Page 1

Special Report

Military Data Storage Solutions

Data Security Trends in Solid-State Storage Devices Dealing with the Deluge of Data: Storage System Developments Military Data Storage Systems in Action The Many Facets of the Military Data Storage Market Future Data Storage Options and Dealing with Cyber Warfare

Sponsored by

Published by Global Business Media


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

SPECIAL REPORT

Military Data Storage Solutions

Contents Foreword

2

Mary Dub, Editor Data Security Trends in Solid-State Storage Devices

Data Security Trends in Solid-State Storage Devices 3

Dealing with the Deluge of Data: Storage System Developments

SMART Storage Systems

Military Data Storage Systems in Action

Introduction Standards for Data Sanitization The Role of Encryption Advanced Encryption Standard (AES) AES Encryption SSD Access Protection Data Elimination Data Elimination Procedures Sanitization Summary

The Many Facets of the Military Data Storage Market Future Data Storage Options and Dealing with Cyber Warfare

Sponsored by

Published by Global Business Media

Published by Global Business Media Global Business Media Limited 62 The Street Ashtead Surrey KT21 1AT United Kingdom Switchboard: +44 (0)1737 850 939 Fax: +44 (0)1737 851 952 Email: info@globalbusinessmedia.org Website: www.globalbusinessmedia.org

Dealing with the Deluge of Data: Storage System Developments

Publisher Kevin Bell

The Dramatic Growth in Department of Defense Internet Use How is the Power use Explained? The Arguments for Solid State Disk Drives (SSDs) Power Consumption Arguments for SSD Drives The Importance of the NAND Controller

Business Development Director Marie-Anne Brooks Editor Mary Dub Senior Project Manager Steve Banks Advertising Executives Michael McCarthy Abigail Coombes Production Manager Paul Davies For further information visit: www.globalbusinessmedia.org The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the Publishers or the Editor. While every care has been taken in the preparation of this publication, neither the Publishers nor the Editor are responsible for such opinions and views or for any inaccuracies in the articles.

© 2012. The entire contents of this publication are protected by copyright. Full details are available from the Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner.

8

Mary Dub, Editor, Defence Industry Reports

Military Data Storage Systems in Action

10

Don McBarnet, Staff Writer

Doing Business with the US Army and Legacy IT Acquisitions The British Ministry of Defence Legacy Data Storage a Limiting Issue The Need for Better Education of Troops on the Ground on the Importance of Good Data Storage Practices Military Data Storage in an Age of Austerity

The Many Facets of the Military Data Storage Market 12 Meredith Llewellyn, Lead Contributor

Access Denied: the Ever-Present Security and Encryption Issue Many Layered Process of Encryption Removable Drives for Added Security SSD Have Powerful Advantages for Aircraft and Helicopters The Imagery Revolution and its Impact on Data Storage

Future Data Storage Options and Dealing with Cyber Warfare

14

Mary Dub, Editor, Defence Industry Reports

Clandestine Options that Affect Data Storage Using the Cloud: Private or Public? Building a “Mini Defense Cloud” DARPA’s Mission Oriented Resilient Clouds (MRC) DARPA Takes Using Encryption Into the Future

References 16 www.defenceindustryreports.com | 1


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Foreword T

his edition of Defence Special Reports

accumulation of long-outdated British Army software

deals with the fast innovating world of flash

systems, the nature of the legacy of data for storage

technology solid-state disks for the military market.

makes daunting reading. This is the confused and

The revolutionary solid-state technology they

confusing backlog behind many military computer

offer presents many new options to military and

storage issues.

civilian managers of today’s demanding military

The central piece in this report focuses on the key

user. The defence market for data storage is highly

factors that military buyers consider when looking

specialised and many faceted, and the new SSDs

for new military storage solutions. The armed

have many benefits to offer in many different

forces are not only dealing with new image data

operational scenarios.

from UAVs in action in Afghanistan, but disaster

The Report opens with an article that looks at trends

recovery assistance requests for image data on

in data sanitization and data elimination, and sets

new developments. All these data requests mean

out the requirements for data sanitization, specific

that data storage needs to be held safely beyond

to defence and military organisations. It goes on to

natural disaster zones and be speedily accessible

describe the role of encryption in its various forms

through potentially low bandwidth.

and gives examples of different applications in which

Previewing the future is always a high-risk

encryption algorithms are used. No less important

occupation. However, the rising role of cyber warfare

than data encryption is data elimination. The article

and the resultant need for increased security and

discusses this topic and identifies a number of data

encryption make the demand for high speed access

elimination procedures.

to data much more complex. DARPA (Defense

The second article looks at the nature of the deluge

Advanced Research Projects Agency) as ever has

of data that the armed forces need storing and

ways of thinking about the future to deliver solutions

assesses the way that SSDs and NAND technology

to do things ever faster and more easily. Predicting

may offer a diverse range of options to military

developments in computer technology is always

commanders in charge of managing the problem.

uncertain, but what is certain is that being at the

A glimpse of gritty reality in the US and Europe is

forefront of new technologies is an exacting task.

the theme of Don McBarnet’s piece. Whether it is coping with the US Army’s erratic acquisition bureaucracy when buying SSDs, or the historic

Mary Dub Editor

Mary Dub is the editor of this Special Report. She has covered the defence field in the United States and the UK as a television broadcaster, journalist and conference manager.

