Army requires security hardware for all PCs

Coming mandate specifies that new computers contain a standard Trusted Platform Module

A new Army mandate to be published within weeks will require all Army computers to have a chip on the motherboard that is dedicated to performing security functions. The semiconductor, called the Trusted Platform Module (TPM), will interact with security features in Microsoft’s upcoming Vista operating system.

The Army’s Network Enterprise Technology Command gave its approval to act on the new requirement before issuing an announcement or guidelines. One of the first steps to acquiring the new security capabilities occurred in March, when the Army Small Computer Program purchased Dell and Gateway laptop PCs with TPM Version 1.2 installed.

“We haven’t fully integrated TPM with software yet, but we are pre-positioned with the hardware,” said Ed Velez, chief technology officer at the Army’s Program Executive Office for Enterprise Information Systems. The Army won’t be retrofitting older computers, Velez said.

If the Army succeeds in deploying TPM, the Joint Task Force for Global Network Operations might adopt the requirement for the entire Defense Department. “What you’re seeing is the services adapt to computer security threats and come up with solutions that are adopted as best practices for the joint community,” Velez said. “A lot of the security tools and processes we’re looking at are for joint operations.”

Developed by the Trusted Computing Group, TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce vendor-neutral, industry-standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members.

Wave Systems, a founding TCG member, provides software for managing trusted computing systems and devices. That software comes with Dell and Gateway TPM systems.

The chief benefits of TPM include strong data protection and authentication to access the network, said Steven Sprague, Wave’s president and chief executive officer.

IDC estimates that 80 percent of all laptop PCs will come with TPM chips installed by 2009. Full activation of TPM, however, requires considerable work, experts say. “TPM is hardware,” said Charles Kolodgy, IDC’s director of security products research. “It needs software to make full use of it.”

Vista’s release will expand the software market and make TPM more valuable, Kolodgy said.

“TPM can be used to solve a lot of different problems,” said Ned Smith, a senior security architect at Intel. The applications for stolen laptop PCs are obvious, in that the technology can prevent unauthorized users from accessing data, Smith said. It can also protect desktop PCs. Although PCs are not as easy to steal, thieves can copy data to a CD, DVD or USB memory stick.

The differences between TPM and existing security technology are that TPM uses standards, offers a potential for uniformity and provides the ability to capture the integrity of the platform at a chip hardware level.

“For security to be meaningful, it has to be ubiquitous and based on standards everyone agrees to,” Smith said. “Otherwise, what you have is fragmented solutions, and it’s impossible for IT managers to have a comprehensive security strategy.”

Gerber is a freelance writer based in Kingston, N.Y.

DOD considers more network security measures

The Defense Department is considering another Trusted Computing Group security technology, called Trusted Network Connect (TNC), an open architecture with standard specifications for endpoint integrity on any client device. TNC gives network administrators the ability to enforce security policies when a computer connects to the network.

TCG members developed TNC, which evaluates requests that the computer network receives for access and weeds out those that do not conform to the organization’s policies. TNC also comes with application programming interfaces that can link its components to the Trusted Platform Module (TPM) chip, said Steve Hanna, a distinguished engineer at Juniper Networks and co-chairman of TCG’s Trusted Network Connect subgroup.

Using TNC with TPM accomplishes a secure boot, making it possible to detect malicious attacks such as rootkit, a sneaky infection that hides at a low level of the machine and submits false reports to antivirus software.

“If you have an attack on firmware, then you can’t trust the reporting software that is higher up in the chain,” said Ned Smith, a senior security architect at Intel. “There’s a cascading interdependence between the operating system software and the firmware that is the basis for trusting the TNC client.”

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.