Special Report – Military Data Storage Solutions

Military Data Storage Solutions

S p e c i a l R e p o R t

Data Security Trends in Solid-State Storage Devices

Dealing with the Deluge of Data: Storage System Developments

Military Data Storage Systems in Action

The Many Facets of the Military Data Storage Market

Future Data Storage Options and Dealing with Cyber Warfare

Sponsored by

Published by Global Business Media

SPECIAL REPORT: MILITARY DATA STORAGE SOLUTIONS


Global Business Media Limited 62 The Street Ashtead Surrey KT21 1AT United Kingdom

Switchboard: +44 (0)1737 850 939 Fax: +44 (0)1737 851 952 Email: [email protected] Website: www.globalbusinessmedia.org

PublisherKevin Bell

Business Development DirectorMarie-Anne Brooks

EditorMary Dub

Senior Project ManagerSteve Banks

Advertising ExecutivesMichael McCarthyAbigail Coombes

Production ManagerPaul Davies

For further information visit:www.globalbusinessmedia.org

The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated.

Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the Publishers or the Editor. While every care has been taken in the preparation of this publication, neither the Publishers nor the Editor are responsible for such opinions and views or for any inaccuracies in the articles.

© 2012. The entire contents of this publication are protected by copyright. Full details are available from the Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner.

ContentsForeword 2 Mary Dub, Editor

Data Security Trends in Solid-State Storage Devices 3 SMART Storage Systems

Introduction Standards for Data Sanitization The Role of Encryption Advanced Encryption Standard (AES) AES Encryption SSD Access Protection Data Elimination Data Elimination Procedures Sanitization Summary

Dealing with the Deluge of Data: Storage System Developments 8 Mary Dub, Editor, Defence Industry Reports

The Dramatic Growth in Department of Defense Internet UseHow is the Power use Explained?The Arguments for Solid State Disk Drives (SSDs)Power Consumption Arguments for SSD DrivesThe Importance of the NAND Controller

Military Data Storage Systems in Action 10 Don McBarnet, Staff Writer

Doing Business with the US Army and Legacy IT AcquisitionsThe British Ministry of Defence Legacy Data Storage a Limiting IssueThe Need for Better Education of Troops on the Ground on the Importance of Good Data Storage PracticesMilitary Data Storage in an Age of Austerity

The Many Facets of the Military Data Storage Market 12 Meredith Llewellyn, Lead Contributor

Access Denied: the Ever-Present Security and Encryption IssueMany Layered Process of EncryptionRemovable Drives for Added SecuritySSD Have Powerful Advantages for Aircraft and HelicoptersThe Imagery Revolution and its Impact on Data Storage

Future Data Storage Options and Dealing with Cyber Warfare 14 Mary Dub, Editor, Defence Industry Reports

Clandestine Options that Affect Data StorageUsing the Cloud: Private or Public?Building a “Mini Defense Cloud”DARPA’s Mission Oriented Resilient Clouds (MRC)DARPA Takes Using Encryption Into the Future

References 16

WWW.DEFENCEINDUSTRYREPORTS.COM | 1

Military Data Storage Solutions

S P E C I A L R E P O R T

Data Security Trends in Solid-State Storage Devices

Dealing with the Deluge of Data: Storage System Developments

Military Data Storage Systems in Action

The Many Facets of the Military Data Storage Market

Future Data Storage Options and Dealing with Cyber Warfare

Sponsored by


Foreword

This edition of Defence Special Reports

deals with the fast innovating world of flash

technology solid-state disks for the military market.

The revolutionary solid-state technology they

offer presents many new options to military and

civilian managers of today’s demanding military

user. The defence market for data storage is highly

specialised and many faceted, and the new SSDs

have many benefits to offer in many different

operational scenarios.

The Report opens with an article that looks at trends

in data sanitization and data elimination, and sets

out the requirements for data sanitization, specific

to defence and military organisations. It goes on to

describe the role of encryption in its various forms

and gives examples of different applications in which

encryption algorithms are used. No less important

than data encryption is data elimination. The article

discusses this topic and identifies a number of data

elimination procedures.

The second article looks at the nature of the deluge

of data that the armed forces need storing and

assesses the way that SSDs and NAND technology

may offer a diverse range of options to military

commanders in charge of managing the problem.

A glimpse of gritty reality in the US and Europe is

the theme of Don McBarnet’s piece. Whether it

is coping with the US Army’s erratic acquisition

bureaucracy when buying SSDs, or the historic

accumulation of long-outdated British Army software

systems, the nature of the legacy of data for storage

makes daunting reading. This is the confused and

confusing backlog behind many military computer

storage issues.

The central piece in this report focuses on the key

factors that military buyers consider when looking

for new military storage solutions. The armed

forces are not only dealing with new image data

from UAVs in action in Afghanistan, but disaster

recovery assistance requests for image data on

new developments. All these data requests mean

that data storage needs to be held safely beyond

natural disaster zones and be speedily accessible

through potentially low bandwidth.

Previewing the future is always a high-risk

occupation. However, the rising role of cyber warfare

and the resultant need for increased security and

encryption make the demand for high speed access

to data much more complex. DARPA (Defense

Advanced Research Projects Agency) as ever has

ways of thinking about the future to deliver solutions

to do things ever faster and more easily. Predicting

developments in computer technology is always

uncertain, but what is certain is that being at the

forefront of new technologies is an exacting task.

Mary DubEditor


2 | WWW.DEFENCEINDUSTRYREPORTS.COM

Mary Dub is the editor of this Special Report. She has covered the defence field in the United States and the UK as a television broadcaster, journalist and conference manager.