2 | www.defenceindustryreports.com


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Data Security Trends in Solid-State Storage Devices SMART Storage Systems

Introduction Support for Data protection and sanitization are important features for devices used in the computer storage market segment. These capabilities are especially critical for storage devices used in Defense applications because the loss of sensitive data can literally have life or death consequences. This article discusses emerging trends in modern data security techniques and how SMART Storage Systems makes data sanitization and data elimination top priorities in its XceedSecure and Xcel-200 solid state storage products.

Standards for Data Sanitization Standards for storage device data sanitization have historically been driven by military or governmental related organizations and until the recent availability of affordable SSD technology, they have largely focused on the characteristics of spinning media storage devices. The general approach for data elimination in spinning media storage devices has been either to crush the storage device into oblivion or repeatedly write arbitrary or random patterns to the storage media. An example of support for the pattern writing approach is SMART Storage Systems’ XceedSecure SSD product family. This product family supports eight different standards for data sanitization and an additional customer defined procedure. The supported

standards are well defined and widely accepted approaches to data sanitization and are mostly requirements specific to Defense and Military organizations. Table 1 below lists the standards based data elimination procedures supported by XceedSecure products. SMART Storage Systems’ EraSureŽ data security technology implemented in the XceedSecure products provide multiple levels of data sanitization to meet the distinctive requirements of defense and security applications. Erasure Clear, for example, performs a single erase of the data in the SSD. Erasure Sanitize uses one of the preprogrammed procedures in Table 1 or a customer defined procedure to erase the flash memory in a drive. This involves multiple erasures and overwrites of each flash array. The unique customer-defined sanitization procedure allows customers to develop their own erase procedure when needed. All EraSure procedures result in full media declassification and are executed at unparalleled speed. IRIG 106 is of special interest, because support for this procedure extends the secure erase operations to enable a full review of the erase results to verify elimination of all classified data. XceedSecure drives are battle proven and verified through extensive environmental testing to meet demanding shock, vibration, and temperature metrics as specified by MIL-STD-810 standards. Designed for mission-

Table 1: XceedSecure Supported Military Data Sanitization Standards

www.defenceindustryreports.com | 3


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

The availability of SSDs with powerful self-encrypting data capability has fueled growing awareness and curiosity from designers of data storage systems intended for Defense

critical applications such as data recording, rugged tablets, and surveillance drones, XceedSecure SSDs are available in SATA, PATA and SCSI interfaces with capacities ranging from 32GB to 256GB. These 2.5” and 3.5” flash-based SSDs easily replace standard hard disk drives (HDDs), providing full HDD functionality. It should be noted at this point in the article that the XeedSecure products do not have data encryption capability and do no use it as an element in the strategy for data security and sanitization. The availability of SSDs with powerful selfencrypting data capability has fueled growing awareness and curiosity from designers of data storage systems intended for Defense and Military applications. The remainder of this article will chiefly concentrate on the use of encryption in SSD products as an adjunct or eventual alternative basis for data security and elimination of sensitive data.

The Role of Encryption

and Military applications.

The role of encryption is to protect data from unauthorized access, use, disclosure or alteration. Encryption algorithms transform original data (referred to as plaintext) to an unreadable form (called cyphertext) that can only be read by someone who possesses a special device, usually called a key. Careful key management ensures that only those authorized to access and use the encrypted data can do so. The process of converting cyphertext back into its original state is called decryption. Encryption/decryption algorithms are in use all around us. Some examples include: •A  lgorithms used for real-time applications, such as the encryption/decryption of voice calls, must be highly efficient and not impose undue delay during conversations

Figure 1: AES Data Encryption Flow (logical view)

4 | www.defenceindustryreports.com

•P  ublic algorithms such as TLS (Transport Layer Security) facilitate secure transactions over the Internet •C  lassified algorithms are used for extremely sensitive military data

Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) is a publicly available encryption methodology that is based on the Rijndael algorithm, developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. It is widely used in hardware and software systems due to its low system resource requirements, high performance capabilities versus other methods, and ease of implementation. AES was developed by the National Institute of Standards and Technology (NIST), and became a standard in the United States in 2002. Upon its inception in 1952, the National Security Agency (NSA) assumed responsibility for all encryption systems used by the U.S. Government. Little is known about most of these systems because they protect national secrets. In 2003 NSA approved AES for use in its systems. Figure 1 below presents a logical view of the AES data encryption flow used in SMART Storage Systems SSDs. The NSA has certified AES-128 as being appropriate for protecting SECRET data and AES-192 or AES-256 as being appropriate for protecting TOP SECRET data. There is no known method of breaking the AES algorithm. Brute force methods that attempt to cycle through all possible key combinations are considered impractical due to the very large number of possible combinations and the amount of processing time it would take to break the cipher. One of the criteria used in selecting AES was that it be immune to being broken by


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Figure 2: Use of Keys During SSD Boot

brute force for 20 to 30 years. The actual time required to crack an AES 128-bit key using the brute force method with today’s supercomputers is in the billions of years.

