensors, our cybersecurity challenges are compounded.
Most experts believe that it’s just a matter of time before every platform worth hacking, is attacked. The key is to ensure that when it’s your turn, the information that’s exposed doesn’t put your institution, constituents or data at risk.
While the potential risks differ in every application, some are far more serious than others. Some recent examples include malware that can erase your entire system, unauthorized encryption of your data, or unauthorized use of a network to seek access to sister company systems.
Taking the uncertainty out of cybersecurity
Selecting from the needed range of products and capabilities to deliver customized, turnkey computing solutions that keep critical, confidential data secure, even in the most extreme conditions — when it matters most.
Maximum protection from the outside in and inside out:
- The right combination of rugged hardware and certified software that meet strict government certification standards to achieve your unique program needs
- Vertical integration delivers maximum protection with minimal complexity
- Holistic physical and data security ensures information is only accessible by authorized individuals when and where it’s needed
Achieve accreditation with ease
- Established ecosystem of trusted partners
- U.S. supply chain eliminates risk of compromised components
- Secure systems incorporate innovation, industry standards and critical certification levels, like FIPS 140-2, NIAP, NIST, common criteria and CSfC
Tailored solutions to solve your most difficult challenges
- High-performance, scalable solutions use readily-available commercial components for quick deployment and
- Single pane of glass enables seamless updates
- Evolve and expand systems easily across our broad range of scalable solutions
Reliable performance anywhere, every time
- Engineered for seamless performance in the most extreme, unpredictable and remote conditions based on demanding
MIL-SPEC, IEEE and IEC standards
- Extreme processing power and near-zero latency ensure accurate, actionable real-time data
- Certified ISO 9001:2015/AS9100D
In military applications, like weapons systems or advanced communications, the need for extreme security is not only obvious, but non-negotiable. Each program has specific classifications that define the required level of security. For example, the SIPRNet and NIPRNet enclaves have lower security requirements than those specified in the Joint Worldwide Intelligence Communications System (JWICS), a network run by various defense agencies, including the Department of Defense (DoD) and Department of Homeland Security.
Crystal Group PASS™ SAS SSD for accreditation
- Ultra-fast performance up to 2200MB/s
- Scalable dual port 12Gb/s SAS interface
- FIPS/NIAP (Common Criteria) tamperresistant drive
- High storage density decreases equipment footprint
- Meets U.S. DoD quality and security requirements
- Rugged conformal coating
- High capacity options
- TAA approved
Staying current on these requirements is critical. To effectively and accurately design and develop system architectures that allow end-users to control the security of their products and applications, you have to start with a clear understanding of what the end-user is trying to accomplish, the vulnerabilities and threats, and what defense mechanisms must be in place to prevent those threats from being realized.
The RS1104 rugged 1U server from Crystal can be customized to address both data at rest and secure network attached storage security levels with features like self-encrypted drives, instant secure erase and key management.
Armed with this information, we develop a secure platform that’s hardware enabled and provides the required level of security for the intended application. This may involve running virtual machines that can be spun up to handle different security functions. This technique can be combined with hardware locks or tamper-proof construction.
We start with a rugged hardware Root of Trust to monitor the boot loader files for authenticity and pedigree. This includes verifying the BIOS and firmware and monitoring any board revisions to confirm that everything in the software is legitimate and secure. By loading the image as a secure boot enabled device, the customer always receives a computer that performs as expected. With a solid foundation in place, we incorporate FIPS 140-2 SAS solid-state drives for data at rest protection.
Given the intricacies of cybersecurity, the rate and scale at which is compounds, and the evolving requirements, it’s next to impossible for any single company to address the full range of cybersecurity needs. Crystal Group has forged strong relationships with trusted partners that are experts in their respective areas. This allows them to focus on core competencies, while integrating others. Through this ecosystem of partners, they can deliver the right cyber secure combination of rugged hardware and certified software for each customer program, which eliminates any uncertainty or hassle for the customer.
A great example of this is the partnership with RackTop and Crystal to create a cyber-converged network platform that encrypts large data streams with near-zero latency. The system provides a simplification in policy management, access to data, data at rest security, key rotation and key management. As the embedded world sees more sensors pumping data into a network, this becomes critically important. Overall, the system’s capabilities can be narrowed or expanded while making it easy to manage complex security networks and large amounts of data.
The growing need for progressively stronger encryption—especially to ensure warfighters have real-time access to actionable data in volatile, forward-deployed environments—requires better software protection as well. Making that happen hinges on increasingly diverse technologies and partnerships with top software and component providers. These partnerships play a major role in delivering solutions that are rugged, secure and meet multilevel encryption requirements for military data in the field.
An example of this is the partnership with Seagate, through which Crystal Group exclusively provides the world’s first rugged, accredited, data-encrypted SAS solid state drives for secure data storage at the tactical edge. And with an entire portfolio of flexible security features available at the base CPU level, for trusted platform module add-ins, and on tamper-resistant hardware, we’re able to create a vault of safe tactical computing. Combining those solutions with TCG Opal drives compliant with FIPS 140-2 and NIAP requirements—and enhanced with multiple levels of security measures—effectively bullet-proofs the entirety of the security stack.
Offering an entire portfolio of solutions that protect against multifold threats more easily connects military operators with integrated, certified tools and services through a single supplier. This allows them to meet their component requirements for both physical and computing reliability and security without the hassle and uncertainty of patchworked solutions from multiple providers. In today’s harsh, constantly changing tactical landscape, a fully integrated cybersecurity foundation is an invaluable necessity.