Feeds

PGP disk encrypt approved by MoD for military use

Good enough for personal data, not for missile codes

The essential guide to IT transformation

The UK MoD has certified PGP Corporation's whole disk encryption technology as suitable for use on British military computers. However, like most software-only solutions, it has been approved only for machines holding fairly low-level information.

PGP Whole Disk Encryption had previously passed the UK government's baseline approval process run by the CESG, but has now been certified by the Defence INFOSEC Product Co-operation Group (DIPCOG) forum as approved for use in MoD and military systems. However a disk protected solely by PGP encryption is only allowed to have RESTRICTED (Impact Level 3) information on it.

The British protective markings run from UNCLAS (Impact Level 1-2) to RESTRICTED (Impact Level 3) through CONFIDENTIAL (4), SECRET (5) and TOP SECRET (6).

There are some security products already on the UK market certified to higher levels, for instance Flagstone Enhanced rated for TOP SECRET information - but this requires replacement of a laptop's hard disk with special hardware, which would be overkill for most users. Microsoft's BitLocker, included in some versions of its later operating systems, is (like PGP) only OK'd for RESTRICTED.

According to an MoD statement:

The DIPCOG is pleased to be working again with PGP Corporation, in order to exploit its famous capabilities for information security, and is looking forward to reviewing further [baseline CESG] approved products for adoption by the MoD.

This doesn't mean that PGP isn't any good. The MoD and its advisers from the intelligence community, rightly or wrongly, consider that government information from CONFIDENTIAL upwards might be a target for sophisticated nation-state spy organisations employing highly exotic attacks to get around disk encryption. Thus most security products using normal hardware tend to be limited to RESTRICTED.

But things which in many organisations would be seen as crown jewels - people's personal details, for instance - are classified RESTRICTED in the MoD (albeit usually with an added caveat, eg RESTRICTED STAFF or RESTRICTED MEDICAL, it's still only Level 3). Level 6 is stuff like the planned patrol area of Blighty's nuclear missile submarines.

Unless you think that the Russian FSB are going to lift your crypto keys right out of your RAM using a miracle Tempest probe from the next hotel room or something, PGP and similar solutions should be quite good enough. Arguably the MoD security apparat is being overly paranoid anyway - experience suggests that in fact nothing terribly interesting is normally to be found in MoD files even at the SECRET level, let alone CONFIDENTIAL, and maybe they could relax a bit. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?