backtop


Print 37 comment(s) - last by goz314.. on Jan 4 at 6:35 PM


Recent leaks forces U.S. government to patch up the pipes

After story after story of government laptops being stolen and compromised, the U.S. government is making progress in encrypting all information stored on its data devices. On June 23, 2006, a memorandum (PDF) from the Executive Office of the President mandated that all government mobile computers and devices must fully encrypt all data. The document recommends the following actions for all departments and agencies:

  • Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing, by your Deputy Secretary or an individual he/she may designate in writing.
  • Allow remote access only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access.
  • Use a “time-out” function for remote access and mobile devices requiring user re-authentication after 30 minutes inactivity.
  • Log all computer-readable data extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required.

To fulfill the above requirements, the U.S. government began searching for the best full-disk encryption (FDE) solution in the form of an open contest.  All data stored on the device must be encrypted, including swap space and temporary files that may contain sensitive data -- the user should not have the capability to decide what gets encrypted and what does not.

Destroying cryptography keys are also a quick way to destroy the data on a FDE system.  To prevent this, the winner of the government search must also provide the capability of holding keys in escrow.

The original memo from the government intended that all safety measures were to be in place 45 days from the issue of the mandate, but according to this source, the U.S. government will conduct a 90-day evaluation of technologies to find the best solution. The product selected as the best will be implemented on all governmental agency computers, which potentially could result in the largest single implementation ever of FDE.

The information regarding the encryption solution selection process can be found in a U.S. Air Force section on the Federal Business Opportunities page, though the mandate from the President is believed to be government-wide. Found on the military’s Air Force site is a list of requirements and competing vendors (XLS) for the program.

The comparisons and competition will come to a close in 90 from the start.  All information regarding the competition is open to the publicSeagate and Hitachi are currently the only two major vendors with hardware full-disk encryption solutions.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Why Download
By bdot on 1/2/2007 5:15:14 PM , Rating: 2
Why are they even downloading sensitive information onto a personal computer. Should Classified data not just be accessed securly via Internal Network/VPN and never actually leave the server and in turn force the client machines to dump their chache at the end of a session.

Its the same thing with that Fidelity Investments Laptop that was stolen with personal Info for thousands of HP employees. Why is this kind of information aloud to reside on the hard drives of client machines when network speeds are so fast to begin with.

REMOTE ACCESS FTW!!




RE: Why Download
By masher2 (blog) on 1/2/2007 6:14:08 PM , Rating: 2
The 'Sensitive' label is a level below 'classified'. Sensitive data is not classified.


RE: Why Download
By Christopher1 on 1/3/2007 3:02:42 PM , Rating: 2
Actually, some sensitive data IS classified, but it is extremely rare. I also have to agree with one of the other posters as to why someone would have to download things to their personal computer at home.

If anything, they should have a government-issued laptop, that they use SEPARATE from their personal computer for classified and sensitive data, period.

That would be the smartest and safest thing to do.


RE: Why Download
By masher2 (blog) on 1/4/2007 9:34:42 AM , Rating: 2
> "Actually, some sensitive data IS classified..."

No; they're two different categories. If I recall the hierarchy correctly, its FOUO (for official use only), SBU (Sensitive, But Unclassified, then the three classified levels of Confidential, Secret, and Top Secret. There's a few levels above TS, but they're not publicly disclosed.



sensitive data?
By dome1234 on 1/2/2007 1:43:58 PM , Rating: 2
how do you define what's sensitive? My missus' age is sensitive. Mine's not.

Classified information should never leave their secure premises unless absolutely essential. Not because they needed to get home for little junior's birthday and would finish up whatever they're doing later at night.




RE: sensitive data?
By johnsonx on 1/2/2007 1:51:25 PM , Rating: 2
quote:
My missus' age is sensitive.


LOL. My missus is 23. She's been 23 for years!


RE: sensitive data?
By Crassus on 1/2/2007 2:10:27 PM , Rating: 1
quote:
My missus' age is sensitive. Mine's not.


I think you can easily solve that by stating that she's sensitive when it comes to her age, and you are not.


RE: sensitive data?
By jp7189 on 1/3/2007 9:58:37 AM , Rating: 2
You've never worked for government have you? 3:30 and the day's over. Only contractors work after hours.