Data Security Trends in Solid-State Storage Devices SMART Storage Systems

IntroductionSupport for Data protection and sanitization are important features for devices used in the computer storage market segment. These capabilities are especially critical for storage devices used in Defense applications because the loss of sensitive data can literally have life or death consequences. This article discusses emerging trends in modern data security techniques and how SMART Storage Systems makes data sanitization and data elimination top priorities in its XceedSecure and Xcel-200 solid state storage products.

Standards for Data Sanitization Standards for storage device data sanitization have historically been driven by military or governmental related organizations and until the recent availability of affordable SSD technology, they have largely focused on the characteristics of spinning media storage devices.

The general approach for data elimination in spinning media storage devices has been either to crush the storage device into oblivion or repeatedly write arbitrary or random patterns to the storage media. An example of support for the pattern writing approach is SMART Storage Systems’ XceedSecure SSD product family. This product family supports eight different standards for data sanitization and an additional customer defined procedure. The supported

standards are well defined and widely accepted approaches to data sanitization and are mostly requirements specific to Defense and Military organizations. Table 1 below lists the standards based data elimination procedures supported by XceedSecure products.

SMART Storage Systems’ EraSure® data security technology implemented in the XceedSecure products provide multiple levels of data sanitization to meet the distinctive requirements of defense and security applications. Erasure Clear, for example, performs a single erase of the data in the SSD. Erasure Sanitize uses one of the preprogrammed procedures in Table 1 or a customer defined procedure to erase the flash memory in a drive. This involves multiple erasures and overwrites of each flash array. The unique customer-defined sanitization procedure allows customers to develop their own erase procedure when needed. All EraSure procedures result in full media declassification and are executed at unparalleled speed. IRIG 106 is of special interest, because support for this procedure extends the secure erase operations to enable a full review of the erase results to verify elimination of all classified data.

XceedSecure drives are battle proven and verified through extensive environmental testing to meet demanding shock, vibration, and temperature metrics as specified by MIL-STD-810 standards. Designed for mission-

TABLE 1: XCEEDSECURE SUPPoRTED MiLiTARy DATA SANiTizATioN STANDARDS



critical applications such as data recording, rugged tablets, and surveillance drones, XceedSecure SSDs are available in SATA, PATA and SCSI interfaces with capacities ranging from 32GB to 256GB. These 2.5” and 3.5” flash-based SSDs easily replace standard hard disk drives (HDDs), providing full HDD functionality. It should be noted at this point in the article that the XeedSecure products do not have data encryption capability and do no use it as an element in the strategy for data security and sanitization.

The availability of SSDs with powerful self-encrypting data capability has fueled growing awareness and curiosity from designers of data storage systems intended for Defense and Military applications. The remainder of this article will chiefly concentrate on the use of encryption in SSD products as an adjunct or eventual alternative basis for data security and elimination of sensitive data.

The Role of Encryption The role of encryption is to protect data from unauthorized access, use, disclosure or alteration. Encryption algorithms transform original data (referred to as plaintext) to an unreadable form (called cyphertext) that can only be read by someone who possesses a special device, usually called a key.

Careful key management ensures that only those authorized to access and use the encrypted data can do so. The process of converting cyphertext back into its original state is called decryption.

Encryption/decryption algorithms are in use all around us. Some examples include:• Algorithms used for real-time applications,

such as the encryption/decryption of voice calls, must be highly efficient and not impose undue delay during conversations

• Public algorithms such as TLS (Transport Layer Security) facilitate secure transactions over the Internet

• Classified algorithms are used for extremely sensitive military data

Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) is a publicly available encryption methodology that is based on the Rijndael algorithm, developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. It is widely used in hardware and software systems due to its low system resource requirements, high performance capabilities versus other methods, and ease of implementation. AES was developed by the National Institute of Standards and Technology (NIST), and became a standard in the United States in 2002.

Upon its inception in 1952, the National Security Agency (NSA) assumed responsibility for all encryption systems used by the U.S. Government. Little is known about most of these systems because they protect national secrets. In 2003 NSA approved AES for use in its systems. Figure 1 below presents a logical view of the AES data encryption flow used in SMART Storage Systems SSDs.

The NSA has certified AES-128 as being appropriate for protecting SECRET data and AES-192 or AES-256 as being appropriate for protecting TOP SECRET data.

There is no known method of breaking the AES algorithm. Brute force methods that attempt to cycle through all possible key combinations are considered impractical due to the very large number of possible combinations and the amount of processing time it would take to break the cipher. One of the criteria used in selecting AES was that it be immune to being broken by

The availability of

SSDs with powerful

self-encrypting data

capability has fueled

growing awareness and

curiosity from designers

of data storage systems

intended for Defense

and Military applications.

FiGURE 1: AES DATA ENCRyPTioN FLoW (LoGiCAL viEW)



brute force for 20 to 30 years. The actual time required to crack an AES 128-bit key using the brute force method with today’s supercomputers is in the billions of years.

AES Encryption SMART Storage System SSDs with encryption capabilities use AES 128-bit and in the future, AES 256-bit encryption to protect user data from unauthorized access and misuse.

AES uses a symmetrical key block cipher, which means that it uses the same key to encrypt and decrypt data. It operates on a fixed 128-bit block using one of 3 different key lengths: 128 bits, 192 bits, or 256 bits. Each 128-bit block is a 4×4 array of bytes.

SMART Storage System SSDs include a set of two standard internal keys that are used to protect the product from malicious tampering:• Boot ROM Access Key – Used to protect

boot ROM code and allow boot ROM code execution during power-on.