AES Encryption SMART Storage System SSDs with encryption capabilities use AES 128-bit and in the future, AES 256-bit encryption to protect user data from unauthorized access and misuse. AES uses a symmetrical key block cipher, which means that it uses the same key to encrypt and decrypt data. It operates on a fixed 128-bit block using one of 3 different key lengths: 128 bits, 192 bits, or 256 bits. Each 128-bit block is a 4×4 array of bytes. SMART Storage System SSDs include a set of two standard internal keys that are used to protect the product from malicious tampering: •B  oot ROM Access Key – Used to protect boot ROM code and allow boot ROM code execution during power-on. •F  irmware Download Key – SMART firmware releases for its SSD products are distributed in encrypted form. This internal key is used to decrypt all incoming firmware downloads and prevents the introduction of malicious code into the SSD. During the firmware download process, two random drive-unique keys are generated by the SSD controller to protect the firmware code and the user data: •F  lashware Key: This drive-unique key protects the Flashware code that resides in flash memory and prevents unauthorized access to the firmware code. The randomly generated Flashware Key is encrypted by and protected with the internal Boot ROM Access Key. •U  ser Data Key: This drive-unique key protects and prevents access to all user data and meta-data on the drive. The key is stored in flash and all data is encrypted when written. Each time user data or meta-data is retrieved from flash memory it is decrypted using this key. The randomly generated User Data Key is encrypted by and protected with the Flashware Key. After a hardware reset, and once the SSD boot process has completed, the drive enters its

normal operating mode and only the Flashware and User Data keys are active. Both user data and meta-data are encrypted using the User Data Key before it is recorded on the flash memory. All user data read from the flash is processed through the encryption engine (decryption) that renders it back to its original form. Since the encryption functionality is entirely contained within the SSD and is always active, there is no dependence upon the host system to activate it, nor can it be intentionally or inadvertently disabled.

SSD Access Protection A drive password can be used as an additional means of access protection between the host system and the SMART SSDs. • If a user password has not been established, all host read accesses result in user data being decrypted and delivered to the host system in its original form. • If a user password has been established by the ATA SET SECURITY PASSWORD command (F1h), it is stored on the drive and is protected by the User Data Key. Subsequent read/write operations result in one of the three alternatives listed below: o If the correct password is delivered to the SSD by the ATA SECURITY UNLOCK command (F2h), at drive discovery time, read/write access to the flash is granted to the host application o If an incorrect password is delivered to the SSD by the ATA SECURITY UNLOCK command at drive discovery time, the drive responds to the SECURITY UNLOCK command with a “command aborted” status. The drive remains security-locked and read/write access is denied to the host application o If no password is delivered to the SSD at drive discovery time, the drive remains security-locked and read/write access is denied to the host application

Data Elimination Data security extends beyond protecting storage devices during normal usage in their target applications. Storage devices frequently need to be re-tasked or, in the case of defense applications, transported from one security zone www.defenceindustryreports.com | 5


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

A large percentage of HDD users resort to completely destroying drives using expensive shredding devices to prevent the data on them from falling into the wrong hands. Data Elimination in Hard Disk Drives

to another between or during missions. Data security also needs to be considered when a storage device is de-commissioned or returned for service. The process used to secure information on storage devices found in applications that involve national security is typically described by one of several published standards discussed previously. The process used in commercial applications is normally less formal. The end goal in both cases is generally the same however, either elimination of the data or removal of access to the data using a destructive process. Although methods have been developed to secure data on hard disk drives (HDDs), there are still standards and procedures in place that are extremely time consuming or require procedures such as degaussing which render the product unusable. As a result, a large percentage of HDD users resort to completely destroying drives using expensive shredding devices to prevent the data on them from falling into the wrong hands. Fortunately, securing data on flash-based SSDs is fundamentally easier, less time consuming and non-destructive. The primary methods of removing data from flash based SSDs is, by performing erasing and sanitizing procedures which completely eliminates the data and leaves the drive in a usable state.

Data Elimination Procedures SMART Storage System Xcel-200 executes two separate data elimination procedures; Crypto 6 | www.defenceindustryreports.com

Erase and Flash Erase. An ATA-8 Security Erase command is used to initiate the erase procedures. The crypto Erase function renders information stored on the SSD useless and unavailable as quickly as possible. When the Crypto Erase procedure is activated, the existing User Data Key is eliminated. This process is executed in a few hundred milliseconds and renders the data encrypted with the former encryption key unintelligible. A new User Data Key is automatically generated after the erase process has completed. All information written to or read from the SSD after the Crypto Erase procedure is processed through the encryption engine using this new key. Data written to the drive using the previous key is unintelligible, as decrypting it with the new key cannot result in reading the original data written to the SSD. The Flash Erase procedure goes one step further and erases all flash cells containing user data on the SSD. This is a physical flash operation that sets all flash bits containing user data to their erased state. All flash pages used for over provisioning, wear leveling, and bad block management are also erased.

Sanitization U.S. government sanitization procedures, such as DoD NISPOM 5220-22-M, DoD NISPOM 5220-22-M Sup 1, Army 380-19, and IRIG 1062007, chapter 10.8 call for a specific pattern to be written to the flash. Since the encryption process


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Contacts SMART Storage Systems Customer Service: Tel: (+1) 978-303-8500 Fax: (+1) 978-303-8757 info@smartstoragesys.com

Data Elimination

built into encrypting drives encrypts all user data written to the flash it is impossible for a specific pattern to be written to the flash. It remains to be seen whether these procedures will be deemed acceptable when used with encryption or whether new procedures will be certified to take advantage of the powerful and flexible characteristics of encryption.

Summary As the amount of sensitive data we store continues to proliferate, the need to develop creative ways to protect that data from unauthorized use becomes more important. The fact that SSDs are primarily used for mission and business-critical applications means that they are likely to contain sensitive data that needs to be protected. SMART’s SSDs are designed with redundant methods of data protection to give its customers peace of mind that their data is always secure, through the use of encryption, and can be totally eliminated at any time, through the use of the erase procedure. Securing user data from unauthorized use has been a hallmark of SMART SSD products for more than a decade. The addition of AES encryption to our products is the next step in providing customers the very best in storage data security.

