Military-Grade Secure Solid State Drives Part 5: The Backdoor VIPs Don’t Know About

July 27, 2018 Jennifer Keenan

I used to work for a company that required us to remove any proprietary data from our laptop hard drive prior to traveling to some countries overseas. I didn’t know if it was because they could secretly access my hard drive as soon as I passed through immigration, or maybe a government-run internet meant any foreign user access would be monitored, recorded, and analyzed! I didn’t understand the multitude of threats to data security, which also includes backdoors designed into untrusted hardware that can lie dormant until triggered by an outside force. At the time, I did not have access to classified or top secret data, as I was working for a commercial company, but imagine if I did have high value data. What if a backdoor was triggered once I logged onto an unsecure foreign network?  What if that backdoor initiated a complete download of my hard drive without my knowledge? All because my employer trusted a commercial SSD without strict supply chain management of foreign-made components.

Let’s take it a step further and imagine a commercial solid state drive built with a controller designed and manufactured outside of the United States. This SSD is then integrated into the flight system of a military UAV. After integration into the platform, all quality checks have passed. The UAV’s flight system is operational. At a later time, this UAV is executing a mission where a terrorist training facility must be surveyed. As the drive’s total power-on time changes from 0200 to 0201 hours, a backdoor installed into the SSD’s controller is triggered. The flight system immediately shuts down. The mission is aborted and the UAV is brought down in unfriendly territory. Sourcing an SSD with a NAND controller designed and manufactured in a domestic, trusted environment mitigates the risk of backdoors and unauthorized data access.

These backdoors are a very real threat when dealing with suppliers outside the US. Not only can catastrophic events like the above scenario happen from backdoors installed into controller firmware, but other threats exist. Counterfeit components can enter a company’s supply chain causing failures, program delays, and additional costs to both the company and their customers. In some industries, the negative impact can be overcome. However, in mission critical and highly secure defense applications, these possible outcomes must be mitigated from the onset.

All of Mercury’s secure storage devices, including our advanced ARMORTM NAND controller are designed and manufactured in our Phoenix, Ariz. Advanced Microelectronics Center (AMC) with a tightly managed supply chain. This facility, along with our other domestic design and manufacturing facilities, is pivotal for secure and trusted defense electronics manufacturing.

Some people think a closely managed, secure and trusted facility can’t possibly be agile enough to produce today’s most advanced defense electronic solutions. Anyone who has visited our Phoenix AMC quickly realizes that Mercury’s Next Generation business model delivers the most advanced defense microelectronics using an affordable and scalable infrastructure.

Our Phoenix AMC is also a Defense Microelectronics Activity (DMEA)-accredited facility incorporating strict supply chain control, thoroughly vetted employees, and an active cybersecurity infrastructure. Security is embedded into all facets of Mercury’s culture and daily operations, making us a trusted partner within the defense community.

I hope my recent blogs on secure storage have been informative and a bit entertaining. If there are topics you would like addressed or expanded upon in the future, please email me at secure.ssd@mrcy.com.

Previous Article
Can GPS be Trusted? Part 3
Can GPS be Trusted? Part 3

In part 3 of our blog series learn about VICTORY and how complementing PNT systems can be combined together...

Next Article
This is not a drill: Preparing for a severe cyber storm
This is not a drill: Preparing for a severe cyber storm

Designing post-quantum cryptography (PQC) is much more than just implementing an algorithm. You need indust...

×

Please register to view this content

First Name
Last Name
Company
Job Title
Country
State
Opt me in to receive communications from Mercury Systems
Thank you
Error - something went wrong!