• Firmware Download Key – SMART firmware releases for its SSD products are distributed in encrypted form. This internal key is used to decrypt all incoming firmware downloads and prevents the introduction of malicious code into the SSD.

During the firmware download process, two random drive-unique keys are generated by the SSD controller to protect the firmware code and the user data:• Flashware Key: This drive-unique key

protects the Flashware code that resides in flash memory and prevents unauthorized access to the firmware code. The randomly generated Flashware Key is encrypted by and protected with the internal Boot ROM Access Key.

• User Data Key: This drive-unique key protects and prevents access to all user data and meta-data on the drive. The key is stored in flash and all data is encrypted when written. Each time user data or meta-data is retrieved from flash memory it is decrypted using this key. The randomly generated User Data Key is encrypted by and protected with the Flashware Key.

After a hardware reset, and once the SSD boot process has completed, the drive enters its

normal operating mode and only the Flashware and User Data keys are active. Both user data and meta-data are encrypted using the User Data Key before it is recorded on the flash memory. All user data read from the flash is processed through the encryption engine (decryption) that renders it back to its original form. Since the encryption functionality is entirely contained within the SSD and is always active, there is no dependence upon the host system to activate it, nor can it be intentionally or inadvertently disabled.

SSD Access Protection A drive password can be used as an additional means of access protection between the host system and the SMART SSDs.• If a user password has not been established,

all host read accesses result in user data being decrypted and delivered to the host system in its original form.

• If a user password has been established by the ATA SET SECURITY PASSWORD command (F1h), it is stored on the drive and is protected by the User Data Key. Subsequent read/write operations result in one of the three alternatives listed below:

o If the correct password is delivered to the SSD by the ATA SECURITY UNLOCK command (F2h), at drive discovery time, read/write access to the flash is granted to the host application

o If an incorrect password is delivered to the SSD by the ATA SECURITY UNLOCK command at drive discovery time, the drive responds to the SECURITY UNLOCK command with a “command aborted” status. The drive remains security-locked and read/write access is denied to the host application

o If no password is delivered to the SSD at drive discovery time, the drive remains security-locked and read/write access is denied to the host application

Data Elimination Data security extends beyond protecting storage devices during normal usage in their target applications. Storage devices frequently need to be re-tasked or, in the case of defense applications, transported from one security zone

FiGURE 2: USE oF KEyS DURiNG SSD BooT



A large percentage of

HDD users resort to

completely destroying

drives using expensive

shredding devices to

prevent the data on

them from falling into the

wrong hands.

to another between or during missions. Data security also needs to be considered when a storage device is de-commissioned or returned for service.

The process used to secure information on storage devices found in applications that involve national security is typically described by one of several published standards discussed previously. The process used in commercial applications is normally less formal. The end goal in both cases is generally the same however, either elimination of the data or removal of access to the data using a destructive process.

Although methods have been developed to secure data on hard disk drives (HDDs), there are still standards and procedures in place that are extremely time consuming or require procedures such as degaussing which render the product unusable. As a result, a large percentage of HDD users resort to completely destroying drives using expensive shredding devices to prevent the data on them from falling into the wrong hands. Fortunately, securing data on flash-based SSDs is fundamentally easier, less time consuming and non-destructive.

The primary methods of removing data from flash based SSDs is, by performing erasing and sanitizing procedures which completely eliminates the data and leaves the drive in a usable state.

Data Elimination Procedures SMART Storage System Xcel-200 executes two separate data elimination procedures; Crypto

Erase and Flash Erase. An ATA-8 Security Erase command is used to initiate the erase procedures. The crypto Erase function renders information stored on the SSD useless and unavailable as quickly as possible. When the Crypto Erase procedure is activated, the existing User Data Key is eliminated. This process is executed in a few hundred milliseconds and renders the data encrypted with the former encryption key unintelligible.

A new User Data Key is automatically generated after the erase process has completed. All information written to or read from the SSD after the Crypto Erase procedure is processed through the encryption engine using this new key. Data written to the drive using the previous key is unintelligible, as decrypting it with the new key cannot result in reading the original data written to the SSD.

The Flash Erase procedure goes one step further and erases all flash cells containing user data on the SSD. This is a physical flash operation that sets all flash bits containing user data to their erased state. All flash pages used for over provisioning, wear leveling, and bad block management are also erased.

Sanitization U.S. government sanitization procedures, such as DoD NISPOM 5220-22-M, DoD NISPOM 5220-22-M Sup 1, Army 380-19, and IRIG 106-2007, chapter 10.8 call for a specific pattern to be written to the flash. Since the encryption process

DATA ELiMiNATioN iN HARD DiSK DRivES



built into encrypting drives encrypts all user data written to the flash it is impossible for a specific pattern to be written to the flash. It remains to be seen whether these procedures will be deemed acceptable when used with encryption or whether new procedures will be certified to take advantage of the powerful and flexible characteristics of encryption.

Summary As the amount of sensitive data we store continues to proliferate, the need to develop creative ways to protect that data from unauthorized use becomes more important.

The fact that SSDs are primarily used for mission and business-critical applications means that they are likely to contain sensitive data that needs to be protected. SMART’s SSDs are designed with redundant methods of data protection to give its customers peace of mind that their data is always secure, through the use of encryption, and can be totally eliminated at any time, through the use of the erase procedure.

Securing user data from unauthorized use has been a hallmark of SMART SSD products for more than a decade. The addition of AES encryption to our products is the next step in providing customers the very best in storage data security.

