Army requires security hardware for all PCs

Coming mandate specifies that new computers contain a standard Trusted Platform Module

A new Army mandate to be published within weeks will require all Army computers to have a chip on the motherboard that is dedicated to performing security functions. The semiconductor, called the Trusted Platform Module (TPM), will interact with security features in Microsoft’s upcoming Vista operating system.

The Army’s Network Enterprise Technology Command gave its approval to act on the new requirement before issuing an announcement or guidelines. One of the first steps to acquiring the new security capabilities occurred in March, when the Army Small Computer Program purchased Dell and Gateway laptop PCs with TPM Version 1.2 installed.

“We haven’t fully integrated TPM with software yet, but we are pre-positioned with the hardware,” said Ed Velez, chief technology officer at the Army’s Program Executive Office for Enterprise Information Systems. The Army won’t be retrofitting older computers, Velez said.

If the Army succeeds in deploying TPM, the Joint Task Force for Global Network Operations might adopt the requirement for the entire Defense Department. “What you’re seeing is the services adapt to computer security threats and come up with solutions that are adopted as best practices for the joint community,” Velez said. “A lot of the security tools and processes we’re looking at are for joint operations.”

Developed by the Trusted Computing Group, TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce vendor-neutral, industry-standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members.

Wave Systems, a founding TCG member, provides software for managing trusted computing systems and devices. That software comes with Dell and Gateway TPM systems.

The chief benefits of TPM include strong data protection and authentication to access the network, said Steven Sprague, Wave’s president and chief executive officer.

IDC estimates that 80 percent of all laptop PCs will come with TPM chips installed by 2009. Full activation of TPM, however, requires considerable work, experts say. “TPM is hardware,” said Charles Kolodgy, IDC’s director of security products research. “It needs software to make full use of it.”

Vista’s release will expand the software market and make TPM more valuable, Kolodgy said.

“TPM can be used to solve a lot of different problems,” said Ned Smith, a senior security architect at Intel. The applications for stolen laptop PCs are obvious, in that the technology can prevent unauthorized users from accessing data, Smith said. It can also protect desktop PCs. Although PCs are not as easy to steal, thieves can copy data to a CD, DVD or USB memory stick.

The differences between TPM and existing security technology are that TPM uses standards, offers a potential for uniformity and provides the ability to capture the integrity of the platform at a chip hardware level.

“For security to be meaningful, it has to be ubiquitous and based on standards everyone agrees to,” Smith said. “Otherwise, what you have is fragmented solutions, and it’s impossible for IT managers to have a comprehensive security strategy.”

Gerber is a freelance writer based in Kingston, N.Y.

DOD considers more network security measures

The Defense Department is considering another Trusted Computing Group security technology, called Trusted Network Connect (TNC), an open architecture with standard specifications for endpoint integrity on any client device. TNC gives network administrators the ability to enforce security policies when a computer connects to the network.

TCG members developed TNC, which evaluates requests that the computer network receives for access and weeds out those that do not conform to the organization’s policies. TNC also comes with application programming interfaces that can link its components to the Trusted Platform Module (TPM) chip, said Steve Hanna, a distinguished engineer at Juniper Networks and co-chairman of TCG’s Trusted Network Connect subgroup.

Using TNC with TPM accomplishes a secure boot, making it possible to detect malicious attacks such as rootkit, a sneaky infection that hides at a low level of the machine and submits false reports to antivirus software.

“If you have an attack on firmware, then you can’t trust the reporting software that is higher up in the chain,” said Ned Smith, a senior security architect at Intel. “There’s a cascading interdependence between the operating system software and the firmware that is the basis for trusting the TNC client.”

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.