Army requires security hardware for all PCs

Coming mandate specifies that new computers contain a standard Trusted Platform Module

A new Army mandate to be published within weeks will require all Army computers to have a chip on the motherboard that is dedicated to performing security functions. The semiconductor, called the Trusted Platform Module (TPM), will interact with security features in Microsoft’s upcoming Vista operating system.

The Army’s Network Enterprise Technology Command gave its approval to act on the new requirement before issuing an announcement or guidelines. One of the first steps to acquiring the new security capabilities occurred in March, when the Army Small Computer Program purchased Dell and Gateway laptop PCs with TPM Version 1.2 installed.

“We haven’t fully integrated TPM with software yet, but we are pre-positioned with the hardware,” said Ed Velez, chief technology officer at the Army’s Program Executive Office for Enterprise Information Systems. The Army won’t be retrofitting older computers, Velez said.

If the Army succeeds in deploying TPM, the Joint Task Force for Global Network Operations might adopt the requirement for the entire Defense Department. “What you’re seeing is the services adapt to computer security threats and come up with solutions that are adopted as best practices for the joint community,” Velez said. “A lot of the security tools and processes we’re looking at are for joint operations.”

Developed by the Trusted Computing Group, TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce vendor-neutral, industry-standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members.

Wave Systems, a founding TCG member, provides software for managing trusted computing systems and devices. That software comes with Dell and Gateway TPM systems.

The chief benefits of TPM include strong data protection and authentication to access the network, said Steven Sprague, Wave’s president and chief executive officer.

IDC estimates that 80 percent of all laptop PCs will come with TPM chips installed by 2009. Full activation of TPM, however, requires considerable work, experts say. “TPM is hardware,” said Charles Kolodgy, IDC’s director of security products research. “It needs software to make full use of it.”

Vista’s release will expand the software market and make TPM more valuable, Kolodgy said.

“TPM can be used to solve a lot of different problems,” said Ned Smith, a senior security architect at Intel. The applications for stolen laptop PCs are obvious, in that the technology can prevent unauthorized users from accessing data, Smith said. It can also protect desktop PCs. Although PCs are not as easy to steal, thieves can copy data to a CD, DVD or USB memory stick.

The differences between TPM and existing security technology are that TPM uses standards, offers a potential for uniformity and provides the ability to capture the integrity of the platform at a chip hardware level.

“For security to be meaningful, it has to be ubiquitous and based on standards everyone agrees to,” Smith said. “Otherwise, what you have is fragmented solutions, and it’s impossible for IT managers to have a comprehensive security strategy.”

Gerber is a freelance writer based in Kingston, N.Y.

DOD considers more network security measures

The Defense Department is considering another Trusted Computing Group security technology, called Trusted Network Connect (TNC), an open architecture with standard specifications for endpoint integrity on any client device. TNC gives network administrators the ability to enforce security policies when a computer connects to the network.

TCG members developed TNC, which evaluates requests that the computer network receives for access and weeds out those that do not conform to the organization’s policies. TNC also comes with application programming interfaces that can link its components to the Trusted Platform Module (TPM) chip, said Steve Hanna, a distinguished engineer at Juniper Networks and co-chairman of TCG’s Trusted Network Connect subgroup.

Using TNC with TPM accomplishes a secure boot, making it possible to detect malicious attacks such as rootkit, a sneaky infection that hides at a low level of the machine and submits false reports to antivirus software.

“If you have an attack on firmware, then you can’t trust the reporting software that is higher up in the chain,” said Ned Smith, a senior security architect at Intel. “There’s a cascading interdependence between the operating system software and the firmware that is the basis for trusting the TNC client.”

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above