What if?
By Etern205 on 1/2/2007 5:22:02 PM , Rating: 2
Okay so if the government encrypts its data, but
let's say one day the notebook stops working or the
motherboard gets fried. Will they be able
to extract their data if they plug it to another system?

Most hardware encryption will only work on
the device you did the encryption on. If they
take it to somewhere else, then they are basically
locking themselves out also.

That is if they decided to go with hardware encryption,
not too sure about software encryption though.







RE: What if?
By lennylim on 1/2/2007 5:25:56 PM , Rating: 3
quote:
let's say one day the notebook stops working or the

That's what backing up is all about, which should be done whether you encrypt or not.


RE: What if?
By Simullacrum on 1/3/2007 5:45:03 AM , Rating: 2
Slightly misleading.

The governement will most probably be using Utimaco Encryption Software [if not there IT wuld be preaty daft]

Utimaco Encryptes the whole contents of the the hardrive using different Encryption methods [e.g. AES256,3DES, combinations of one or more, many more algorithms available]. It is not hardware dependent.

You have 3 options or levels of security.

1. No method of deciphering in the event of hardware failure or loss of drive. The data remains encrypted and cannot be decrypted.

2. the encryption Key is 128 bits long and is broken into three segments. Each segment is held by three different mebers. each only knowing there 42key bit length.
Once all three parts are combined within the right sequence then the hardrive can be deciphered regardless of hardware.

3.Same as above but also utimaco have 128bit key stored in a safe location so they can be called in to deciper the Hard disk. If any part of the key is lost, for what ever reason.

It is up to the department on which option they go for.

[p.s i used 128 key bit as an example it can also be smaller down to 64, or can be larger up to 256, again if the option is 2 it will be split into 3 parts.]


proprietary formats
By Gooberslot on 1/2/2007 5:58:17 PM , Rating: 2
The government really needs to stop using proprietary formats(referring to XLS spreadsheet). I thought the government was supposed to represent all people, not just those using MS products.




RE: proprietary formats
By masher2 (blog) on 1/2/2007 6:12:41 PM , Rating: 2
Sorry, but the government "represents" you by protecting your rights...not by buying Linux to make some sort of inane political statement.


RE: proprietary formats
By rushfan2006 on 1/4/2007 11:42:29 AM , Rating: 2
quote:
The government really needs to stop using proprietary formats(referring to XLS spreadsheet). I thought the government was supposed to represent all people, not just those using MS products.


Huh? You ever watch the comedian Bill Engval(sp).....well.......here's your sign. ;)


Spreadsheet
By DigitalFreak on 1/2/2007 3:08:46 PM , Rating: 3
Heehee - The spreadsheet contains e-mail addresses, phone numbers and cell numbers for all the participants, as well as the gov't contacts.




By icered on 1/3/2007 4:26:47 AM , Rating: 2
I'm guessing hardware FDE has its own pitfalls in the sense that hardware components cannot be interchanged or replaced without losing all the data. Why not just go for existing open-source solutions like TrueCrypt?




Day late...
By ErkDog on 1/4/2007 1:45:38 PM , Rating: 2
I'm not exactly sure where the information in this article comes from, but it is certainly wrong.

First of all if the Memo stated 90 days trial, well guess what... The memo was SIX MONTHS ago.

Furthermore FDE has already been implemented in most agencies. The IRS employees in particular were required to complete their migration to FDE before the end of 2006.




Uh... ok....so....
By Blood1 on 1/2/07, Rating: -1
RE: Uh... ok....so....
By masher2 (blog) on 1/2/2007 1:45:45 PM , Rating: 4
If you consider typing skill to be a measure of intelligence, I feel you have a promising career in the secretarial marketplace.


RE: Uh... ok....so....
By Spartan Niner on 1/2/2007 1:53:16 PM , Rating: 2
The OP certainly has the "charm" part down pat.


RE: Uh... ok....so....
By fxyefx on 1/2/2007 4:36:16 PM , Rating: 2
Yeah, he's using a CRT monitor, too. Makes me feel nostalgic...


RE: Uh... ok....so....
By SLEEPER5555 on 1/2/07, Rating: -1
RE: Uh... ok....so....
By lewisc on 1/3/2007 3:17:14 PM , Rating: 2
I'm not referring this back to Bush, because I’m unconcerned whether or not he can type, but I still do consider if someone can type a measure of competence.