References 1. A  bout AES – Advanced Encryption Standard, A short introduction, Svante Seleborg, Axantum Software AB, August 2007 2. F  IPS 140-2 Security Requirements for Cryptographic Modules, NIST Information Technology Laboratory, May 25, 2001 3. N  SA/CSS Manual 9-12 NSA/CSS Storage Device Declassification Manual, NSA Media Technology Center, 2000 4. NIST  800-88 Guidelines for Media Sanitization, NIST Information Technology Laboratory, Sep 2006 5. N  AVSO P-5239-26, Remanence Security Guidebook, Information Systems Security (INFOSEC) Program Guidelines, Sep. 1993 6. A  ir Force AFSSI 5020 Remanence Security, Air Force Command, Control, Communications and Computer Agency, Information Protection Division, Aug. 1996 7. D  oD NISPOM 5220-22-M National Industrial Security Program Operating Manual, U.S. Government Printing Office, Feb. 2006 8. D  oD NISPOM 5220-22-M Sup 1 National Industrial Security Program Operating Manual (Revised), U.S. Government Printing Office, Jan. 1995 9. A  rmy 380-19 Information Systems Security, Department of the Army, Feb. 1998 10. IRIG 106-2007, chapter 10.8 RCC Document 106-07, Telemetry Standard, Chapter 10.8 Digital Recording Standard – Declassification, Sep. 2007 11. E  E Times article on Brute Force Attacks, see: http://www.eetimes.com/design/ embedded-internet-design/4372428/Howsecure-is-AES-against-brute-force-attacks12. Information on the AES standard, see: csrc. nist.gov/publications/fips/fips197/fips197.pdf

www.defenceindustryreports.com | 7


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Dealing with the Deluge of Data: Storage System Developments Mary Dub, Editor, Defence Industry Reports

A potential future reduction in power used would result in less heat generated and lower cooling requirements, thus establishing a virtuous circle and lower energy costs.

M

ilitary Data Storage systems share three key features in common with the civilian market: an explosion of data, inflexible infrastructures and escalating complexity1. This takes place in an environment of surging demand for increased data velocity and veracity. Meanwhile, budgets for managing infrastructure are flat. Military IT commanders are working to manage this, but according to IBM, 23% of IT projects are over budget and behind schedule, a challenging scenario. And the scale of the issue in the Department of Defense is vast. A report in July 2012 for the Congressional Research Service on Federal Information Technology Reform Management draws a picture of the scale of the issue. The level of power consumption by data centers alone is indicative: “The Department of Defense (DOD) is the single largest energy consumer in the nation. As the largest owner of federal data centers, with 772, the DOD has more than twice as many centers as any other agency.” Yet the scale of this consumption of energy represents an opportunity to the industry as the pressure for consolidation and reduction in power consumption ramps up. By consolidating some of its data centers, DOD could have a significant positive impact on energy savings for the federal government.2 Where does the energy go?

The Dramatic Growth in Department of Defense Internet Use The Congressional Research Service identifies the growth of demand for power for internet use by the Department of Defense: “Worldwide energy use by data centers doubled from 2000 to 2006 and a number of factors continue to drive such growth. Among them are electronic financial transactions such as online banking and electronic trading, Internet communication and entertainment, electronic medical records for healthcare, global commerce and services, satellite navigation, and electronic shipment tracking in transportation. Voice-over-Internet 8 | www.defenceindustryreports.com

protocol communication has also been growing. Increased Internet use is a major factor in the growth in data processing and storage and requires that business and government enterprises host electronic applications in highly reliable data centers with sufficient server capacity to meet peak and growing loads”. But industry is driving innovation in this area and the technological developments of Solid State Disk drives using flash and NAND technology have resulted in new options for data storage managers in the military and civilian fields.

How is the Power use Explained? Virtually all of the power consumed by a data center results in thermal emissions: ultimately, a watt of electric power consumed is a watt of heat generated. Data centers use energy to supply three key components: IT equipment, cooling, and power delivery. A significant amount of energy is required just to remove heat. A breakdown of a data center’s energy use demonstrates that cooling alone may make up half of its electrical demand, while operating the servers and data storage devices (critical loads) may take up a third or more. So a potential future reduction in power used would result in less heat generated and lower cooling requirements, thus establishing a virtuous circle and lower energy costs.

The Arguments for Solid State Disk Drives (SSDs) Some industry consultants argue that one of the most powerful arguments for SSDs is reduction in price combined with increased number of random speed-reads. In the past, applications that read data randomly often resorted to drive short stroking to gain significant performance advantages. In fact, with striping and short stroking of 10 high-end 15,000rpm hard disk drives, performance gains of more than 16× are attainable, resulting in more than 3,000 random reads per second. SSD flash drives can improve random read performance even more significantly. For example, some argue that one SSD drive can attain anywhere from 5,000


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

UAV guidance system enhanced by fast SSD storage from SMART Storage Systems

to 20,000 random reads per second; 10 SSD devices could easily handle 50,000 to 200,000 random reads per second. SSD drives are able to achieve their superior random read performance because they have almost no seek time and absolutely no rotational time reading NAND data.3

Power Consumption Arguments for SSD Drives In a comparison of an active enterprise-class hard disk to an active SSD drive, the SSD drive uses only one-half to one-third the power needed by a typical 15,000rpm disk drive. Thus, replacing 10 hard drives with one SSD drive could result in considerable power, cooling, and space savings. The advantages of flash drives are boosted by the features of multi-layer cell (MLC) media over single-layer cell (SLC) media. MLC media signals a tremendous improvement in capacity for flash and SSD devices. This technology also gives a cost advantage in delivering twice the capacity for the same price of the chip.

