The Best Hacker Defense is a Good Offense

By Jim Shaw, Executive Vice President of Engineering

The risks associated with cybersecurity are growing far faster than anyone ever expected. While we hear reports of high-profile attacks on a regular basis, there are many more that go unreported. Consider it unauthorized data mining.

Attacks are becoming more prevalent because more systems and devices are being connected to the Internet, growing the “pool” of vulnerable points. The cyber community calls this “increasing the attack surface.” This is true for just about any market, but certainly includes the military, power and utility industries, security, autonomous vehicle developers, and so on — all places we consider critical infrastructure points — extending into equipment used in industrial spaces, like power substations, smart grids, and petroleum processing plants. As we populate these areas with more sensors, our cybersecurity challenges are compounded.

Most experts believe that it’s just a matter of time before every platform worth hacking, is attacked. The key is to ensure that when it’s your turn, the information that’s exposed doesn’t put your institution, constituents or data at risk.

While the potential risks differ in every application, some are far more serious than others. Some recent examples include malware that can erase your entire system, unauthorized encryption of your data, or unauthorized use of a network to seek access to sister company systems.

In military applications, like weapons systems or advanced communications, the need for extreme security is not only obvious, but non-negotiable. Each program has specific classifications that define the required level of security. For example, the SIPRNet and NIPRNet enclaves have lower security requirements than those specified in the Joint Worldwide Intelligence Communications System (JWICS), a network run by various defense agencies, including the Department of Defense (DoD) and Department of Homeland Security.

FORCE 1U server w switch
The RS1104 rugged 1U server can be customized to address both data at rest and secure network attached storage security levels with features like self-encrypted drives, instant secure erase and key management.

Staying current on these requirements is critical for Crystal Group. For us to effectively and accurately design and develop system architectures that allow our customers to control the security of their products and applications, we have to start with a clear understanding of what the customer is trying to accomplish, the vulnerabilities and threats, and what defense mechanisms must be in place to prevent those threats from being realized.

Armed with this information, we develop a secure platform that’s hardware enabled and provides the required level of security for the intended application. This may involve running virtual machines that can be spun up to handle different security functions. This technique can be combined with hardware locks or tamper-proof construction.

We start with a rugged hardware Root of Trust to monitor the boot loader files for authenticity and pedigree. This includes verifying the BIOS and firmware and monitoring any board revisions to confirm that everything in the software is legitimate and secure. By loading the image as a secure boot enabled device, the customer always receives a computer that performs as expected. With a solid foundation in place, we incorporate FIPS 140-2 SAS solid-state drives for data at rest protection.

Given the intricacies of cybersecurity, the rate and scale at which is compounds, and the evolving requirements, it’s next to impossible for any single company to address the full range of cybersecurity needs. That’s why Crystal Group has forged strong relationships with trusted partners that are experts in their respective areas. This allows us to focus on our core competency, while integrating theirs. Through this ecosystem of partners, we can deliver the right cyber secure combination of rugged hardware and certified software for each customer program, which eliminates any uncertainty or hassle for the customer.

A great example is how we’ve partnered with RackTop to create a cyber-converged network platform that encrypts large data streams with near-zero latency. The system provides a simplification in policy management, access to data, data at rest security, key rotation and key management. As the embedded world sees more sensors pumping data into a network, this becomes critically important. Overall, the system’s capabilities can be narrowed or expanded while making it easy to manage complex security networks and large amounts of data.


About the Author

jim-shaw-crystal-group-incJim Shaw joined Crystal Group in January 2006 as Vice President of Engineering; in 2011, Jim was promoted to Executive Vice President of Engineering. Jim has responsibility for guiding the Engineering department and is the leading member of the product development team. Jim also provides direction as the Quality Management Representative for Crystal Group.

Jim’s innovative design prowess led to the birth of the rugged series (RS) chassis for the military and industrial computing markets. During Jim’s tenure at Crystal Group the company has expanded its product lines into storage, displays, rugged switches, and custom power supply designs.

Jim holds a Bachelor of Science degree in Mechanical Engineering from Iowa State University and a Masters of Business Administration from the University of Iowa. Prior to joining Crystal Group, Jim held a management position in engineering at Rockwell Collins, located in Cedar Rapids, Iowa. During his time there, he was honored three times as one of Rockwell Collins’ Engineer of the Year nominees for his work in high performance electronics packaging. He has authored or co-authored ten international patents.