Classified data-at-rest (DAR) faces both internal and external threats that can subject sensitive data to exploitation. DAR is particularly at risk during missions if the deployed vehicle is lost but is also at risk during transport to and from the vehicle. Nation-states and hackers also put networked DAR at risk, while internal threats such as bad actors with their agendas also threaten sensitive DAR. For these reasons and more, DAR must be protected, but how?
This white paper is the first in a four-part series to provide engineers, system architects, and program managers with background information, technical details, and a methodology for selecting a DAR security approach. The series is meant for professionals developing deployed systems that host classified data.
This paper explores the two types of deployed DAR encryption - NSA Type 1 and CSfC. The second paper focuses on Commercial Solutions for Classified (CSfC) options and details, the third on Type 1 encryption, and the fourth and last paper summarizes the information and provides guidelines for DAR encryption approach selection.
Threats to deployed vehicles
There are many threats to deployed military vehicles and the critical DAR they contain. Several vehicles have been lost in recent years, as noted in the whitepaper ‘Choosing the Best Location for Your Data-At-Rest Encryption Technology.’ several vehicles have been lost in recent years. In this paper, the generic term vehicles include unmanned types (underwater, aerial, ground), fixed-wing aircraft (fighter, ISR), and rotary wing (manned and unmanned helicopters).
A few recent examples of vehicle losses are listed below. In addition to actual losses, it has been reported that since 2016 up to 50 close military encounters have occurred with Iranian forces, 18 with China, and one with Russia. Therefore, the chances of such losses are increasing with tensions in the Middle East and Asia.