The Importance of the NAND Controller

controller also impacts on write amplification which can be a critical factor limiting the random write performance and write endurance in storage devices based on NAND-flash memories. The impact of garbage collection on write amplification is influenced by the level of over-provisioning and the choice of reclaiming policy.5 But the role of metrics and the NAND controller are not the only important features of a decision to use SSDs. As an industry leader driving innovation puts it, servers need to access data faster in near real-time. And while hard drives have become a bottleneck in making this possible, flash based SSDs, a whole new class of storage, has emerged as the solution. For allflash architectures to work, SSDs must deliver the performance, endurance, and reliability that enterprises demand at the lowest possible cost. While MLC nodes help, NAND management at the system level rather the device level is required. Storage architectures are changing quickly, and NAND management must change to help them fulfil enterprise needs.6

The qualities of the NAND controller in SSDs can be decisive. The NAND controller drives reliability, performance, endurance, capability or security. The controller communicates with the host computer, moves data into and out of the flash, and handles all the flash management tasks such as wear leveling, error correction, and data reliability activities and can extend the endurance of the MLC media4. The NAND www.defenceindustryreports.com | 9


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Military Data Storage Systems in Action Don McBarnet, Staff Writer

The commander’s drive to use the latest technology innovations to deliver information superiority in the field of operations is shared by the soldier’s delight at new kit that has the potential to deliver.

I

nformation overload is deadly, yet well managed data is among the most potent weapons of the 21st century and a critical part of the integration of Network Centric Warfare. Across the military, data flow has surged; since the attacks of 9/11, the amount of intelligence gathered by remotely piloted drones and other surveillance technologies has risen 1,600 per cent. On the ground in Afghanistan, troops increasingly use hand-held devices to communicate, get directions and set bombing coordinates.7 The access to and management of intelligence data has become critical to effective war fighting. Unprecedented amounts of raw intelligence information help the military determine what targets to hit and what to avoid. And drone-based sensors have given rise to a new type of analyst who must assess this flow of image-based information. An example of this is the making of decisions on data viewed in the United States from data generated by Unmanned Aerial Vehicles flying over Afghanistan. Reading the actions of potentially hostile local people in uncertain situations in the middle of insurgent engagements can be highly problematic. Tactical commanders can make the wrong call and the result can be civilian casualties. “Information overload — an accurate description,” said one senior military officer, who spoke on the condition of anonymity because the issue of civilian casualties might result in a court martial. “The deaths would have been prevented,” he said, “if we had just slowed things down and thought deliberately.”

Doing Business with the US Army and Legacy IT Acquisitions The commander’s drive to use the latest technology innovations to deliver information superiority in the field of operations is shared by the soldier’s delight at new kit that has the potential to deliver. However, the US Army acquisition process can withhold ruggedized laptops in a complex supply chain until warranties have expired8 or deliver goods that are not compatible with legacy systems. Solid-state drives that lack endurance and resilience by being designed for the civilian rather than the military market can be 10 | www.defenceindustryreports.com

a liability. For example one company argues that SSDs should contain a sophisticated controller with adaptive flash management algorithms to actively manage NAND wear leveling plus error management and tuning functions that adjust throughout the life of the flash; there is also a case for memory management algorithms to improve flash endurance. And there is technology to deliver parity inside the drive that allows data to be recovered, rebuilt and accurately returned in cases of a read error due to bit, word line or even total die failure.9

The British Ministry of Defence Legacy Data Storage a Limiting Issue Britain is always proud of its historic legacy – it is less proud of its historic legacy of IT equipment, architectures and software. For the serving officer working in the critical field of logistics this can prove to be a nightmare. “Not only are there increasing volumes of data, there are also several hundred logistic IT systems and applications in Defence to contend with. Some systems are 30-year-old legacies from the Cold War era. Others came from Navy, Army and Air Force unilateral lines of business, where the single supply chain concept did not exist previously. Most of these major systems have their own unique ways of defining and describing logistic data. For example, the concept of an asset is fundamental to logistics. An asset has attributes such as type, description, serial number, location, value and so on. But, frustratingly, there are currently many varying definitions of asset and its attributes across the different logistic IT systems. Not only that, many major systems employ unique proprietary data descriptions, data formats, field lengths, business rules and software coding.”10 The data storage failure by the British Ministry of Defence was so serious it was heavily criticized by the House of Commons National Audit Office: while some data systems are new and of good quality, much of the department’s data, particularly for the base inventory and warehousing areas, is held on IT systems that came into service more than 30 years ago. “These have limited capability and the scope to upgrade their capabilities is often extremely restricted,


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Sonar data gathered by Navy Destroyer is protected by SSDs from SMART Storage Systems

and many are no longer supported. Reliance on such systems means that it is very challenging to produce the business information required by stakeholders to run an effective and efficient supply chain. And while this historic legacy of data storage systems is a headache in the UK, it is replicated in many European armies and, undoubtedly, in some corners of American data storage systems as well.

The Need for Better Education of Troops on the Ground on the Importance of Good Data Storage Practices

and to improve efficiency and effectiveness of the armed forces, the operating environment in the United Kingdom is not optimistic for industry innovation. Manpower cuts, large platform cancellations and vigorous cost cutting projects across the services make data storage replacement a lower priority than it should be. And while the United States Army and PEO has a drive to take on and absorb new technologies, the parallel drive to control budgets and limit spending is a brake on the effort to adopt new and effective technologies for data storage.

