Army requires security hardware for all PCs

Coming mandate specifies that new computers contain a standard Trusted Platform Module

A new Army mandate to be published within weeks will require all Army computers to have a chip on the motherboard that is dedicated to performing security functions. The semiconductor, called the Trusted Platform Module (TPM), will interact with security features in Microsoft’s upcoming Vista operating system.

The Army’s Network Enterprise Technology Command gave its approval to act on the new requirement before issuing an announcement or guidelines. One of the first steps to acquiring the new security capabilities occurred in March, when the Army Small Computer Program purchased Dell and Gateway laptop PCs with TPM Version 1.2 installed.

“We haven’t fully integrated TPM with software yet, but we are pre-positioned with the hardware,” said Ed Velez, chief technology officer at the Army’s Program Executive Office for Enterprise Information Systems. The Army won’t be retrofitting older computers, Velez said.

If the Army succeeds in deploying TPM, the Joint Task Force for Global Network Operations might adopt the requirement for the entire Defense Department. “What you’re seeing is the services adapt to computer security threats and come up with solutions that are adopted as best practices for the joint community,” Velez said. “A lot of the security tools and processes we’re looking at are for joint operations.”

Developed by the Trusted Computing Group, TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce vendor-neutral, industry-standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members.

Wave Systems, a founding TCG member, provides software for managing trusted computing systems and devices. That software comes with Dell and Gateway TPM systems.

The chief benefits of TPM include strong data protection and authentication to access the network, said Steven Sprague, Wave’s president and chief executive officer.

IDC estimates that 80 percent of all laptop PCs will come with TPM chips installed by 2009. Full activation of TPM, however, requires considerable work, experts say. “TPM is hardware,” said Charles Kolodgy, IDC’s director of security products research. “It needs software to make full use of it.”

Vista’s release will expand the software market and make TPM more valuable, Kolodgy said.

“TPM can be used to solve a lot of different problems,” said Ned Smith, a senior security architect at Intel. The applications for stolen laptop PCs are obvious, in that the technology can prevent unauthorized users from accessing data, Smith said. It can also protect desktop PCs. Although PCs are not as easy to steal, thieves can copy data to a CD, DVD or USB memory stick.

The differences between TPM and existing security technology are that TPM uses standards, offers a potential for uniformity and provides the ability to capture the integrity of the platform at a chip hardware level.

“For security to be meaningful, it has to be ubiquitous and based on standards everyone agrees to,” Smith said. “Otherwise, what you have is fragmented solutions, and it’s impossible for IT managers to have a comprehensive security strategy.”

Gerber is a freelance writer based in Kingston, N.Y.

DOD considers more network security measures

The Defense Department is considering another Trusted Computing Group security technology, called Trusted Network Connect (TNC), an open architecture with standard specifications for endpoint integrity on any client device. TNC gives network administrators the ability to enforce security policies when a computer connects to the network.

TCG members developed TNC, which evaluates requests that the computer network receives for access and weeds out those that do not conform to the organization’s policies. TNC also comes with application programming interfaces that can link its components to the Trusted Platform Module (TPM) chip, said Steve Hanna, a distinguished engineer at Juniper Networks and co-chairman of TCG’s Trusted Network Connect subgroup.

Using TNC with TPM accomplishes a secure boot, making it possible to detect malicious attacks such as rootkit, a sneaky infection that hides at a low level of the machine and submits false reports to antivirus software.

“If you have an attack on firmware, then you can’t trust the reporting software that is higher up in the chain,” said Ned Smith, a senior security architect at Intel. “There’s a cascading interdependence between the operating system software and the firmware that is the basis for trusting the TNC client.”

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group