Airplane Developer Looks to Protect ISR Data with Encryption

Wp-11-Airplane-Developer-Protect-ISR-Data-Encryption.png
Wp-11-Airplane-Developer-Protect-ISR-Data-Encryption.png
Case studies
February 25, 2021

Airplane Developer Looks to Protect ISR Data with Encryption

While developing a new intelligence, surveillance, and reconnaissance (ISR) system, a large aerospace developer approached Curtiss-Wright for commercial off-the-shelf (COTS) equipment that had to fit into a space-constrained, propeller-driven aircraft. For all the ISR equipment to communicate seamlessly, the new system required an Ethernet-based solution. The mission computer, sensors, and data concentrator would communicate via Gigabit Ethernet (GbE) with a switch in the middle. The plan was to share the data between network clients using network-attached storage (NAS) device.

Since maps and mission plans would be transferred from a ground planning station to the new aircraft, the NAS had to include removable storage with multiple terabytes of capacity. With sensitive data being transported, the data had to be protected with powerful encryption.

Data collected during the mission from sensors and other devices would also be transported back to the ground station for post-mission analysis. And, since propeller-driven aircraft have high shock and vibration levels, the NAS device had to be rugged.

Airplane Developer Looks to Protect ISR Data with Encryption

The integrator also needed a ground station device that the removable memory could be connected to, decrypted, and downloaded on a computer via USB.

After considering the program requirements, the system integrator selected the Curtiss-Wright DTS3 for their data storage solution. The DTS3 is equipped with four GbE data ports and supports industry-standard protocols, including Network File System (NFS), Common Internet File System (CIFS), file transfer protocol (FTP), iSCSI, and HTTP.

The DTS3 also supports PXE boot, a form of netbooting that enables network clients to boot directly from the DTS3 instead of requiring local storage in each individual network client. Using PXE boot, the customer can centrally manage and update multiple network clients from a single location. To meet the program’s encryption requirements, the DTS3 protects data with a FIPS-certified, AES256-bit encryptor.

The DTS3 houses three removable memory cartridges (RMC) with storage from 256 GB to 2 TB for each RMC. The customer chose to use three 2 TB RMCs. The RMC has also been designed to reliably support programs for many years with a 100,000-insertion cycle connector that hosts a SATA interface. When the RMC is unplugged and unpowered during transport between the aircraft and the ground station, the RMC and the encrypted (Black) data on it are considered unclassified.

The RMC download station was selected to offload post-mission data from the RMC and allow the mission planning computer to access the data. This small device decrypts the Black data and converts SATA from the RMC to USB for the ground station computer. The USB port can be virtually connected to any computer to off-load data from the RMC.

Download the case study to learn more.

Choosing the Best Location for Your Data-At-Rest Encryption Technology

The choice of encryption location can determine how difficult it is for adversaries to decrypt sensitive data and use it to their advantage. Learn about data-at-rest encryption, DAR vulnerabilities, GOTS vs COTS encryption, NSA CSfC, and NSA Type 1.

Commercial Solutions for Classified (CSfC) Data-at-Rest Encryption

This white paper explores the Commercial Solutions for Classified (CSfC) program and data at rest encryption. Learn about the capability package, protection profiles, components and layers, and solutions and end user devices.