For a British soldier on the move rapidly through combat zones and touring in Forward Operating Bases, dealing with data storage is not a subject of any salience. However, information lost on troop rotation results in unnecessary duplication and cost. A senior Research Fellow for Air Power and Technology at the UK’s Royal United Services Institute argues that storage and retrieval is not properly managed in deployed operating environments resulting in large amounts of duplication (up to 50 per cent) across the system or files lost as troops rotate through. Much of this could be fixed through better process and education, she argues.11

Military Data Storage in an Age of Austerity While the need for updated data storage systems is undoubtedly huge in both the United States and Europe, to cut costs, to limit power consumption www.defenceindustryreports.com | 11


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

The Many Facets of the Military Data Storage Market Meredith Llewellyn, Lead Contributor

A natural disaster like a hurricane or earthquake that disrupts power supply to a data center in the United States can affect operations.

M

IL-STD-810, US Department of Defense standards for all equipment is the benchmark for all military data storage equipment. It is a robust and tested standard of rugged engineering. And although the list is well known for the manufacturers and vendors of SSDs and computer equipment, it is daunting: low pressure for altitude testing; exposure to high and low temperatures plus temperature shock (both operating and in storage); rain (including wind blown and freezing rain); humidity, fungus, salt fog for rust testing; sand and dust exposure; explosive atmosphere; leakage; acceleration; shock and transport shock; gunfire vibration; random vibration. Of course, military medical files for storage in the United States do not have to meet all these standards, but public sector defense data does have to meet very high criteria of security. Natural disaster planning has to be part of a military data center manager’s program. A natural disaster like a hurricane or earthquake that disrupts power supply to a data center in the United States can affect operations. As a former Marine officer in charge of a military data center explains, the consequences of power outages in the US can impact on operations in Afghanistan. “The loss of just one cooling unit could cause an entire data center’s temperature to spike above 90 degrees requiring planned shutdowns to prevent system crashes.”12 Similarly, hurricanes can affect data farms requiring considerable forward planning to ride out the storm.

Access Denied: the Ever-Present Security and Encryption Issue Mission critical data on the battlefield in the 21st century has to be delivered in real time. The goal of the network-centric battlefield is to deliver “the right information to the right person at the right time,” as Amos Deacon III, president of military data storage provider Phoenix International put it: “I see two major aspects of secure information storage: the ability to have continued access to the info (i.e., 12 | www.defenceindustryreports.com

data availability through redundant components and systems), and security with regard to denial of access to unauthorized personnel through data encryption, multi-level security (MLS), and the ability to quickly sanitize or destroy the info.”

Many Layered Process of Encryption Officials at Curtiss-Wright Controls Embedded Computing in Leesburg, Va., and at VMETRO, a Curtiss-Wright Company in Houston, say they agree that encryption is necessary, and not just at the storage level. Military and aerospace systems designers, among others, are “requiring encryption of data, both at the recorder level and in storage devices,” says Tom Bohman, vice president of recorder products business development at CurtissWright Controls Embedded Computing. “Associated with the need for encryption, solid-state disk (SSD) users require purge, fast erase, secure erase, and destruction-erase functions. Because these SSD functions are not instantaneous, it is often beneficial for secure data storage to be performed by the data recorder. Encrypting the data prior to recording it to disk ensures that the data is not accessible without the correct encryption keys and the storage media is not classified.”13

Removable Drives for Added Security Rugged storage servers for a higher risk environment in aerospace or on operations are increasingly useful. “Removable drives are paramount in rugged servers – both for the ability to rapidly declassify a system and the ability to swap out large amounts of storage,” says Chip Thurston14, technical director/chief architect at rugged storage provider Crystal Group in Hiawatha, Iowa. “Removable drives also help fix logistical issues with sparing, as systems can be configured using the same hardware, with the only differentiator being software. This allows you to spare one chassis and four sets of hard disks, reducing the costs associated with the sparing effort,” says Chip Thurston. During


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Data logged by the F18 Hornet is protected by secure storage from SMART Storage Systems

combat, the data on a disabled Humvee can be safeguarded from falling into the wrong hands by ejecting removable discs, but the data needs to be encrypted to safeguard it in the event the attempt to save it fails.

SSD Have Powerful Advantages for Aircraft and Helicopters “Traditionally, systems that need to be able to take vibration and operate through it with no degradation in performance were limited to using solid-state hard disks,” Crystal Group’s Thurston mentions. “With advancements in vibration tolerance and careful vibration isolation at the chassis level, often rotational disks can be made to handle vibration, depending on the vibration level. If the amount of vibration is substantial, solid-state disks are still the logical step. “Recent changes in the flash industry have allowed solid-state disks to become more affordable, while still maintaining phenomenal vibration tolerance,” Thurston continues. “As flash advancements move forward, we will start seeing better capacity, much faster speeds, and better reliably.” Curtiss-Wright has introduced the SANbric JBOD (just a bunch of disks) storage system and shock isolation units for helicopters. The SANbric rugged, removable storage system enables the use of commercial off-the-shelf (COTS) Fibre Channel disks for high-speed streaming data-recording applications in harsh and high-altitude environments. As SSDs are much the newer technology many mechanical disks are still in use but they can be combined with SSDs for enhanced storage.