I work for a large employment company in the UK market, and it is very rare, no matter what the position, for there to be no demands on an individual's basic admin / office type skills. Even up to the highest paid positions, at any level of a company, employers still look to us to demonstrate that a person is competent with computers, which can involve things such as Microsoft Office testing, or even a typing test. At the end of the day, someone with good office skills is more employable than someone with poor, if the other competencies the people share are the same.


RE: Uh... ok....so....
By deeznuts on 1/4/2007 12:13:55 AM , Rating: 1
It's a measure of competence ... computer competence that's it. Not a measure of intelligence. Yeah if you are in the tech field then of course. THere are tons of intelligent people who don't even know how to turn on a computer and never used a typewriter.


RE: Uh... ok....so....
By androticus on 1/2/2007 7:51:40 PM , Rating: 3
George W. Bush is the president of our country, and deserves to be treated in a respectful manner. I am sick and tired of the attitude of rampant disrespect in this country for President Bush, as if being a liberal or anti-conservative somehow justifies acting like a retarded school yard thug with license to inflict any manner of hooligan insults towards him.

One can disagree with his policies or actions to any degree, but disagreement can always be done in a respectful way, without resorting to childish tactics.


RE: Uh... ok....so....
By The Boston Dangler on 1/2/2007 8:24:58 PM , Rating: 3
One may respect the office, and not the ass in the office.


RE: Uh... ok....so....
By Christopher1 on 1/3/2007 2:59:55 PM , Rating: 2
Exactly right. I have all the respect in the world for certain Presidents: George Washington, Bill Clinton (I dismiss his sex scandal because I am not a prude who thinks that adultery is wrong), Roosevelt and Ford (mainly because I have read that he was a standup man even in the eyes of his foes).

George W. Bush deserves NO respect - he has bankrupted this country fighting a war of choice that we should NEVER have started, that in the long run is going to lead to MORE deaths than Saddam ever had.
He has passed laws that discriminate against people based on their sexual orienations.
He has given unbid contracts, in blatent violation of federal law, to his cronies and friends (Halliburton!).

He deserves LESS than no respect, and I will personally be GLAD if he is brought before the UN War Crimes Tribunal and charged with war crimes in reference to Iraq.


RE: Uh... ok....so....
By masher2 (blog) on 1/3/2007 3:36:04 PM , Rating: 3
> " Bill Clinton (I dismiss his sex scandal because I am not a prude who thinks that adultery is wrong..."

If you believe his sex scandal had anything to do with adultery, then yes, you will continually be confused and unable to understand it.

> "George W. Bush [has] has bankrupted this country fighting a war..."

Are you sure you know what the word "bankrupt" means? The nation is by no means bankrupt. Since Bush took office, the US has spent over $2.5 trillion dollars just paying interest payments on the federal debt...debt run up by past administrations. And even that amount pales in consideration of the titanic sum spent on income redistribution, in the form of food stamps, Health and Human Services, and HUD.

Saying the Iraq war has bankrupted the US is like saying Donald Trump was bankrupted by filling up the tank in one of his limousines. But then, given the emotional tone of your remarks, I'm sure you won't be swayed by the facts.

> "He has given unbid contracts, in blatent violation of federal law..."

Err, every administration since the days of Abraham Lincoln has awarded no-bid contracts. Were you really not aware of this?



RE: Uh... ok....so....
By goz314 on 1/4/2007 6:35:21 PM , Rating: 2
quote:
Since Bush took office, the US has spent over $2.5 trillion dollars just paying interest payments on the federal debt...debt run up by past administrations. And even that amount pales in consideration of the titanic sum spent on income redistribution, in the form of food stamps, Health and Human Services, and HUD.


Whoa... wait a minute. -Fact Check everybody.

http://www.whitehouse.gov/omb/budget/fy2007/pdf/hi...

Since Bush took office (01-06) the Federal Government has spent the following amounts on the categories listed above:

1.) Gross Interest on National Debt - $2.08 Trillion
2.) Food Assistance (i.e. Food Stamps) - $265 Billion
3.) Housing Assistance (i.e. HUD) - $209 Billion
4.) Health Care Services (excl. medicare) - $1.18 Trillion

My math may be a bit rusty, but the sum of line items 2, 3, and 4 isn't greater than line item 1. Likewise, I wouldn't necessarily characterize health care services as income re-distribution. Nice try, but.... go fish.