ContactsSMART Storage SystemsCustomer Service:Tel: (+1) 978-303-8500Fax: (+1) [email protected]

References 1. About AES – Advanced Encryption

Standard, A short introduction, Svante Seleborg, Axantum Software AB, August 2007

2. FIPS 140-2 Security Requirements for Cryptographic Modules, NIST Information Technology Laboratory, May 25, 2001

3. NSA/CSS Manual 9-12 NSA/CSS Storage Device Declassification Manual, NSA Media Technology Center, 2000

4. NIST 800-88 Guidelines for Media Sanitization, NIST Information Technology Laboratory, Sep 2006

5. NAVSO P-5239-26, Remanence Security Guidebook, Information Systems Security (INFOSEC) Program Guidelines, Sep. 1993

6. Air Force AFSSI 5020 Remanence Security, Air Force Command, Control, Communications and Computer Agency, Information Protection Division, Aug. 1996

7. DoD NISPOM 5220-22-M National Industrial Security Program Operating Manual, U.S. Government Printing Office, Feb. 2006

8. DoD NISPOM 5220-22-M Sup 1 National Industrial Security Program Operating Manual (Revised), U.S. Government Printing Office, Jan. 1995

9. Army 380-19 Information Systems Security, Department of the Army, Feb. 1998

10. IRIG 106-2007, chapter 10.8 RCC Document 106-07, Telemetry Standard, Chapter 10.8 Digital Recording Standard – Declassification, Sep. 2007

11. EE Times article on Brute Force Attacks, see: http://www.eetimes.com/design/embedded-internet-design/4372428/How-secure-is-AES-against-brute-force-attacks-

12. Information on the AES standard, see: csrc.nist.gov/publications/fips/fips197/fips- 197.pdf

DATA ELiMiNATioN



Dealing with the Deluge of Data: Storage System DevelopmentsMary Dub, Editor, Defence Industry Reports

MiLiTARy DATA Storage systems share three key features in common with the

civilian market: an explosion of data, inflexible infrastructures and escalating complexity1. This takes place in an environment of surging demand for increased data velocity and veracity. Meanwhile, budgets for managing infrastructure are flat. Military iT commanders are working to manage this, but according to iBM, 23% of iT projects are over budget and behind schedule, a challenging scenario. And the scale of the issue in the Department of Defense is vast. A report in July 2012 for the Congressional Research Service on Federal information Technology Reform Management draws a picture of the scale of the issue. The level of power consumption by data centers alone is indicative: “The Department of Defense (DoD) is the single largest energy consumer in the nation. As the largest owner of federal data centers, with 772, the DoD has more than twice as many centers as any other agency.” yet the scale of this consumption of energy represents an opportunity to the industry as the pressure for consolidation and reduction in power consumption ramps up. By consolidating some of its data centers, DoD could have a significant positive impact on energy savings for the federal government.2 Where does the energy go?

The Dramatic Growth in Department of Defense Internet UseThe Congressional Research Service identifies the growth of demand for power for internet use by the Department of Defense: “Worldwide energy use by data centers doubled from 2000 to 2006 and a number of factors continue to drive such growth. Among them are electronic financial transactions such as online banking and electronic trading, Internet communication and entertainment, electronic medical records for healthcare, global commerce and services, satellite navigation, and electronic shipment tracking in transportation. Voice-over-Internet

protocol communication has also been growing. Increased Internet use is a major factor in the growth in data processing and storage and requires that business and government enterprises host electronic applications in highly reliable data centers with sufficient server capacity to meet peak and growing loads”. But industry is driving innovation in this area and the technological developments of Solid State Disk drives using flash and NAND technology have resulted in new options for data storage managers in the military and civilian fields.

How is the Power use Explained?Virtually all of the power consumed by a data center results in thermal emissions: ultimately, a watt of electric power consumed is a watt of heat generated. Data centers use energy to supply three key components: IT equipment, cooling, and power delivery. A significant amount of energy is required just to remove heat. A breakdown of a data center’s energy use demonstrates that cooling alone may make up half of its electrical demand, while operating the servers and data storage devices (critical loads) may take up a third or more. So a potential future reduction in power used would result in less heat generated and lower cooling requirements, thus establishing a virtuous circle and lower energy costs.

The Arguments for Solid State Disk Drives (SSDs)Some industry consultants argue that one of the most powerful arguments for SSDs is reduction in price combined with increased number of random speed-reads. In the past, applications that read data randomly often resorted to drive short stroking to gain significant performance advantages. In fact, with striping and short stroking of 10 high-end 15,000rpm hard disk drives, performance gains of more than 16× are attainable, resulting in more than 3,000 random reads per second. SSD flash drives can improve random read performance even more significantly. For example, some argue that one SSD drive can attain anywhere from 5,000

A potential future

reduction in power used

would result in less heat

generated and lower

cooling requirements,

thus establishing a

virtuous circle and lower

energy costs.



to 20,000 random reads per second; 10 SSD devices could easily handle 50,000 to 200,000 random reads per second. SSD drives are able to achieve their superior random read performance because they have almost no seek time and absolutely no rotational time reading NAND data.3

Power Consumption Arguments for SSD DrivesIn a comparison of an active enterprise-class hard disk to an active SSD drive, the SSD drive uses only one-half to one-third the power needed by a typical 15,000rpm disk drive. Thus, replacing 10 hard drives with one SSD drive could result in considerable power, cooling, and space savings. The advantages of flash drives are boosted by the features of multi-layer cell (MLC) media over single-layer cell (SLC) media. MLC media signals a tremendous improvement in capacity for flash and SSD devices. This technology also gives a cost advantage in delivering twice the capacity for the same price of the chip.

