Transcription

1

2 Overview For more than 27 years Data Security Inc. has been manufacturing degaussers to support the Department of Defense (DoD) requirements for complete erasure of classified or sensitive magnetic storage devices. Data Security Inc. s main focus is to develop and manufacture high performance degaussers and hard drive destruction devices that guarantee the complete erasure of data stored on existing and future magnetic data storage formats. Because of Data Security s continuing focus on meeting National Security Agency (NSA) standards, we have developed a close working relationship with them. This relationship givse us insight into current and future media formats, as well as the various requirements for sanitizing them. Degaussers listed in the NSA Evaluated Products List-Degausser are ideal tools for organizations required to comply with DoD requirements, NISPOM, National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA) and privacy legislation, including the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).

3 Data at Risk Data at Risk Media at Risk Acquisition Methods Classified or Sensitive DoD Defense Contractors Proprietary Information Personal Identity Information SSN Banking Health care information Desktop Hard Drives Laptop/Notebook Hard Drives HDDs in storage array Server Drive External USB Drives Firewire Drives USB Devices Magnetic Tapes Flash Cards CD & DVD Dumpster Diving Acquire improperly sanitized electronic media Laboratory reconstruction Hot Swapped Media Media in Transport Theft Developing countries do not have enough funding to catch up to developed countries, so they steal information and technology. FBI Identity theft costs $50 billion/year. Federal Trade Commission

4 Data at Risk In the News Electronic Afterlife: What you don t want to know about improper computer disposal, but should Hundreds of thousands of tons of E-waste are shipped overseas to developing countries each year, even after promises that the waste will be safely and locally recycled. Many of the countries receiving our E-waste are listed by the U.S. Department of State as the top sources of cyber crime. -Peter Klein, Digital Dumping Ground Documentary (2009) PA: Health Insurer Loses Hard Drive Comprising 280,000 Medicaid Patients Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan announced that a hard drive containing the personal health information has been misplaced. Yet to be recovered, the drive contains patient addresses, DOBs, health information, and both full and partial Social Security numbers. -Jane M. Von Bergen, The Philadelphia Inquirer (October 2010) TX: Stolen Hard Drive Compromises 79,000 Airline Employees American Airlines reported a hard drive stolen from headquarters. The drive contains sensitive files for current and former employees dating back to 1960, including Social Security numbers, health insurance, and bank accounts. Some employee files also contained information on beneficiaries and dependents. -Angela Moscaritolo, SC Magazine (July 2010) NJ: Data Breach Costs Credit Card Payment Company $130 Million After agreeing to a $60 million settlement with Visa earlier in the year, Heartland Payment Systems has added another $41 million for MasterCard as the result of a 2008 data breach which resulted in thousands of fraudulent charges. - (June 2010)

5 Regulatory Environment

6 Regulatory Environment The NIST Guidelines for Media Sanitization refer to the NSA for products to sanitize magnetic media. NIST Special Publication , pg The HIPPA Security Rule (SR) requires the final disposition of information/the hardware electronic media on which it is stored; HIPPA refers to NIST/NSA. Department of Health & Human Services HIPP Physical safeguards; Final Rule Under the HITECH Act ( The Act ), business associates are now directly on the compliance hook; ie. required to comply with the Security Rule (SR) or be fined for willful neglect ($250,000 per fine). HITECH Act Sec Application of Security Provisions and Penalties to Business Associates of Covered Entities; Annual Guidance on Security Provisions The Gramm-Leach-Bliley (GLB) Act requires financial institutions to ensure the security and confidentiality of personal information obtained from their customers by erasing, degaussing or destroying electronic media. GBL Act, 15 U.S.C et seq., and the Federal Trade Commissions Standards for Safeguarding Customer Information, 16 CFR Part 314 Safeguards Rule The Payment Card Industry (PCI) Data Security Standard directs to destroy media containing cardholder data when it is no longer needed as follows: Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed (for example, degaussing). PCI DSS Requirements and Security Assessment Procedures, V1.2.1 pg 46

7 ISFO Process Manual Rev , page 152

8 ISFO Process Manual Rev , page 151 Note: The terms Type I-III are being replaced by the actual media coercivity rating.

9 Degausser Dictionary de gauss (d-gous) tr.v. de gaussed, de gauss ing, de gauss es 1. To neutralize the magnetic field of (a ship, for example). 2. To erase information from (a magnetic disk or other storage device). Gauss: the CGS unit of magnetic flux density or magnetic induction. Oersted: the CGS unit of magnetic field strength. The magnetic field produced at the center of a solenoid or coil magnetic field strength of one Oe is equivalent to magnetic flux density of one gauss. Coercivity: the amount of applied magnetic field required to reduce magnetic induction to zero Coercivity is usually measured in Oersted

10 Previous NSA Test Procedure

11 Current NSA Test Procedure Center for Magnetic Recording Research at the University of San Diego, California (CMRR) Guarantee that no data can be recovered by any means, including laboratory attack. Test degaussers Test media Strength Uniformity Potential Useful life Stress Test (durability) Coercivity of media Guaranteed erasure Uniformity of degausser field

12 Current NSA Test Procedure

13 Current NSA Test Procedure HD-5T 5000 Oersted Disk Before After

14 DoD Data Recovery Methods Disk Spin-Stand Testers Used for testing and experimenting with heads and disks Used mostly for R&D Tester writes specific data or servo pattern Very accurate for analyzing raw disks Reading a disk that has been written by a drive is more challenging Not cost-effective for routine data recovery Magnetic Force Microscopes (MFM) Best tool for analyzing magnetic data on disks Provides extraordinary imagery of the topology disk properties Probe is placed on the disk surface Time consuming Excellent tool for reading overwritten data Overwritten tracks leave portions of previously written data due to head shift Physical movement of drive Age of disk drive Deteriorating lubricants Current technology used by the NSA Tape Ferrofluidic Imaging Liquid which becomes strongly polarized in the presence of a magnetic field Composed of nanoscale ferromagnetic particles suspended in a carrier fluid, usually an organic solvent or water Tape tracks are made visible by coating the tape with a ferrofluid that is magnetically developing

15 Commercial Data Recovery Methods Disk Assess Disk Drive Operational Mirror data Create raw image to new media Component Failure Replace defective components Mirror data Create raw image to new media Logical/Software Failure Examining raw image at the low-level data sectors Apply fixes to file system structure Access data Restore data Tape Assess Tape Media Operational Test accessibility with lab equipment Component Failure Clean, splice and re-spool into new cartridge Create raw image from readable portions Examine low-level data sectors Determine tape fixes to format structures Access data Restore data

16 NSA/CSS Evaluated Products List-Degausser Introduction The EPL-Degausser (Evaluated Products List Degausser) specifies the model identification of current equipment units that were evaluated against and found to satisfy the requirements for erasure of magnetic storage devices that retain sensitive or classified data. Degaussers listed in this document are rated by the coercivity of the magnetic storage devices they can securely erase (tape and disk storage devices). Tape storage devices are defined as any product that contains magnetic tape as the recording medium. Disk storage devices are defined as any product that contains a flexible or rigid disk as the recording medium. Proper use of this equipment is necessary to ensure inadvertent disclosure of any level of classified or sensitive information. Any questions about equipment operations should be directed to the manufacturer.

17 Media Specifications Hard Drive Coercivity Chart Hard Drive Coercivity Chart

18 Disk Recording Longitudinal Recording Each bit of information is represented by a collection of magnetized particles. North and south poles oriented in one direction or the other parallel to the disk's surface in a ring around its center. Perpendicular Recording Poles are arranged perpendicular to the disk's surface. More bits can be packed onto a disk.

19 NSA/CSS Evaluated Products List-Degausser 9. Standalone Degaussers: These are standalone electromagnetic degaussers that provide automatic one pass operation for disk and tape storage device erasure. On hard disk drives, all extraneous steel shielding materials (e.g., cabinets, casings, and mounting brackets), but not the hard disk assembly, must be removed before degaussing. The degaussers must be operated at their full magnetic field strength. The erasure of hard disk drives causes damage that prohibits their continued use.

20 NSA/CSS Evaluated Products List-Degausser

21 HD-5T Degausser and DB-4000 Disk Drive Bender DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Simple, automatic operation; designed for reliability, performance, and operator safety. Fast; a combined cycle time of seconds per cycle with a throughput of drives per hour. Unique, internal Field CheckR provides magnetic field verification of the HD-5T degausser and satisfies requirements for degausser testing. With the largest chamber in an automatic destruction device, the DB-4000 accommodates oversized media as well as multiple pieces per cycle. Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.

22 HPM-2 Degausser and DB-6000 Disk Drive Bender DUO Key Features : Listed on the National Security Agency (NSA) Evaluated Products List-Degausser (EPL-Degausser) NSA/CSS-EPL-9-12A. Meets all NSA, DoD, state, federal, financial and health care regulations, mandates and security guidelines. Fast; a combined cycle time of seconds per cycle with a throughput of hard drives per hour. Environmentally friendly solution; manual operation requires no electricity. DB-6000 destruction device allows choice of power sources: a manual handle or the added speed and efficiency of a cordless drill (drill not included). Compact, lightweight and mobile; the optional cart provides the convenience of combining the degausser and destruction device in one place while providing effortless mobility. Built to last; requires no preventative maintenance or expensive repairs.

23 Degausser testing Evaluated Products List-Degausser The EPL (Evaluated Products List) Degausser specifies the current models of commercial equipment that satisfy NSA/CSS requirements for erasure of magnetic storage devices retaining any level of classified or sensitive data. Listing on the EPL-Degausser does not constitute endorsement of the product by the USG or NSA/CSS; it only states that the evaluated degausser has met the applicable NSA/CSS performance requirements. Neither does the listing guarantee continued performance; customers should have their equipment re-tested periodically according the manufacturer s recommendations. ISFO Process Manual Rev , page Degaussers should be tested periodically using the timetable established by DSS and NSA. The degausser must be tested within six months after the initial new purchase or immediately if purchased used. Even products on the EPL must be re-tested twice a year for the first two years, then once a year thereafter. If the results are marginal, the degausser must be re-tested within six months.

24 Field CheckR Key Features: Listed in the National Security Agency Evaluated Products List-Degausser. Instantly verifies the magnetic field of any degausser. Designed to allow user the ability to test more often than annually or biannually.

25 Commercial Degaussers Not listed in the NSA EPL-Degausser Magnetic field is not strong General rule Gauss (Oersted) applied to media must be 2x Coercivity. Advertised Gauss is measured at the core. Magnetic fields dissipate very rapidly from the magnetic core. Disks located in center of HDD and top of HDD are subjected to fields much weaker than the Coercivity of the media.

26 Storage Excess media storage is a security risk. Additional inventory of excess media requires additional administrative procedures, storage space and labor necessary to control. Without adequate storage or sanitization procedures, classified magnetic media is often stored in obscure locations (behind bookshelves, false bottoms in desk drawers), increasing the risks associated with storing classified information. Media with large storage capacity and small physical size can be easily removed by employees (e.g., LTO III 400 GB, SDLTII 300 GB, VXA 160 GB).

27 Overwrite Challenges

28 Destruction: Paper, Optical, Key Tape, HDD after Degaussing, National Security Agency (NSA) provides Media Destruction Guidance. The NSA has determined that High Security Disintegrators listed on the Evaluated Products List provide adequate security for the destruction of paper, optical media (CDs and DVDs), and punched tape as annotated on the EPL. For destroying paper only, a list of evaluated High Security Crosscut Paper Shredders is available. For sanitizing magnetic media, a list of evaluated degaussers is available. NSA Guidance: it is highly recommended that the hard disk drive be physically damaged prior to release. (NSA/CSS 9-12 Storage Device Declassification Manual) NSA Evaluated Products List- HDD Destruction Devices, post degaussing, pending publication. Department of Navy Processing of Magnetic Hard Drive Storage Media for Disposal says all DoN-owned magnetic hard drive storage media will remain in DoN custody until degaussed, destroyed. Destruction can be as simply bending the hard drive. (DON CIO Privacy Term August 5, 2010)

29 Destruction After Degaussing Punched Folded Shredded least secure NSA preferred physical destruction method time consuming, expensive, and equipment requires frequent repairs

30 Destruction: Solid State Media NSA Guidance: Destruction to 2 mm particle size

31 SSMD-2mm Key Features: Meets National Security Agency (NSA) and Department of Defense (DoD) specification for the destruction of solid state media and optical media to 2 mm. Unique dual stage disintegration process destroys solid state storage media (memory cards, memory boards, thumb drives, cell phones, tablets, solid state drives) and optical media (CDs, DVDs, Blu-Ray disks). Simple, automatic push button operation, designed for reliability, performance, and operator safety. Senses and automatically adjusts to clear and prevent jams. Parts are designed for reuse, and easily rotate for a additional use, resharpening or quick replacement. Compact and clean, ideal for any setting, including offices.

32 Data Security, Inc. Contact us: Q Street Lincoln NE datasecurityinc.com