
not usually the technology thats the flaw
Its the humans, leaving papers on the train for example.
It would be nice to know how big a super computer you would need to break pgp disk encryption !
The UK MoD has certified PGP Corporation's whole disk encryption technology as suitable for use on British military computers. However, like most software-only solutions, it has been approved only for machines holding fairly low-level information. PGP Whole Disk Encryption had previously passed the UK government's baseline …
I'm somewhat suprised that PGP and BitLurker get the same rating ... it would be interesting to know what hoops PGP would have to jump through to get the next level.
personally, given the track record, I'd not trust a closed source disk encryption product, especially one from an outfit with repeated security fails like MS.
In my experience, level 3 stuff is pretty mediocre anyway. RAF Chislewick plans to resurface the runway; RAF Little Hampton needs a new astroturf for the hockey pitch; etc. I suppose some poor office monkey somewhere had to classify them and plumped for the safe option.
AC, but if I'm screwed over with the Official Secrets Act for telling you THAT...!
Mine's the one with polonium-210 in the pocket.
Are any Apple OS's certified for use with classified information? If not, then it's not an issue as the information won't be on the Apple computer in the first place.
If someone did have classified information on a computer with an uncertified OS, then they probably wouldn't be that bothered about whether or not their encryption package was certified too.
Yes, Only because HP/EDS have carefully set the virus scan to run immediately on login, so you sit there for an hour in the morning waiting for the virus scan to complete before you can use the workstation, then when you try to load outlook (97) you get the error message "system is running low on virtual memory".
You don't actually believe that they would let anyone USE the NT workstations do you?
(Nope theres no noise outside, and thats not a black helicopter)
The usual blurb from the Register that stuff at SECRET level isn't particurly interesting, spoken/written by someone that's probably had little to do with protectively marked data.
Au contraire mon ami, somestime stuff at lower levels *is* interesting but I can't tell you what, because I'd have to kill you.
You really need to ditch this attitude that the MoD is paranoid and protectively marks data when it doesn't need to be. However, I will admit, that some stuff at restricted shouldn't be marked so, but then again...some stuff should be.
@AC "In my experience, level 3 stuff is pretty mediocre anyway. RAF Chislewick plans to resurface the runway; RAF Little Hampton needs a new astroturf for the hockey pitch; etc. I suppose some poor office monkey somewhere had to classify them and plumped for the safe option."
Or deliberate? - I guess a fair chunk of Russian/Chinese/American de-crypto hardware is slowly discovering that. Getting the enemy to target the wrong stuff is one of the most valuable ways of protecting the 'crown jewels'. Indeed the best security is that that can't be noticed ...
Yeah, we could employ our own disc-encryption technicians, and use the original GPL-licensed products, and do it all ourselves - but in a way, you're just inventing your own brand of 'proprietary'. Support for disc encryption that does not seriously impact machine performance across thousands of laptops, of dozens of different models, across multiple international sites, is decidedly non-trivial.
How many of the commenters, on this story are typing on machines with full-disc encryption in place, I wonder? If you are (and you installed it all yourself from source) how long did it take? If you don't think it took you that long, then I have a proposition for you: we have 2,600+ laptop users, across nine different sites in the UK. Some of them have more than one laptop... Care to drop by and replace the PGP full-disc, on all of them, with your free alternative? We'll want at least three year's support thrown in. How about we start next Thursday at our Merseyside depot? I must tell you, if you are successful, we also have offices in Malaysia, Cyprus and California, among other places, with about another 1,500 laptops. Unfortunately, you won't get to see to much of the local nightlife, because you'll be too busy installing encryption software...
PGP may be expensive, but at least the actual source code is available on line, unlike Bitlocker. You offload the support overheads and reduce the 'bus-factor' inherent in employing your own specialists - and most importantly, you can assure any external auditing body that a stolen machine was secured using a recognised product, from a specialist supplier, rather than just some roll-your-own solution installed at your 'say-so'.
That company you keep hearing about having it's laptops stolen? That's us. You get to hear about our laptops being stolen, partly because we have so many of the damn things, but mostly because we can dare to own up to the fact that they've been stolen. Ironically enough, we're probably one of the few commercial companies, with a UK arm, that deploys the kind of hardware that could force-decrypt one of the things. Fortunately for the spooks, all our spooky hardware is too busy paying the payrolls and pensions schemes of Police forces, the NHS, county councils, and - yes - the military.
I certainly think this is a step up, in securing military laptops, from slinging them in the sea from the decks of cross-channel ferries!
