Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Army to Encrypt Computers
Government Computer News ^ | 22 Aug 2006 | Dawn S. Onley, GCN Staff

Posted on 08/24/2006 4:12:10 AM PDT by COBOL2Java

Fort Lauderdale, Fla.—The Army is kicking off a pilot program to begin encrypting data on notebook computers.

Lt. Gen. Steven Boutelle, Army CIO, said the service would also soon release a policy that instructs Army personnel to perform an accounting of notebooks and other mobile devices.

Both efforts are in response to data breaches that occurred in the Energy and Veterans Affairs departments, Boutelle said. The intent is to easily determine if a computer has been stolen and to encrypt data so information on that computer is protected. The Army must take a proactive role to secure mobile systems and can't wait for the next newspaper article to appear on another federal data breach, Boutelle told attendees at the Army LandWarNet Conference sponsored by AFCEA. The theme of the conference is "Delivering Joint Integrated Solutions to the Warfighter Today."

"We're going to give you guidance in the next few weeks to immediately identify all your notebook computers," Boutelle said. "Data at rest is data at risk. Don't be the one who loses that notebook computer and the data on it is not encrypted, after you've seen what's happened to the other federal agencies."

Once the guidance is released, the Army will require users to put a sticker on each notebook computer and mobile device, to categorize equipment by mobile device versus non-mobile and to label appropriately, and to halt the practice of removing mobile computers from secure areas unless the data on the systems is protected. Among the Army's accepted encryption software programs are PointSec, Credant Technologies and Microsoft's Encrypting File System.

"I know what I own now. Now it's my job to manage it properly," Boutelle said.

(Excerpt) Read more at gcn.com ...


TOPICS: Extended News; Government; News/Current Events; War on Terror
KEYWORDS: cybersecurity
Navigation: use the links below to view more comments.
first 1-2021-28 next last

1 posted on 08/24/2006 4:12:10 AM PDT by COBOL2Java
[ Post Reply | Private Reply | View Replies]

To: COBOL2Java
We are at war! Why hasn't this been SOP. No telling what is floating around out there!
2 posted on 08/24/2006 4:21:15 AM PDT by Coldwater Creek ("Over there, over there, We won't be back 'til it's over Over there.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: mariabush
We are at war! Why hasn't this been SOP. No telling what is floating around out there!

Agreed. OTOH, encryption slows down computers. There may have been reluctance from the speed freaks.

3 posted on 08/24/2006 4:24:38 AM PDT by COBOL2Java (Freedom isn't free, but the men and women of the military will pay most of your share)
[ Post Reply | Private Reply | To 2 | View Replies]

To: COBOL2Java

The most easily exploitable vulnerability in any organization is its people. Policies and procedures are great, but they don't work if people don't properly adhere to them.

Here are some simpler suggestions that would be more effective, just off the top of my head...

1. Stop putting social security numbers on every form. Soldiers put their SSN on leave forms, physical fitness score sheets, equipment receipts, and many other forms that are not necessary.

2. Stop giving access to this personal information to just any schmoe in the unit. The training room "NCO" in most units - at least maneuver units - is generally a computer savvy E-4 that a platoon sergeant wants to get rid of either due to physical or disciplinary problems. This is the guy that we entrust with Soldiers' SSN, address, next of kin, phone number, etc?

3. Stop using personal computer equipment at work. Soldiers routinely take home thumb drives that they use at work - be they drives purchased by the Army or purchased with personal money. Also, because the Army has such a hard time of keeping up with new technology, many Soldiers and leaders use personal laptops because the Army laptops so frequently lock up or crash.

4. Implement a 100% shred policy. Every office has a shredder and guidance to shred classified or sensitive paperwork. Seriously, who is sifting through the trash to check on this, other than theives/enemies? Soldiers and leaders don't care about paper shredding - they care about training, maintenance, and physical fitness. Simply the process by shredding all paper. Then if you see paper in the trash, you immediately know that something is wrong, rather than having to dig through and check each sheet, which won't happen.

But what do I know?


4 posted on 08/24/2006 4:27:33 AM PDT by Axhandle (The sun feels good on my baboon heart.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: COBOL2Java

What does this accomplish? My impression from the early days of encryption was that bulk encryption is weak because the encrypted files contain too much known plaintext that can be matched up to ciphertext for brute force attacks. Has this problem been solved?


5 posted on 08/24/2006 4:29:26 AM PDT by palmer (Money problems do not come from a lack of money, but from living an excessive, unrealistic lifestyle)
[ Post Reply | Private Reply | To 1 | View Replies]

To: COBOL2Java

Gee, what a concept.


6 posted on 08/24/2006 4:34:33 AM PDT by DustyMoment (FloriDUH - proud inventors of pregnant/hanging chads and judicide!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: COBOL2Java

The best one I saw was a street vendor in Osan Soouth Korea selling his food wrapped in paper he got from the base. The "paper" was payroll records and he had thousands of pages.


