Data security at the tactical edge: Rightsizing solutions

As data center functionality moves to the field, data security must move with it.

Command posts, mobile command centers and mobile platforms -- including vehicles, ships and planes -- have become “micro data centers.” The same security principles applied to data centers at the core must also be used in the field. That means securing and managing both data and cryptographic keys as well as controlling access and distribution in tactical environments.

This transition has been complicated because of environmental and technical challenges in the field. Harsh environments, bandwidth-limited and disconnected networks, hostile situations and limitations of size, weight and power (SWaP) make it hard to balance security with the quick response that tactical situations demand. Right-sizing security solutions is the only way to have security in the field comparable to what's in an agency's primary data centers.

The four elements of tactical cyber security

Four categories of technology are important for integrating data security into tactical or field settings:

1. Data encryption. A fundamental element for any data protection solution, encryption should be applied to data both when it is at rest and in transit. Encryption makes the data useless even if an adversary breaches perimeter cyber defenses.

2. Cryptographic key management. More tactical systems and equipment are being equipped with their own network infrastructures that employ cryptographic protection. That means agencies need secure key management to protect data encryption keys throughout their lifecycle. Cryptographic keys are best protected, secured and managed in a hardware device.

3. Authentication. Single-authentication devices are the best choice to simplify access to sensitive networks and workstations. The threat of widespread data breaches and insider tampering means agencies must have strong authentication solutions for secure network access and user ID protection.

4. Assured information sharing. The field presents challenges with securely sharing data within dynamic communities of interest. Comprehensive but simple-to-use cross-domain solutions will ensure that information can be used safely by multiple organizations and authorized users.

Adapting to challenges at the tactical edge

As data center functionality moves to the field, core data protection capabilities need to adapt to address challenges posed by field deployments. IT professionals must be able to deploy this new generation of rightsized data protection offerings to provide traditional enterprise-level security solutions at the tactical edge.

Figure 1 below shows how core data protection solutions can be adapted to address the unique challenges encountered in the field.

Both core and tactical data centers use encryption to secure data in a number of locations: storage arrays, file systems, application servers, databases and so on. A unique security challenge facing tactical data systems is ensuring that data remains secure even if the equipment falls into the wrong hands, either inadvertently or as a result of a hostile overrun scenario. By encrypting data at rest with robust key management, data storage media can quickly be erased simply by “zero-izing” the encryption keys. This approved data media sanitization technique, called cryptographic erase, is a fundamental feature needed in tactical systems deployed in potentially hostile environments. This process can avoid time-consuming media sanitization processes that overwrite drives multiple times or the costly approach of actually physically destroying the drive.

Information sharing at the edge adds another dimension to the core function of separating data classification levels. Having to deal with multinational groups and dynamic communities of interest requires a tactical information sharing solution that is flexible and easy to use while still ensuring that data doesn’t fall into the wrong hands.

When deploying a solution to the tactical edge, the physical environment is a huge factor. SWaP limitations necessitate that data centers be lightweight, small form-factor packages that can withstand the dust, heat, shock and vibration than can wreak havoc on most data center class equipment. Selecting products designed for use in industrial systems, or the more stringent Military Standard 810G, addresses these concerns.

The complex data protection systems deployed in the data center are backed by well trained and experienced cybersecurity engineers. Contrast this to tactical edge, where the personnel responsible for operating the mobile data centers typically have minimal training on the equipment and are tasked with additional responsibilities that are critical to mission success. So tactical products must be simple to use and configure, including support for secure, default configurations that are easy to deploy and need little ongoing management.

A tactical solution must also be designed to tolerate limited bandwidth availability and the likelihood that data transport will periodically fail. This includes all aspects of operating a data protection system: configuration, policy definition, protection enforcement, auditing and logging.

Finally, there’s the matter of acquisition. Protecting against the risk of counterfeit equipment,  strong U.S.-based supply chains guarantee the highest levels of security. In fact, most defense organizations are prohibited from buying security products from non-U.S. companies.

That’s the key to getting the same level of data security to mission personnel in the field as they get at headquarters.