The Imagery Revolution and its Impact on Data Storage 21st century armed forces are increasingly heavily dependent on image data from UAVs (Unmanned Aerial Vehicles) and satellites to deliver situational awareness in conflict or for humanitarian assistance in times of conflict or disaster. The data storage needs generated by coalition ISTAR during Operation Unified Protector over Libya and during relief operations in Haiti stand as good examples.15 Today’s technologies include public access to satellite and aerial imagery platforms; resilient networks; and larger and faster data storage capabilities on smart phones and tablet computers that are capable of manipulating imagery files using surprisingly high-performance applications that reside locally on the device. Some data needs to be stored in centres where large file sizes can be handled and made accessible to disaster response forces. They need to be stored in areas outside the disaster area and accessible via good bandwidth.

www.defenceindustryreports.com | 13


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

Future Data Storage Options and Dealing with Cyber Warfare Mary Dub, Editor, Defence Industry Reports

“You go to the cloud not just for the efficiencies that it might provide you in terms of using just the resources that you need as you need them, but also ... by going into an environment where you centralize the controls and the protections.”

C

yber warfare is a constant menacing presence in data storage. Whether the armed forces are the agents or victims, it is an increasingly powerful option in the aggressive armoury of a nation considering military options. In July 2012 in Syria, allegations are emerging that cyber measures are already being used on the ground by NATO forces against the Syrian regime. Cyber techniques are anonymous, deniable, inexpensive, increasingly effective and comparatively riskfree, certainly in terms of own casualties. This makes them attractive in this highly complex, precarious and fraught situation.16

Clandestine Options that Affect Data Storage Cyber techniques can be used in both intelligence collection and active disruption of military and government targets. As an example, the Flame virus, which is directed primarily against Iran, has reportedly infected computer systems elsewhere in the Middle East, including Syria. It collects information by monitoring keystrokes, recording data and eavesdropping on audio and camera equipment. Flame can also be activated to attack and take control of computer systems that it has infected. Aggressive cyber warfare could have a much more widespread impact. Active cyber intervention could be focused against command-and-control systems, air defence networks, computerised weapons systems and communications. Beyond the military arena, cyber attack could be used to disrupt civilian infrastructure including radio and TV, power grids,

14 | www.defenceindustryreports.com

financial networks, air travel, transport and telecommunications. Even more than the use of airpower, clandestine cyber warfare can reveal the working of western support without compromising anonymity.

Using the Cloud: Private or Public? The reverse implications of cyber warfare are protecting the west’s own data assets from attack. This is an important dimension of the ongoing debate in the defense community about the use of the private cloud or even a specific defense proprietary cloud. Douglas Wiltsie took the lead in Army Program Executive Office for Enterprise Information Systems (PEO EIS) October 2011. As lead, he is charged with taking decisions on the data center/cloud computing environment. He sets the standards, the architecture and also the business concept of how to take legacy systems and move them into the cloud. In an interview he gave to Defense News, he outlines the importance of the issue of structuring of the data so that everyone has access. “So it needs to be in an unstructured format, and the issue becomes how we tag the data. Proprietary systems tag data specifically for their own purposes. Whereas in a cloud-computing environment you have a multi dimensional tag. And so the program has to change in order to be able to use data that’s tagged differently. And then we also have to be able to virtualize it.”17

Building a “Mini Defense Cloud” To assess the cost and work through the process, a pilot mini cloud is being built. “What we


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

need to do is define for Army leadership what the cost is to take legacy programs and put them into the cloud. The way we’re doing that is by building a mini-cloud with ALTESS (Acquisition, Logistics and Technology Enterprise Systems and Services) at Radford Arsenal [in Virginia].” And this is part of a wider vision of the gigantic task of transferring the bulk of Army data to the cloud: ”We envision that select Army data centers will eventually become federated with other service data centers and DISA facilities to deliver DOD cloud services. So we’re essentially in the early stages of what could be a Herculean effort for the Army, but the vision is to ultimately be able to deliver services to any Army user, anywhere, regardless of user device type.”18 Doug Gardner, technical director of the Program Executive Office for Mission Assurance and Network Operations for the Defense Information Systems Agency (DISA) in Fort Meade, Md., put the argument that work now being made to protect cloud data will eventually lead to better overall IT security and potentially lower costs. “You go to the cloud not just for the efficiencies that it might provide you in terms of using just the resources that you need as you need them, but also... by going into an environment where you centralize the controls and the protections.” Other cyber strategists disagree with these assessments and argue that public clouds are still a danger zone. They argue that there is a case for strong security architecture for a private cloud that could withstand a cloud storm attack, a type of distributed denialof-service attack. In reply, Gardner argues

that DISA has the very highest standards that are very similar in public and private clouds. DISA encrypts data both at rest and in transit, as well as using access controls based on trusted credentials.

DARPA’s Mission Oriented Resilient Clouds (MRC) To address some of these security concerns, DARPA is funding futuristic projects that may help deal with their perceived need for greater storage security. In February 2011, DARPA gave funding to the Mission Oriented Resilient Clouds (MRC) project. This aims to address some of these security challenges by developing technologies to detect, diagnose and respond to attacks in the cloud; effectively building a ‘community health system’ for the cloud. MRC also seeks technologies to enable cloud applications and infrastructure to continue functioning while under attack.19

DARPA Takes Using Encryption Into the Future To further protect data and to allow defense data users to use data in the cloud that has already been encrypted without the inconvenience and loss of time from unencrypting it, DARPA is funding work on homomorphic encryption.20 This $20million research project is looking to develop and accelerate an algorithm that basically allows users to perform operations on the data without having to decrypt it. The former IBM researcher who developed the original algorithm now has the task of making it work 10 million times faster!

www.defenceindustryreports.com | 15


SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS

References: 1

 h  ttp://www-03.ibm.com/systems/storage/resource/edge/videos.html IBM Edge2012 
June 4-8 2012 Orlando, FL. Rod Adkins: ‘Smarter Computing in a New Era of IT’, Rodney C. Adkins Senior Vice President, IBM Systems and Technology Group