7 posted on 08/24/2006 4:49:45 AM PDT by driftdiver
[ Post Reply | Private Reply | To 1 | View Replies]

To: palmer
At the very least it will make it difficult and time consuming for anyone but the very determined thief to access the data. Indeed, this is a policy that any company should follow that has data that would cause problems should it be published on a public web site. But it doesn't have to be any big deal- most collections of data such as employee records only have a few fields that must remain confidential, such as the SSN field in a payroll spreadsheet. Indeed, in many applications, even the user of the data doesn't have to be able to make sense of an encrypted SSN in order to do any calculations. So, the user only has to retain the field on the record as a unique tag but doesn't have to have the decoding key.
8 posted on 08/24/2006 4:50:02 AM PDT by theBuckwheat
[ Post Reply | Private Reply | To 5 | View Replies]

To: palmer

"What does this accomplish? My impression from the early days of encryption was that bulk encryption is weak because the encrypted files contain too much known plaintext that can be matched up to ciphertext for brute force attacks. Has this problem been solved?"

Depends what tool they are using to secure the drives. Modern tools are pretty good. That said most any thing can be hacked if enough time and processing power is used.


9 posted on 08/24/2006 4:52:10 AM PDT by driftdiver
[ Post Reply | Private Reply | To 5 | View Replies]

To: palmer
My impression from the early days of encryption was that bulk encryption is weak because the encrypted files contain too much known plaintext that can be matched up to ciphertext for brute force attacks. Has this problem been solved?

No, I don't believe that's been resolved. As with any encryption strategy, there is no perfect solution. All you can ever hope for is to slow the attacker down to the point where he decides it's not worth the effort, and looks for an easier target. Ideally, you might get a stupid thief, who powers up the laptop and thinks that because the screen shows gobbledygook, it's broken.

Of course, it's a double-edged sword: a hacker discovering an encrypted laptop will be doubly-intrigued; but I guess in the long run, it's better than an unencrypted one.

10 posted on 08/24/2006 4:53:38 AM PDT by COBOL2Java (Freedom isn't free, but the men and women of the military will pay most of your share)
[ Post Reply | Private Reply | To 5 | View Replies]

To: COBOL2Java

This effort will be soundly defeated by well placed Post-It notes.


11 posted on 08/24/2006 4:54:40 AM PDT by AmericaUnited
[ Post Reply | Private Reply | To 1 | View Replies]

To: AmericaUnited
This effort will be soundly defeated by well placed Post-It notes.

LOL! Thanks, that's a good one. Rush always says that the best humor is based on reality!

12 posted on 08/24/2006 4:55:59 AM PDT by COBOL2Java (Freedom isn't free, but the men and women of the military will pay most of your share)
[ Post Reply | Private Reply | To 11 | View Replies]

To: COBOL2Java
They need to learn that speed means nothing if you lose it all to someone that could do you harm!!!
13 posted on 08/24/2006 5:07:24 AM PDT by Coldwater Creek ("Over there, over there, We won't be back 'til it's over Over there.")
[ Post Reply | Private Reply | To 3 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

14 posted on 08/24/2006 5:27:12 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Good, we need to lock this stuff down, instead of open it all up and give it away for free like some prefer.


15 posted on 08/24/2006 5:28:37 AM PDT by Golden Eagle (Buy American. While you still can.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Axhandle
sergeant wants to get rid of either due to physical or disciplinary problems. This is the guy that we entrust with Soldiers' SSN

Is this still the way the Army works? In '66 a parade competition between the dozens of platoons completing basic was scheduled. Each platoon had to have 1 person man the phone and miss the parade. The guy who could not march was chosen to man the phone. Inability to march was the only criteria to become a personnel clerk.

16 posted on 08/24/2006 5:29:05 AM PDT by spintreebob
[ Post Reply | Private Reply | To 4 | View Replies]

To: Golden Eagle

I don't know anyone who is advocating we give away all our data.


17 posted on 08/24/2006 5:30:35 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 15 | View Replies]

To: DustyMoment

While this does seem obviously elementary to most of us, keep in mind there are some liberals out there who want everything in DoD "open".

http://www.freerepublic.com/focus/news/1688103/posts?page=27


18 posted on 08/24/2006 5:30:54 AM PDT by Golden Eagle (Buy American. While you still can.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Golden Eagle

that would be the JAG and the PUblic Affairs section lots of lefties there.


19 posted on 08/24/2006 5:50:54 AM PDT by Kewlhand`tek (Those that can't , Teach. Those that can't teach , Report)
[ Post Reply | Private Reply | To 18 | View Replies]

To: COBOL2Java

hope it works better than this CAC stuff.


20 posted on 08/24/2006 6:51:00 AM PDT by CPT Clay (Drill ANWR, Personal Accounts NOW.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-28 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson