Pulse


Pulse

By GCN Staff


Data destruction tools debut to toughen enterprise defense

When it comes to sensitive information, destroying data and computers is almost as important as keeping the information on them safe. And the need for reliable data destruction services is growing steadily with the rise of interest in information security and environmentally friendly recycling. 

Code42, recently announced new secure delete capabilities for its CrashPlan enterprise endpoint backup. The software now features triple-pass data sanitization and secure delete capabilities while complying with federal standards, including Department of Defense 5220.22M data sanitization provisions, the company said. This process makes it impossible for deleted archives to be recovered through forensics or file system utilities — and eliminates the need for a separate, third-party application for that purpose, according to a company statement.

Some federal agencies, such as the Air Force and the National Security Agency use the WipeDrive program from WhiteCanyon to do the job. That technology uses DOD-approved wipe patterns to overwrite data multiple times and make it impossible to recover.

Otherwise, there are a variety of methods and tools available for data destruction. The memory on a hard drive can be erased using a high-powered magnetic process called degaussing. Drives can be overwritten or wiped, and computer components can be crushed into recyclable glass without a trace of data left behind.

And then there’s always brute force: Editors at the British newspaper The Guardian are seen in newly released video footage destroying the hard drives used to store the top-secret NSA documents leaked by Edward Snowden. They demolished the computers using angle-grinders and drills to destroy the internal components, as the British intelligence agency GCHQ closely watched. 

Most physical destruction of hard disks is performed by companies with specialized shredding equipment.

Posted on Feb 04, 2014 at 11:44 AM2 comments


Report: Government website satisfaction drops

Americans’ satisfaction with federal government services dropped 3.4 percent in 2013, according to this year’s American Consumer Satisfaction Index. Citizens gave the government a score of 66.1 on a 100-point scale, reversing two consecutive years of gains.

The decline is thought to be largely due to frustration caused by navigating government websites such as Healthcare.gov. The negative impact of the site’s launch has reverberated at the department level, according to ACSI< as Health and Human Services overall dropped 4 percent to 66. But government website satisfaction overall dropped from 74 to 72 in 2013 indicating that users have found websites more difficult to navigate and less reliable across the board.

The results point to government’s challenge in delivering satisfactory service while keeping up with consumers’ overall online demands. Websites have become citizens’  most popular method of interaction with government, with 35 percent of all users of federal services accessing information via the Internet. This percentage makes up more than telephone and agency visits combined.

The report found a few bright spots for online government, though, including high satisfaction with electronic tax filing with the IRS.  Electronic filing scored 75 in 2013, compared to paper filing at 55. The gap of 20 or more points has remained in place for over a decade.

The report was  based on a broad survey of 70,000 people designed to benchmark satisfaction with companies and services and websites.

Through interviews conducted via email and telephone, 1,448 random users were asked to evaluate their recent experiences with federal government services.

Posted on Feb 03, 2014 at 10:08 AM0 comments


NIST draft standard details approximate matching

The National Institute of Standards and Technology’s draft publication SP 800-168, Approximate Matching: Definition and Terminology, provides a description of approximate matching and includes requirements and considerations for testing. 

Approximate matching is a technique designed to identify similarities between two digital artifacts or arbitrary byte sequences such as a file.

A similarity between two artifacts is determined by a particular approximate matching algorithm. One process the technology uses to find these similarities is resemblance. In this method, two similarly sized objects are compared and searched for common traits. For example, successive versions of a piece of code are likely to share many similarities.

A second way approximate matching measures similarities is containment. This method examines two different sized objects and determines whether the smaller one is inside the larger one, such as a file and a whole-disk image.

This technology is very useful for security monitoring and forensic analysis by filtering data.  It provides a result from a range of outcomes [0, 1], which are interpreted as a level of similarity. The reliability of a result is assessed by the robustness of the algorithm, its precision, and whether the algorithm includes security properties designed to prevent attacks, as the manipulation of the matching technique.

A public comment period on Special Publication 800-168 begins on Jan. 27, 2014, and runs through March 21, 2014.  Comments can be sent to match@nist.gov with “Comments on SP 800-168” on the subject line.

Posted on Jan 31, 2014 at 7:38 AM1 comments


'Innovation lab' puts Air Force brain power on DOD-wide issues

This post was corrected April 21, 2014.

As difficult fiscal times have senior Defense Department officials struggling with balancing budget cuts, sequestration, furloughs and force-shaping initiatives, the Air Force Technical Applications Center is offering some creative solutions of its own. AFTAC commander Col. Chris Worley assembled a team of technicians and scientists in an innovation lab that spends 10 percent of its time finding creative solutions for Air Force problems.

One of the lab’s achievements involves experimentation with 3-D printers, which can help equip the center’s overseas detachments when machine parts break and require maintenance. The printers can help get repairs made faster and cheaper by reducing the supply chain. "By using the 3-D printer concept, we can drastically reduce the logistics chain and get the part installed in half the time and at less cost,” Worley said.

In a second success story, AFTAC's machine shop personnel teamed with fellow seismologists and computer technicians to systemize requirements for short-period seismometers. The project will allow the center to limit its dependence on outside vendors by modernizing the equipment in its own shop. 

The innovation lab has enjoyed a cost avoidance price tag in the vicinity of $1 million simply from innovating from within. Worley said he wants AFTAC link up with the Air Force Research Lab in the future to help advance mission capabilities.  

Posted on Jan 30, 2014 at 1:07 PM0 comments


PwC OK'd as certified third-party assessment organization for FedRAMP

PwC US has been accredited under the terms of the Federal Risk and Authorization Management Program to act as a Third Party Assessment Organization (3PAO) for cloud providers offering secure services to federal agencies.

FedRAMP is the governmentwide program that offers a standard approach for conducting security assessments of cloud service providers who want to provide services to federal agencies.

Receiving 3PAO accreditation permits PwC to assess the security features of cloud service providers who plan to work with the federal government. Cloud service providers in turn are required to a use a FedRAMP-approved 3PAO to assess they meet the program’s requirements.

FedRAMP helps accelerate the adoption of secure cloud services and the consistent uses of secure practices, which in turn might reduce the time it takes for agencies to adopt cloud services, according to the firm.

Posted on Jan 24, 2014 at 8:13 AM0 comments