Ruggedization, space constraints an ongoing challenge for military data-at-rest
StoryJuly 22, 2022
The battlefield is filled with people, drones, and other systems gathering reams of critical data. Unlike in the commercial environment, there isn’t a big, sprawling data center with lots of fans to keep the equipment cool while providing multiple layers of security to protect this data from falling into the wrong hands. This situation creates challenges that many companies are hard at work trying to solve.
Trying to strike a balance between power and security with data-at-rest in the field – and doing it all within a highly constrained space in an environment with dirt and moisture that threatens to damage expensive equipment – is a tall order indeed.
Developments in the data-at-rest world provide some promise as contractors work to tackle these challenges. The shift to non-volatile memory express (NVMe) storage provides opportunities to improve power in smaller spaces, while new security standards from the National Security Administration (NSA) give some flexibility to designers when it comes to encryption and security.
The goal: speed plus security
Steven Petric, senior product manager at Curtiss-Wright Defense Solutions (Ashburn, Virginia), says that he and his compatriots have noticed that when it comes to data-at-rest, customers are asking for “faster, smaller, less weight, more powerful, and – probably the biggest thing – the certification level.” Specifically, users want products that are NSA-approved in terms of encryption.
Defense programs today have larger capacity needs when it comes to data, so storage is a major concern. In that realm, designers have two options: SATA [serial advanced technology attachment] and NVMe. SATA has been around a lot longer, but there are limitations on the amount of data that can be stored; NVMe is smaller and more powerful, which also means it takes more power and therefore runs hotter.
The industry has been transitioning from SATA to NVMe because NVMe can be connected directly into a PCIe interface with no translation layer in between, making it a more versatile option, notes Dominic Perez, chief technical officer at Curtiss-Wright Defense Solutions. Also, it runs about six times faster: “That’s a pretty big jump,” he adds. “These NVMe drives are blisteringly fast.”
Size, weight, and power (SWaP) considerations create the challenges. In the commercial sector, storage systems are usually ensconced in a data center, which can easily keep them cool. Users have no such luxury in military applications.
In theater, a storage drive would be in a rugged environment with very little room, such as inside an unmanned underwater vehicle (UUV). That is a much different environment than in a cool, spacious data center where it can sit comfortably away from dirt, water, and other contaminants.
Despite these challenges, NVMe is storage technology worth pursuing, even in a challenging military environment.
“We’ve got to work hard to keep those disks cool and provide the additional power to support them, but the increased performance is worth it,” Perez says.
Limitations to NVMe in the field
That said, there are limitations that data-at-rest solution providers will need to overcome in the future.
For example, in a more favorable environment, a typical NVMe drive could hold 4 to 8 terabytes (TB) of data. Keeping that amount of data cool in a more rugged environment with space constraints is difficult, so the solution is to dial the storage size down to 1 to 2 TB for military customers.
The challenge going forward is to find a way to take commercial technologies and ruggedize them so they can handle shock, extreme temperatures, and power constraints.
“That’s a big part of what we do when testing drives,” Petric says. “We go back to manufacturing and have them tweak some things to have them fit the rugged environment. Not every commercial drive is made the same.”
Also, not every military application has the same challenge, he adds: “You’ve got UUVs that may not have extreme temperatures, but they have serious power concerns because they’re feeding off of batteries. Then you move up to a UAV [unmanned aerial vehicle] up in the air, the heat goes up when it’s not operating, so depending on the application it’s all centered around size, weight, and power.”
Designing applications that can work within the constraints of the military environment is “certainly a challenge,” says Chris Kruell, CRU Data Security Group (CDSG – Vancouver, Washington) director of marketing. “To address the heat, we have these specialized device containers for the NVMe device,” Kruell says. “And we have gone through all of the testing to make sure the heat sink technology we put there does dissipate the heat. In a lot of applications, we’ll rely on some sort of forced air, a fan, to dissipate the heat, but that design constraint is something that design engineers do need to worry about.”
CDSG merged with Digistor, which produces removable drives that have various levels of certification and are designed to be inserted and removed thousands of times. Since the merger they are bundling self-encrypting drives with removables. (Figure 1.)
[Figure 1 | The Digistor C Series FIPS 140-2 L2/Common Criteria is a self-encrypting drive with additional data-security features.]
Encryption and security
Keeping the data stored is of course a major concern, but making sure it’s protected is totally another. This is where encryption comes in and also necessitates a look at how that effects data when transported.
Curtiss-Wright uses boxes that store and encrypt the data, which can be pulled out of the vehicle and transported to a location where the data can be pulled safely, with the data kept secure until it reaches that point. The goal is to make it as convenient as possible for the military end user, without sacrificing security. (Figure 2.)
[Figure 2 | The Curtiss-Wright DTS-1 enables rugged storage for use in unmanned systems or other vehicles.]
“It’s almost like a tape recorder,” Perez says. “You pop out the media and take it over to the ground station, or [mail] it, then you plug it in and de-encrypt it.”
Key to safe data storage is meeting NSA-approved encryption requirements in order to lower the risk of someone hacking the storage system and taking sensitive files. This is a particular concern with unmanned vehicles, which are often sent on dangerous missions and can easily fall into the hands of opposing forces.
As a result, companies are seeking to produce data-at-rest solutions that comply with the NSA’s Commercial Solutions for Classified (CSfC) program.
The NSA specifies two levels of encryption, namely Type 1 and CSfC. Type 1 has been around for a while, and it typically includes one layer of encryption.
“Type 1 encryption is your black box,” Perez says. “It’s using a classified program to develop a product to encrypt classified-and-higher data. You have to have a government sponsor to get the product, and you certify the product via the NSA. Usually, only government agencies or very trusted primes can have access. But Type 1 is a problem for communicating with allies and coalition partners.”
Petric says the CSfC program seeks to fix that issue by taking a layered approach. CSfC does this through open industry standards made possible by certain algorithms. These algorithms used to be known as Suite B algorithms and are now know as the Commercial National Security Algorithm (CNSA) suite. The Suite A algorithms fall under Type 1 and are more restrictive.
CSfC isn’t a replacement or alternative to Type 1, but rather another option. With Type 1, a company is restricted to the U.S., whereas CSfC eanbles it to work with about 30 other countries depending on the scope of the program.
Kruell says CRU and Digistor don’t even pursue Type 1 certification due to the nature of their business, but work entirely within CSfC framework.
“We purposely decided not to go after Type 1,” he continues. “Those are protracted development cycles that are highly specialized, whereas our solution goes into off-the-shelf computers.”
Ben Warner, director of applications engineering at Digistor, asserts that CSfC is flexible enough for what his designers need.
“One challenge we see a lot, especially with ISR [intelligence, surveillance, and reconnaissance] platforms or embedded systems, is that [the customer] is trying to build a custom server and they need the two layers of encryption,” he says. “Our drives can help us with that. We have a CSfC drive, and it’s fast.”
If a contractor is just doing a one-off program, Type 1 might be the better option, but if a contractor wants to build 100 UAVs, for example, CSfC may offer more advantages in terms of speed and reduced cost, Perez says.
These are all issues that companies today are struggling with as they figure out how to balance the needs of storage capacity and security. Perez notes there has been “renewed attention” to data-at-rest protection and cybersecurity in general lately.
“It’s causing industry and government to actually address them,” he says. “All future combat will have some kind of cyber component.
“It’s the big vision: breaking down barriers between branches of services and allies and coalition partners, and in an automated machine-to-machine or machine-to-person way,” he adds.