Data-at-Rest Encryption Series: NSA Type 1
November 18, 2020 | BY: Paul Davis, Steven Petric
Download PDFA Type 1 encryption product is a device or system certified by the NSA for use in cryptographically securing classified United States government (USG) information, when appropriately keyed. The USG classified data may range from Confidential to Secret to Top Secret.
Why Protect Classified Data?
Since 1952, the NSA has been responsible for all USG encryption systems. Over the intervening decades, the mission of protecting USG classified data has not changed. Methods and technology have certainly changed during that time, advancing from vacuum tubes to discreet transistors to integrated circuits to microprocessors and software. In recent years, the threat landscape has been constantly evolving and becoming more sophisticated, and so the protection response must also evolve.
NSA Type 1 Encryption
The basic principle of encryption is to convert plain text data (also known as Red data) into cipher text data (also known as Black data). Plain text data can be read by ordinary means and is not protected. Red data is vulnerable to exploitation by an adversary if obtained. In a deployed system, the vehicle such as a fighter, helicopter, or tank may be lost during a mission. As described in the first white paper in this series, many deployed vehicles have been lost over the last few decades. Certainly, more will be lost due to enemy action or accidents in the future.
Threats During and After Missions
For deployed applications, data is likely to be transferred before and after missions. Prior to a mission, plans and maps (generated at a base or ground station) may be loaded from the ground station onto the vehicles. After a mission, sensor data may be off-loaded from the vehicle back to the ground station for post-mission analysis. During transport to/from the deployed vehicle, this data is vulnerable to capture and must be protected with encryption and other means.
Data at the ground station is subject to attack by hackers, either nation-states or individuals. Networks and the data on them are being attacked continually from a variety of advanced persistent threats (APT). Internal bad actors are also a threat. These people have their own agenda and are often team members that no one suspects. Adversaries are simply any individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. This threat landscape can be dissected into smaller elements, but suffice it to say that the threats are increasing in number and sophistication.
Read the full white paper to learn more about:
- Why classified DAR should be encrypted
- What constitutes a Type 1 device
- Type 1 DAR product vendors
- Considerations for Type 1
- DAR applications
- Type 1 certification process
This white paper is the third in the series of four related white papers discussing data-at-rest (DAR). The first paper in the series, Data Threats and Protection explores the reasons to protect DAR, encryption basics, and possible encryptor options. The second paper in this series, Commercial Solutions for Classified, focuses on Commercial Solutions for Classified (CSfC), an option offered by the National Security Agency (NSA) that uses two layers of commercial off-the-shelf (COTS) encryption to protect classified data. This third paper discusses the NSA program known as Type 1 encryption, which is a government off-the-shelf (GOTS) option.