The Importance of the NAND ControllerThe qualities of the NAND controller in SSDs can be decisive. The NAND controller drives reliability, performance, endurance, capability or security. The controller communicates with the host computer, moves data into and out of the flash, and handles all the flash management tasks such as wear leveling, error correction, and data reliability activities and can extend the endurance of the MLC media4. The NAND

controller also impacts on write amplification which can be a critical factor limiting the random write performance and write endurance in storage devices based on NAND-flash memories. The impact of garbage collection on write amplification is influenced by the level of over-provisioning and the choice of reclaiming policy.5 But the role of metrics and the NAND controller are not the only important features of a decision to use SSDs. As an industry leader driving innovation puts it, servers need to access data faster in near real-time. And while hard drives have become a bottleneck in making this possible, flash based SSDs, a whole new class of storage, has emerged as the solution. For all-flash architectures to work, SSDs must deliver the performance, endurance, and reliability that enterprises demand at the lowest possible cost. While MLC nodes help, NAND management at the system level rather the device level is required. Storage architectures are changing quickly, and NAND management must change to help them fulfil enterprise needs.6

UAv GUiDANCE SySTEM ENHANCED By FAST SSD SToRAGE FRoM SMART SToRAGE SySTEMS



The commander’s

drive to use the latest

technology innovations

to deliver information

superiority in the field

of operations is shared

by the soldier’s delight

at new kit that has the

potential to deliver.

Military Data Storage Systems in Action Don McBarnet, Staff Writer

iNFoRMATioN ovERLoAD is deadly, yet well managed data is among the most potent

weapons of the 21st century and a critical part of the integration of Network Centric Warfare. Across the military, data flow has surged; since the attacks of 9/11, the amount of intelligence gathered by remotely piloted drones and other surveillance technologies has risen 1,600 per cent. on the ground in Afghanistan, troops increasingly use hand-held devices to communicate, get directions and set bombing coordinates.7 The access to and management of intelligence data has become critical to effective war fighting. Unprecedented amounts of raw intelligence information help the military determine what targets to hit and what to avoid. And drone-based sensors have given rise to a new type of analyst who must assess this flow of image-based information. An example of this is the making of decisions on data viewed in the United States from data generated by Unmanned Aerial vehicles flying over Afghanistan. Reading the actions of potentially hostile local people in uncertain situations in the middle of insurgent engagements can be highly problematic. Tactical commanders can make the wrong call and the result can be civilian casualties. “information overload — an accurate description,” said one senior military officer, who spoke on the condition of anonymity because the issue of civilian casualties might result in a court martial. “The deaths would have been prevented,” he said, “if we had just slowed things down and thought deliberately.”

Doing Business with the US Army and Legacy IT AcquisitionsThe commander’s drive to use the latest technology innovations to deliver information superiority in the field of operations is shared by the soldier’s delight at new kit that has the potential to deliver. However, the US Army acquisition process can withhold ruggedized laptops in a complex supply chain until warranties have expired8 or deliver goods that are not compatible with legacy systems. Solid-state drives that lack endurance and resilience by being designed for the civilian rather than the military market can be

a liability. For example one company argues that SSDs should contain a sophisticated controller with adaptive flash management algorithms to actively manage NAND wear leveling plus error management and tuning functions that adjust throughout the life of the flash; there is also a case for memory management algorithms to improve flash endurance. And there is technology to deliver parity inside the drive that allows data to be recovered, rebuilt and accurately returned in cases of a read error due to bit, word line or even total die failure.9

The British Ministry of Defence Legacy Data Storage a Limiting IssueBritain is always proud of its historic legacy – it is less proud of its historic legacy of IT equipment, architectures and software. For the serving officer working in the critical field of logistics this can prove to be a nightmare. “Not only are there increasing volumes of data, there are also several hundred logistic IT systems and applications in Defence to contend with. Some systems are 30-year-old legacies from the Cold War era. Others came from Navy, Army and Air Force unilateral lines of business, where the single supply chain concept did not exist previously. Most of these major systems have their own unique ways of defining and describing logistic data. For example, the concept of an asset is fundamental to logistics. An asset has attributes such as type, description, serial number, location, value and so on. But, frustratingly, there are currently many varying definitions of asset and its attributes across the different logistic IT systems. Not only that, many major systems employ unique proprietary data descriptions, data formats, field lengths, business rules and software coding.”10 The data storage failure by the British Ministry of Defence was so serious it was heavily criticized by the House of Commons National Audit Office: while some data systems are new and of good quality, much of the department’s data, particularly for the base inventory and warehousing areas, is held on IT systems that came into service more than 30 years ago. “These have limited capability and the scope to upgrade their capabilities is often extremely restricted,



and many are no longer supported. Reliance on such systems means that it is very challenging to produce the business information required by stakeholders to run an effective and efficient supply chain. And while this historic legacy of data storage systems is a headache in the UK, it is replicated in many European armies and, undoubtedly, in some corners of American data storage systems as well.

The Need for Better Education of Troops on the Ground on the Importance of Good Data Storage PracticesFor a British soldier on the move rapidly through combat zones and touring in Forward Operating Bases, dealing with data storage is not a subject of any salience. However, information lost on troop rotation results in unnecessary duplication and cost. A senior Research Fellow for Air Power and Technology at the UK’s Royal United Services Institute argues that storage and retrieval is not properly managed in deployed operating environments resulting in large amounts of duplication (up to 50 per cent) across the system or files lost as troops rotate through. Much of this could be fixed through better process and education, she argues.11

Military Data Storage in an Age of AusterityWhile the need for updated data storage systems is undoubtedly huge in both the United States and Europe, to cut costs, to limit power consumption

and to improve efficiency and effectiveness of the armed forces, the operating environment in the United Kingdom is not optimistic for industry innovation. Manpower cuts, large platform cancellations and vigorous cost cutting projects across the services make data storage replacement a lower priority than it should be. And while the United States Army and PEO has a drive to take on and absorb new technologies, the parallel drive to control budgets and limit spending is a brake on the effort to adopt new and effective technologies for data storage.

SoNAR DATA GATHERED By NAvy DESTRoyER iS PRoTECTED By SSDS FRoM SMART SToRAGE SySTEMS



A natural disaster like a

hurricane or earthquake

that disrupts power

supply to a data center

in the United States can

affect operations.

The Many Facets of the Military Data Storage Market Meredith Llewellyn, Lead Contributor

MiL-STD-810, US Department of Defense standards for all equipment is the

benchmark for all military data storage equipment. it is a robust and tested standard of rugged engineering. And although the list is well known for the manufacturers and vendors of SSDs and computer equipment, it is daunting: low pressure for altitude testing; exposure to high and low temperatures plus temperature shock (both operating and in storage); rain (including wind blown and freezing rain); humidity, fungus, salt fog for rust testing; sand and dust exposure; explosive atmosphere; leakage; acceleration; shock and transport shock; gunfire vibration; random vibration. of course, military medical files for storage in the United States do not have to meet all these standards, but public sector defense data does have to meet very high criteria of security. Natural disaster planning has to be part of a military data center manager’s program. A natural disaster like a hurricane or earthquake that disrupts power supply to a data center in the United States can affect operations. As a former Marine officer in charge of a military data center explains, the consequences of power outages in the US can impact on operations in Afghanistan. “The loss of just one cooling unit could cause an entire data center’s temperature to spike above 90 degrees requiring planned shutdowns to prevent system crashes.”12 Similarly, hurricanes can affect data farms requiring considerable forward planning to ride out the storm.

Access Denied: the Ever-Present Security and Encryption IssueMission critical data on the battlefield in the 21st century has to be delivered in real time. The goal of the network-centric battlefield is to deliver “the right information to the right person at the right time,” as Amos Deacon III, president of military data storage provider Phoenix International put it: “I see two major aspects of secure information storage: the ability to have continued access to the info (i.e.,

data availability through redundant components and systems), and security with regard to denial of access to unauthorized personnel through data encryption, multi-level security (MLS), and the ability to quickly sanitize or destroy the info.”

Many Layered Process of EncryptionOfficials at Curtiss-Wright Controls Embedded Computing in Leesburg, Va., and at VMETRO, a Curtiss-Wright Company in Houston, say they agree that encryption is necessary, and not just at the storage level. Military and aerospace systems designers, among others, are “requiring encryption of data, both at the recorder level and in storage devices,” says Tom Bohman, vice president of recorder products business development at Curtiss- Wright Controls Embedded Computing. “Associated with the need for encryption, solid-state disk (SSD) users require purge, fast erase, secure erase, and destruction-erase functions. Because these SSD functions are not instantaneous, it is often beneficial for secure data storage to be performed by the data recorder. Encrypting the data prior to recording it to disk ensures that the data is not accessible without the correct encryption keys and the storage media is not classified.”13

Removable Drives for Added SecurityRugged storage servers for a higher risk environment in aerospace or on operations are increasingly useful. “Removable drives are paramount in rugged servers – both for the ability to rapidly declassify a system and the ability to swap out large amounts of storage,” says Chip Thurston14, technical director/chief architect at rugged storage provider Crystal Group in Hiawatha, Iowa. “Removable drives also help fix logistical issues with sparing, as systems can be configured using the same hardware, with the only differentiator being software. This allows you to spare one chassis and four sets of hard disks, reducing the costs associated with the sparing effort,” says Chip Thurston. During



combat, the data on a disabled Humvee can be safeguarded from falling into the wrong hands by ejecting removable discs, but the data needs to be encrypted to safeguard it in the event the attempt to save it fails.

SSD Have Powerful Advantages for Aircraft and Helicopters“Traditionally, systems that need to be able to take vibration and operate through it with no degradation in performance were limited to using solid-state hard disks,” Crystal Group’s Thurston mentions. “With advancements in vibration tolerance and careful vibration isolation at the chassis level, often rotational disks can be made to handle vibration, depending on the vibration level. If the amount of vibration is substantial, solid-state disks are still the logical step. “Recent changes in the flash industry have allowed solid-state disks to become more affordable, while still maintaining phenomenal vibration tolerance,” Thurston continues. “As flash advancements move forward, we will start seeing better capacity, much faster speeds, and better reliably.” Curtiss-Wright has introduced the SANbric JBOD (just a bunch of disks) storage system and shock isolation units for helicopters. The SANbric rugged, removable storage system enables the use of commercial off-the-shelf (COTS) Fibre Channel disks for high-speed streaming data-recording applications in harsh and high-altitude environments. As SSDs are much the newer technology many mechanical disks are still in use but they can be combined with SSDs for enhanced storage.

The Imagery Revolution and its Impact on Data Storage21st century armed forces are increasingly heavily dependent on image data from UAVs (Unmanned Aerial Vehicles) and satellites to deliver situational awareness in conflict or for humanitarian assistance in times of conflict or disaster. The data storage needs generated by coalition ISTAR during Operation Unified Protector over Libya and during relief operations in Haiti stand as good examples.15 Today’s technologies include public access to satellite and aerial imagery platforms; resilient networks; and larger and faster data storage capabilities on smart phones and tablet computers that are capable of manipulating imagery files using surprisingly high-performance applications that reside locally on the device. Some data needs to be stored in centres where large file sizes can be handled and made accessible to disaster response forces. They need to be stored in areas outside the disaster area and accessible via good bandwidth.