RE: Uh... ok....so....
By rushfan2006 on 1/4/2007 11:31:07 AM , Rating: 2
quote:
I have all the respect in the world for certain Presidents: George Washington, Bill Clinton (I dismiss his sex scandal because I am not a prude who thinks that adultery is wrong), Roosevelt and Ford (mainly because I have read that he was a standup man even in the eyes of his foes).


You are prude if you think adultery is wrong? Hmmm...amazing, I guess I'm a prude then -- because I don't see how cheating on someone you are supposedly committed to is a "good" or "right" thing to do. You must have the moral depth of a puddle. And that has NOTHING to do with politics btw. The sex scandal didn't bother me because a President did it while he was married -- its against my personal values, but he's an adult if he was to screw up his relationship with his wife so be it. What did bother me is ultimately it was tax payer dollars spent for all the nonsense that the scandal lead to. You didn't think all those "investigations" and all the attention the case got was "Free" to taxpayers did you?

As for not respecting the president...I agree with respecting the office, but respect of an individual has to be earned. However, that being said - people don't have to like him, its their choice/right...but I admit people go to far with the insults -- when you get personal on his family and all, that's uncalled for. And that's the stuff I don't think is fair.

After all , I do think -- the guy is President of the United States of America....his responsiblities are incredible, the pressures on him way more than most can imagine....and the fact to keep in mind in that position you probably have a hundred death threats any given day from around the world.

So yeah -- some of the folks who slam him so brutally...I'd love to see them try and deal with that stuff all the time.


RE: Uh... ok....so....
By mindless1 on 1/3/2007 6:24:21 AM , Rating: 2
You are sick and tired of it? Hey bubba, part of what makes this country great is freedom of speech. Part of what makes it less great is a monkey can become president.


RE: Uh... ok....so....
By dluther on 1/3/2007 7:52:35 AM , Rating: 2
One must always be respectful of the office.

However, the office holder doesn't necessarily deserve the respect.


RE: Uh... ok....so....
By ToeCutter on 1/3/2007 11:25:57 AM , Rating: 2
quote:
George W. Bush is the president of our country, and deserves to be treated in a respectful manner.


Um, dude, the guy likes to recite fart jokes in the midst of White House Staff Orientation briefings.

Kinda begs to question: How much respect does Dubya have for the office he holds?

Oh, and I know PLENTY of active Republicans/conservatives that feel he's the worst President we've ever had, so the Dem/Liberal dig is irrelevent.

How about putting all the partisan nonsense aside and judging him by his leadership of the country over the past 6 years?

I think many have forgotten: Bush is an elected official. He works for us. And considering his record? Does anyone think he'd win a general election TODAY?


RE: Uh... ok....so....
By masher2 (blog) on 1/3/2007 12:14:12 PM , Rating: 2
> "Um, dude, the guy likes to recite fart jokes in the midst of White House Staff Orientation briefings..."

Horrible...next thing you know, he'll be skipping those briefings to get a blowjob in the Oval Office.


RE: Uh... ok....so....
By rushfan2006 on 1/4/2007 11:35:08 AM , Rating: 2
quote:
Horrible...next thing you know, he'll be skipping those briefings to get a blowjob in the Oval Office.


LMAO......exactly :)


RE: Uh... ok....so....
By ahodge on 1/4/2007 2:30:55 PM , Rating: 3
Right... Because it's far better that a president ignore briefings and advice from his generals, send us to war on fabricated evidence under false pretenses, getting thousands of American kids killed as a result and sending the middle east into deep turmoil creating more terrorists at a higher rate than pre-9/11...Than get his dick sucked by a fat chick. Have you seen Hillary...I'd take a BJ from Monica if I was married to that frigid bitch myself.

Seriously, since when did getting a blowjob in the oval office and lying about it under oath (he shouldn't have had to testify about it anyway) become comparable to the act of invading a sovereign nation and causing the undue deaths of thousands brave american youths? And really Iraq is just the tip of the iceberg of all the foul shit this guy has pulled.

-Alex


No new surprises here
By SunAngel on 1/2/07, Rating: -1
"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki