Protection of moving data requires multipronged strategy

July 27, 2011
Cyber Security, FedCyber Wire
No Comment

via Defense Systems

Defense security experts have traditionally differentiated data protection strategies based on whether the information is at rest or in motion. But in today’s highly mobile world, many people have trouble distinguishing between the two modes.

For example, is the data really at rest when it’s sitting inside a mobile device such as a laptop computer, smart phone or USB memory stick that is itself likely to be in motion much of the time?

Cmdr. Greg Czerwonka, chief of the Coast Guard’s information assurance policy division, said any confusion about resting vs. moving data can be easily solved by understanding that the term “in motion” only applies to data traveling through a network. “The data could be an e-mail in transit, information being downloaded from a website, the process of remotely logging in [to a website or database] through a cellular phone or other mobile device, and so on,” he said. “Data stored or being used on a mobile device is considered data at rest.”

Definitions aside, the big task Defense Department and military service network administrators and users face is moving data securely across a mind-boggling array of data transmission technologies that include 3G/4G wireless networks, long-distance wired networks, Wi-Fi local-area networks and microwave links. The challenge is awesome, though the burden has now been somewhat eased by data-in-motion security practices that are now uniform across all DOD organizations. “The security rules are the same for all DOD personnel, regardless of location,” Czerwonka said.

Wireless networks

For reasons related to cost, deployment speed and convenience, defense organizations are deploying larger numbers of commercial laptops, smart phones and tablets that send data across commercial 3G and 4G wireless networks, largely relying on the security protections commercial carriers build into their systems. “Increasingly, the U.S. military market has turned to [commercial] technologies for cost-effective solutions to enhance their mission,” said Greg Akers, senior vice president in charge of security initiatives at Cisco Systems’ Global Governments Solutions Group.

Ray Letteer, cybersecurity chief at the Marine Corps’ Command, Control, Communications and Computers Department, said wireless carriers build a good deal of protection into their mobile networks. “3G provided significant security improvements from the older 2G systems,” he said. “We do not, at this time, see any issues in pre-4G LTE implementations that show either an improvement or decrement to security” above 3G safeguards.

Continued here.