Congressional Research Service Department of Defense Implementation of the Federal Data Center Consolidation Initiative: Implications for Federal Information Technology Reform Management Patricia Moloney Figliola, Coordinator Specialist in Internet and Telecommunications Policy Anthony Andrews, Specialist in Energy and Defense Policy Eric A. Fischer, Senior Specialist in Science and Technology July 12, 2012

2

3

http://www.silvertonconsulting.com/newsletterd/SSDf_drives.pdf SSD flash drives enter the enterprise By Ray Lucchesi

4

http://www.stecblog.com/ Scott Stetzer
Vice President
Technical Marketing

5

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.8668 Abstract

6

http://www.flashmemorysummit.com/English/Conference/Keynotes.html#Keynote4 Keynote 4: Flash Storage Meets the Content Challenge Wednesday, August 22nd, 11:00-11:30pm John Scaramuzzo President SMART Storage Systems

7

http://www.nytimes.com/2011/01/17/technology/17brain.html/?pagewanted=all In New Military, Data Overload Can Be Deadly By THOM SHANKER and MATT RICHTEL Published: January 16, 2011

8

http://www.stecblog.com/?cat=65 Mark Flournoy, LtCol USMC (ret)
Vice President
Government and Defense

9

http://www.stecblog.com/?p=179 Lipstick on a Pig “Ruggedised laptop requirements” Mark Flournoy, LtCol USMC (ret)
 Vice President
Government and Defense

10

http://www.rusi.org/downloads/assets/McTeague_RDS_Nov_2011.pdf “D is for Data Roland McTeague”, a former RAF Engineer Officer

11

http://www.rusi.org/downloads/assets/2011_Air_Power_12_Jul.pdf Air Power 2011 Workshop Reports Elizabeth Quintana

12

Military Disaster Planning Mark Flournoy, LtCol USMC (ret)
Vice President
Government and Defense http://www.stecblog.com/?cat=14

13

http://www.militaryaerospace.com/articles/print/volume-19/issue-12/features/technology-focus/driving-the-demand-for-data-storage.html December 1, 2008 Sensors span the battlefields, producing a wealth of mission-critical data that must be kept at once readily available and secure. By Courtney E. Howard

14

http://www.militaryaerospace.com/articles/print/volume-19/issue-12/features/technology-focus/driving-the-demand-for-data-storage.html December 1, 2008 Sensors span the battlefields, producing a wealth of mission-critical data that must be kept at once readily available and secure. By Courtney E. Howard

15

Constructive Convergence: Imagery and Humanitarian Assistance, Doug Hanchard, Center for Technology and National Security Policy Institute for National Strategic Studies National Defense University February 2012

16

http://www.rusi.org/downloads/assets/SyriaBriefing.pdf RUSI July 2012 Syria Intervention Briefing Options for Intervention By Colonel (Rtd) Richard Kemp

17

18

http://defensesystems.com/articles/2012/02/28/interview-army-peo-eis-wiltsie.aspx Army PEO EIS leads data-center drive to common operating environment By Barry Rosenberg March 16, 2012 http://defensesystems.com/articles/2012/02/28/interview-army-peo-eis-wiltsie.aspx Army PEO EIS leads data-center drive to common operating environment By Barry Rosenberg March 16, 2012

DARPA Mission-Oriented RESILIENT CLOUDS (MRC) PROGRAM MANAGER Dr. Howard Shrobe http://www.darpa.mil/Our_Work/I2O/Programs/Mission-oriented_Resilient_Clouds_(MRC).aspx

19

20

http://www.i-programmer.info/news/112-theory/2330-darpa-spends-20-million-on-homomorphic-encryption.html DARPA spends $20 million on homomorphic encryption Written by Alex Armstrong Tuesday, 19 April 2011 09:33

16 | www.defenceindustryreports.com


Defence Industry Reports… the Defence Industry Reports….the leading specialist combined leading specialist online research andcombined networking online research and networking resource for senior military and resource for senior military and defence industry professionals. defence industry professionals.

 •p toUpthe U minute Industry News other content available to the minute Industryand and Technology Technology News andand other content available to to allallsite users on a free of charge, open access basis. site users on a free of charge, open access basis.

 •ualified Q signed upupmembers abletoto access premium content Qualified signed members are are able access premium content SpecialSpecial Reports andand interact with usinga variety a variety of advanced Reports interact withtheir their peers peers using of advanced onlineonline networking tools. networking tools.

Designed to help usersidentify identify new solutions, understand the the  •esigned D to help users newtechnical technical solutions, understand implications of differenttechnical technical choices select the the bestbest solutions implications of different choicesand and select solutions available. available.

Thought Leadership Advice and from internationally recognised  •hought T Leadership – -Advice andguidance guidance from internationally recognised defence industry key opinion leaders. leaders defence industry key opinion

Input - Contributions from senior military personnel and defence industry  •eerPeer P Input – Contributions from senior military personnel and defence professionals industry professionals.

Independent Editorial Content – Expert and authoritative analysis from winning journalists and leading industry commentators award winning journalists and leading industry commentators.

Unbiased Supplier Provided Content.

Designed debate. • Writtento tofacilitate the highest professional standards

Written to the highest professional standards.

Independent Editorial Content - Expert and authoritative analysis from award

Unbiased Supplier Provided Content

Designed to facilitate debate

Visit: www.defenceindustryreports.com


Special Report – Military Data Storage Solutions  

Defence Industry – Special Report on Military Data Storage Solutions

Special Report – Military Data Storage Solutions  

Defence Industry – Special Report on Military Data Storage Solutions