DATA LoGGED By THE F18 HoRNET iS PRoTECTED By SECURE SToRAGE FRoM SMART SToRAGE SySTEMS



“You go to the cloud not

just for the efficiencies

that it might provide you

in terms of using just the

resources that you need

as you need them, but

also ... by going into an

environment where you

centralize the controls

and the protections.”

Future Data Storage options and Dealing with Cyber Warfare Mary Dub, Editor, Defence Industry Reports

CyBER WARFARE is a constant menacing presence in data storage. Whether the

armed forces are the agents or victims, it is an increasingly powerful option in the aggressive armoury of a nation considering military options. in July 2012 in Syria, allegations are emerging that cyber measures are already being used on the ground by NATo forces against the Syrian regime. Cyber techniques are anonymous, deniable, inexpensive, increasingly effective and comparatively risk-free, certainly in terms of own casualties. This makes them attractive in this highly complex, precarious and fraught situation.16

Clandestine Options that Affect Data StorageCyber techniques can be used in both intelligence collection and active disruption of military and government targets. As an example, the Flame virus, which is directed primarily against Iran, has reportedly infected computer systems elsewhere in the Middle East, including Syria. It collects information by monitoring keystrokes, recording data and eavesdropping on audio and camera equipment. Flame can also be activated to attack and take control of computer systems that it has infected. Aggressive cyber warfare could have a much more widespread impact. Active cyber intervention could be focused against command-and-control systems, air defence networks, computerised weapons systems and communications. Beyond the military arena, cyber attack could be used to disrupt civilian infrastructure including radio and TV, power grids,

financial networks, air travel, transport and telecommunications. Even more than the use of airpower, clandestine cyber warfare can reveal the working of western support without compromising anonymity.

Using the Cloud: Private or Public?The reverse implications of cyber warfare are protecting the west’s own data assets from attack. This is an important dimension of the ongoing debate in the defense community about the use of the private cloud or even a specific defense proprietary cloud. Douglas Wiltsie took the lead in Army Program Executive Office for Enterprise Information Systems (PEO EIS) October 2011. As lead, he is charged with taking decisions on the data center/cloud computing environment. He sets the standards, the architecture and also the business concept of how to take legacy systems and move them into the cloud. In an interview he gave to Defense News, he outlines the importance of the issue of structuring of the data so that everyone has access. “So it needs to be in an unstructured format, and the issue becomes how we tag the data. Proprietary systems tag data specifically for their own purposes. Whereas in a cloud-computing environment you have a multi dimensional tag. And so the program has to change in order to be able to use data that’s tagged differently. And then we also have to be able to virtualize it.”17

Building a “Mini Defense Cloud”To assess the cost and work through the process, a pilot mini cloud is being built. “What we



need to do is define for Army leadership what the cost is to take legacy programs and put them into the cloud. The way we’re doing that is by building a mini-cloud with ALTESS (Acquisition, Logistics and Technology Enterprise Systems and Services) at Radford Arsenal [in Virginia].” And this is part of a wider vision of the gigantic task of transferring the bulk of Army data to the cloud: ”We envision that select Army data centers will eventually become federated with other service data centers and DISA facilities to deliver DOD cloud services. So we’re essentially in the early stages of what could be a Herculean effort for the Army, but the vision is to ultimately be able to deliver services to any Army user, anywhere, regardless of user device type.”18 Doug Gardner, technical director of the Program Executive Office for Mission Assurance and Network Operations for the Defense Information Systems Agency (DISA) in Fort Meade, Md., put the argument that work now being made to protect cloud data will eventually lead to better overall IT security and potentially lower costs. “You go to the cloud not just for the efficiencies that it might provide you in terms of using just the resources that you need as you need them, but also... by going into an environment where you centralize the controls and the protections.” Other cyber strategists disagree with these assessments and argue that public clouds are still a danger zone. They argue that there is a case for strong security architecture for a private cloud that could withstand a cloud storm attack, a type of distributed denial-of-service attack. In reply, Gardner argues

that DISA has the very highest standards that are very similar in public and private clouds. DISA encrypts data both at rest and in transit, as well as using access controls based on trusted credentials.

DARPA’s Mission Oriented Resilient Clouds (MRC)To address some of these security concerns, DARPA is funding futuristic projects that may help deal with their perceived need for greater storage security. In February 2011, DARPA gave funding to the Mission Oriented Resilient Clouds (MRC) project. This aims to address some of these security challenges by developing technologies to detect, diagnose and respond to attacks in the cloud; effectively building a ‘community health system’ for the cloud. MRC also seeks technologies to enable cloud applications and infrastructure to continue functioning while under attack.19

DARPA Takes Using Encryption Into the FutureTo further protect data and to allow defense data users to use data in the cloud that has already been encrypted without the inconvenience and loss of time from unencrypting it, DARPA is funding work on homomorphic encryption.20 This $20million research project is looking to develop and accelerate an algorithm that basically allows users to perform operations on the data without having to decrypt it. The former IBM researcher who developed the original algorithm now has the task of making it work 10 million times faster!