I work in an organisation that has well over 10 times (could be 20 times) your 2,600 laptops and full disc encryption was rolled out recently without manual involvement from either the techs or the users (beyond clicking on a button and thinking up a passphrase). There were a small number of problems that required manual intervention but these were mainly caused by users messing with their laptop configurations (ie.things like dual-booting - which is specifically not supported and non-standard partition layouts).
the laptops are connected to a network. An 'R' laptop can only be connected to an 'R' network, so if you users are remote and you don't have the required infrastructure to connect to these machines then you are bit screwed. We have 'R' machines but no remote 'R' network connectivity - makes software installation a bit trickier.
If yours is an 'R' (or higher) infrastructure then congratulations (and I am impressed) but don't assume that is the case for all MOD restricted devices.
"Unless you think that the Russian FSB are going to lift your crypto keys right out of your RAM using a miracle Tempest probe from the next hotel room"
I take it that you're still under the illusion that Spooks is entirely fake? When will people realise that Section D is a real (and major) part of our intelligence agencies?
"experience suggests that in fact nothing terribly interesting is normally to be found in MoD files even at the SECRET level, let alone CONFIDENTIAL, and maybe they could relax a bit." .... Quite so, Lewis, but they do like to think of themselves as heroes rather than zeroes
Runway resurfacing would be properly protected - it's commercially sensitive.
Restricted is just personal detail stuff - like the names, adresses, social security numbers and passport details of everybody who had ever expressed an interest in joining the army. Stuff that couldn't possibly be of use to the enemy.
This must now be PGP encrypted with the password (which should be either "password" or "secret") written on a post-it note and stuck onto the CD or laptop.
'Restricted is just personal detail stuff'...
Erm....wrong. Lots of information can be classified as restricted and hence handled as IL3, and in fact quite a lot of the information you listed isn't even Restricted - it would be PROTECT - PERSONAL (IL2),although it may be handled as IL3 if lots of it exists in one place (aggregation rules).
The guidelines for restricted are clearly defined (I will assume you know where) and specific information classifications regarding individual projects on which the public may work are defined in the SAL - where they may decide, for example, to say that the Name of the head of the project is restricted, or the location, or anything. The fact that YOU may have only come into contact with information (maybe in a project) which was classified as R, and that included only personal stuff does not make it a rule.
>MS is not closed source if you are a government or any company over a trivial size.
Yes you can get a license to view the source code yourself.
But not hand it out to every crypto researcher in every university to look for vulnerabilities.
You can't recompile and replace the signed code running in the windows kernel - so you have no idea if the source you have been given is the code that is running.
You don't know if the next windows update will replace the code with a version that has a backdoor.
Paranoid? Yes - it's also paranoid to think that somebody is going to attack you, but they still let the army have guns.
Any software, no matter what it's merits, is only as secure as the operating system.
If the OS is compromised, then so is the encrypted data.
It makes sense that a software only product has a maximum security rating. Making software stronger only means that the software is no longer the weakest link.
Higher security (above that of the windows OS) require hardware encryption.
All security products are vulnerable to physical access. An attacker can simply place a bug to record all passwords/fingerprints/etc. One time key generators are the only way to defeat these "bugs" and even these can be "burrowed" along with the machine.
Nothing should be on the laptop except a method to very securely attach to your servers to access those files which should never be anywhere near top secret. The military et al should not be working from home or dragging files all over the place. The strength of encryption should always match the value of the data and the length of time the data is useful to a dodgy third party. If you slap those large keys around someone will crack them eventually.
I can envisage a number of scenarios where you might want to access restricted documents but not be able to connect to a server. Shall we start with something mundane like looking up vehicle or weapon repair details somewhere in the field. We might go on to looking at pictures of suspects in a hide somewhere in the middle of nowhere. Then of course there is the scenario where there are no servers left to access, but I think that's called a "worse case scenario".
we managed operations in Ireland and other far flung places without resort to such needs and often with greater success than we are achieving now. IT cannot solve everything and sometimes it is a total crap crutch. As for field repairs - anything that needs a manual is sent back to the manfacturer and you should know your weapons (small to medium arms) backward.
You could equally argue the case that there should be "no external access" to any hardware holding (say) Secret and above. Stalemate.
Actually what you should be doing is deciding on a case by case basis, and having appropriate policies and processes in place to support the need to take copies of protected documents (paper or eletronic) off site.
IronKey! And no, I don't get commission...
If they put software encryption on a UK-R machine or other physical protection on a machine with higher classification (not connecting to lower classification networks would be a start) then they're being paranoid but if a machine goes missing with such data on it (regardless of the encryption employed), they're being lax?
When do you start as tech correspondent for the News of the World?