Personal details of some 600,000 people, mostly prospective UK recruits, were potentially exposed recently when a laptop was stolen. The Ministry of Defence is reviewing information security policies in response as, shockingly, the database stored on the laptop was unencrypted.
Security is not just for the battlefield, it is also important on base, which needs to guard against potential intruders, information leakage and interference with critical systems. Many specialised products have evolved to meet the need.
Base administrators can choose from long-range, high-resolution cameras such as Flir Systems's ThermoVision range, incorporating such options as infrared, pan tilt, laser rangefinding, geo-targeting, long-wave thermal imaging, and various motion, radar or tripwire sensors. Some have ranges of 20km.
These systems rotate across a field of view and use image processors to detect, identify and track targets. However, some, such as the SOS and OmniEye systems from GenexTech, almost have eyes in the back of their head. Image processing splices several infrared images into a single 360° image of an area. Then algorithms can be used to track several targets simultaneously.
Raytheon recently released the Eagle-300, a 360° camera with persistent, high-resolution vision and movement detection. Even more sophisticated self-aiming cameras respond to audio as well as visual cues to decide where they should 'look'.
A US Air Force project called 'Wide-Area Surveillance' is aiming to combine images from many different imaging sensors into 3D views. A prototype is reportedly operating in Iraq, according to a Military and Aerospace News blog this month.
Access points on base such as doors and perimeter gateways can optimise their security by adopting the latest in biometrics-enabled locking technology.
Biometric locks must be easy to use but difficult to fool with a mimicking technology. Examples include the Mermaid, by Nordic Biometric. The menu-controlled Mermaid scans at a high 500dpi resolution and boasts a false rejection rate (FRR) of 0.001% and false acceptance rate (FAR) of 0.00001%. PINs can be used instead of a fingerprint scan.
Digitus Biometrics offers a Digitus access control system with a fingerprint reader and keypad (outside the door) plus controller (inside the door).
The newest includes encrypted TCP/IP and uses Digitus's proprietary code-hopping encryption protocol, enabling centralised remote control of the units from any location – even overseas.
It has been deployed at the US Army's Hunter Army Airfield (HAAF). Units at the US Army's Fort Stewart are also centrally controlled from HAAF.
"Biometric fingerprint recognition offers advantages over card-reader and proximity-based systems, which we are often selected to replace," said Christopher Marsden, CTO at Digitus Biometrics.
Iris scanning is also proving increasingly popular, as offered by vendors such as Panasonic. Patterns in the iris of the eye are, like fingerprints, virtually unique to each individual. Panasonic's solution uses a specialised video camera to take a detailed close-up of the iris of each person requiring authorisation and stores it in the system using a template made using biometrics software.
Individuals look into iris cameras at designated access points, and the patterns in their irises are compared against the 3DES-encrypted templates stored in the system. FAR is 0.001%-0.0001%, according to Panasonic.
AOptix Technologies offers adaptive, optics-based, stand-off iris recognition. Adaptive optics (AO) correct for optical distortions caused by atmospheric disturbances and target motion, according to AOptix.
"AO systems measure wavefront error to optimise optical performance in real time, and typically employ deformable mirrors in a closed-loop control configuration," AOptix said.
The technology has captured high-quality iris images 18m away in controlled laboratory environments. AOptix has also developed a shorter-range, 2m cooperative system where the subject only needs to look at the system from any spot within 1m³ of space – making iris recognition quicker and easier to use.
Phil Tusa, biometrics vice-president at AOptix, says that further announcements are in the offing. "We do indeed have something innovative which we believe will be valuable to base protection, but we are in our final design phase," he said.
Increasingly, standard operations hardware including laptops, PDAs, and multifunction printing devices include biometric security, often in the form of a fingerprint reader or as add-on software, such as SecureJet Auth Fingerprint for HP laser printers.
Personnel and vehicles alike can now be identified readily by radio frequency identification (RFID) tagging or smartcards. In the US, Lowry Computer Products has been developing RFID and biometrics technologies for Michigan Army National Guard bases – tracking vehicles when they enter or leave a base, or secure areas on base, such as an armoury.
Personnel will also be issued with cards that can be read by a scanner. Information on the cards includes whether the individual is permitted on base, licensed to drive the vehicle requested, and if they're on terrorist lists or similar. Biometric details such as fingerprints can also be stored and compared with those of the individual in cases of doubt.
SECURE DATA STORAGE
Not only people and hardware but also specific information must be kept secure on base if the armed forces are to maintain their efficiency and effectiveness.
The US National Security Agency in February awarded IT giant IBM a $9.4m, 15-month contract to design and develop a high-assurance platform (HAP) for secure data sharing across computer workstations, pervasive computing technology and servers.
Late 2007 saw General Dynamics Canada and Secure Computing launch the MESHnet Firewall for use in battlefield vehicles. MESHnet features Secure Computing's first Evaluation Assurance Level 4 (EAL4) common-criteria-certified Sidewinder firewall ruggedised to MIL-810.
Eric Krieger, Australia country manager at Secure Computing, said the Sidewinder has been deployed on base as well as in vehicles globally. "It is a proxy firewall, rather than a packet or stateful inspection firewall," he said. "It takes information, proxies it, strips it, looks at it, and when it's ready, posts it."
The Sidewinder Network Gateway has Trusted Source technology built in. Communications are stopped at the edge, and scored against data at one of Secure Computing's Trusted Source Centres before being allowed to pass onto the network, he said.
The Sidewinder 4150d offers 3.2GB throughput, with up to 26 interfaces, five-way chassis and four add-on modules. "We have a number of customers we can't name," Krieger added.
Terry Wright, business development manager at UK-based Reactive Data Solutions, said it sells and integrates defence sector products from solid state disc (SSD) and managed flash manufacturers.
"[SSDs] intended for high security environments may have embedded secure-erase features. This can be initiated by unique instruction or by the closure of a pair of contacts, using a push button, for example," Wright said.
Within 20 seconds, all stored data and programmes are erased. Embedded sanitisation routines approved by US agencies such as the NSA can further overwrite all memory locations in the product numerous times. The procedures are irrevocable once initiated, Wright said.
Increased capacity and speed of removable data storage means more data can go missing faster. Products like the SanDisk Cruzer USB key with 256bit AES encryption can prevent sensitive data from straying off base.
"Combined with our CMC server software an administrator can track and control all issued Cruzers and inhibit access," Wright said. "The problem is getting those responsible to use the products that are out there."
Also, Reactive Data's Tiger product group designs bespoke emulators for advanced data storage. Products include flash and SRAM discs, solid-state recorders and disc emulators for where data security is critical, Wright added.
Swedish firm Business Security offers specialised military encryption for all kinds of communications. The company provides customised solutions that fit each client's needs.
Specific products include SecuriVPN, a range of hardware IP encryptors with multicast capability and optical interfaces; SecuriFax, a standalone CELP encryptor with authentication and smartcard backup for faxes; and SecuriVoice, a voice-encryptor with personal-encryption smartcard keys.
Product, though, is only as good as the policies, people and practices around it.