References:1 http://www-03.ibm.com/systems/storage/resource/edge/videos.html IBM Edge2012 June 4-8 2012 Orlando, FL. Rod Adkins: ‘Smarter Computing in a

New Era of IT’, Rodney C. Adkins Senior Vice President, IBM Systems and Technology Group

2 Congressional Research Service Department of Defense Implementation of the Federal Data Center Consolidation Initiative: Implications for Federal Information Technology Reform Management

Patricia Moloney Figliola, Coordinator Specialist in Internet and Telecommunications Policy Anthony Andrews, Specialist in Energy and Defense Policy Eric A. Fischer, Senior Specialist in Science and Technology July 12, 2012

3 http://www.silvertonconsulting.com/newsletterd/SSDf_drives.pdf SSD flash drives enter the enterprise By Ray Lucchesi

4 http://www.stecblog.com/ Scott Stetzer Vice President Technical Marketing

5 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.8668 Abstract

6 http://www.flashmemorysummit.com/English/Conference/Keynotes.html#Keynote4 Keynote 4: Flash Storage Meets the Content Challenge Wednesday, August 22nd, 11:00-11:30pm John Scaramuzzo President SMART Storage Systems

7 http://www.nytimes.com/2011/01/17/technology/17brain.html/?pagewanted=all In New Military, Data Overload Can Be Deadly By THOM SHANKER and MATT RICHTEL Published: January 16, 2011

8 http://www.stecblog.com/?cat=65 Mark Flournoy, LtCol USMC (ret) Vice President Government and Defense

9 http://www.stecblog.com/?p=179 Lipstick on a Pig “Ruggedised laptop requirements” Mark Flournoy, LtCol USMC (ret) Vice President Government and Defense

10 http://www.rusi.org/downloads/assets/McTeague_RDS_Nov_2011.pdf “D is for Data Roland McTeague”, a former RAF Engineer Officer

11 http://www.rusi.org/downloads/assets/2011_Air_Power_12_Jul.pdf Air Power 2011 Workshop Reports Elizabeth Quintana

12 Military Disaster Planning Mark Flournoy, LtCol USMC (ret) Vice President Government and Defense http://www.stecblog.com/?cat=14

13 http://www.militaryaerospace.com/articles/print/volume-19/issue-12/features/technology-focus/driving-the-demand-for-data-storage.html December 1, 2008 Sensors span the battlefields, producing a wealth of mission-critical data that must be kept at once readily available and secure. By Courtney E. Howard

14 http://www.militaryaerospace.com/articles/print/volume-19/issue-12/features/technology-focus/driving-the-demand-for-data-storage.html December 1, 2008 Sensors span the battlefields, producing a wealth of mission-critical data that must be kept at once readily available and secure. By Courtney E. Howard

15 Constructive Convergence: Imagery and Humanitarian Assistance, Doug Hanchard, Center for Technology and National Security Policy Institute for National Strategic Studies National Defense University February 2012

16 http://www.rusi.org/downloads/assets/SyriaBriefing.pdf RUSI July 2012 Syria Intervention Briefing Options for Intervention By Colonel (Rtd) Richard Kemp

17 http://defensesystems.com/articles/2012/02/28/interview-army-peo-eis-wiltsie.aspx Army PEO EIS leads data-center drive to common operating environment By Barry Rosenberg March 16, 2012

18 http://defensesystems.com/articles/2012/02/28/interview-army-peo-eis-wiltsie.aspx Army PEO EIS leads data-center drive to common operating environment By Barry Rosenberg March 16, 2012

19 DARPA Mission-Oriented RESILIENT CLOUDS (MRC) PROGRAM MANAGER Dr. Howard Shrobe http://www.darpa.mil/Our_Work/I2O/Programs/Mission-oriented_Resilient_Clouds_(MRC).aspx

20 http://www.i-programmer.info/news/112-theory/2330-darpa-spends-20-million-on-homomorphic-encryption.html DARPA spends $20 million on homomorphic encryption Written by Alex Armstrong Tuesday, 19 April 2011 09:33

Defence industry Reports… the leading specialist combined

online research and networking resource for senior military and defence industry professionals.

• UptotheminuteIndustryandTechnologyNewsandothercontentavailable to all site users on a free of charge, open access basis.

• QualifiedsignedupmembersareabletoaccesspremiumcontentSpecialReports and interact with their peers using a variety of advanced online networking tools.

• Designedtohelpusersidentifynewtechnicalsolutions,understandtheimplications of different technical choices and select the best solutions available.

• ThoughtLeadership–Adviceandguidancefrominternationallyrecogniseddefence industry key opinion leaders.

• PeerInput–Contributionsfromseniormilitarypersonnelanddefence industry professionals.

• IndependentEditorialContent–Expertandauthoritativeanalysisfrom award winning journalists and leading industry commentators.

• UnbiasedSupplierProvidedContent.

• Designedtofacilitatedebate.

• Writtentothehighestprofessionalstandards.

Defence Industry Reports….the

leading specialist combined

online research and networking

resource for senior military and

defence industry professionals.

• Up to the minute Industry and Technology News and other content available to

all site users on a free of charge, open access basis.

• Qualified signed up members are able to access premium content Special

Reports and interact with their peers using a variety of advanced online

networking tools.

• Designed to help users identify new technical solutions, understand the

implications of different technical choices and select the best solutions

available.

• Thought Leadership - Advice and guidance from internationally recognised

defence industry key opinion leaders

• Peer Input - Contributions from senior military personnel and defence industry

professionals

• Independent Editorial Content - Expert and authoritative analysis from award

winning journalists and leading industry commentators

• Unbiased Supplier Provided Content

• Designed to facilitate debate

• Written to the highest professional standards

Visit: www.defenceindustryreports.com

Documents

Special Report – Military Data Storage Solutions