Army requires security hardware for all PCs
Coming mandate specifies that new computers contain a standard Trusted Platform Module.
A new Army mandate to be published within weeks will require all Army computers to have a chip on the motherboard that is dedicated to performing security functions. The semiconductor, called the Trusted Platform Module (TPM), will interact with security features in Microsoft’s upcoming Vista operating system.
The Army’s Network Enterprise Technology Command gave its approval to act on the new requirement before issuing an announcement or guidelines. One of the first steps to acquiring the new security capabilities occurred in March, when the Army Small Computer Program purchased Dell and Gateway laptop PCs with TPM Version 1.2 installed.
“We haven’t fully integrated TPM with software yet, but we are pre-positioned with the hardware,” said Ed Velez, chief technology officer at the Army’s Program Executive Office for Enterprise Information Systems. The Army won’t be retrofitting older computers, Velez said.
If the Army succeeds in deploying TPM, the Joint Task Force for Global Network Operations might adopt the requirement for the entire Defense Department. “What you’re seeing is the services adapt to computer security threats and come up with solutions that are adopted as best practices for the joint community,” Velez said. “A lot of the security tools and processes we’re looking at are for joint operations.”
Developed by the Trusted Computing Group, TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce vendor-neutral, industry-standard specifications for hardware and software security that works across multiple platforms. The group has 141 industry members.
Wave Systems, a founding TCG member, provides software for managing trusted computing systems and devices. That software comes with Dell and Gateway TPM systems.
The chief benefits of TPM include strong data protection and authentication to access the network, said Steven Sprague, Wave’s president and chief executive officer.
IDC estimates that 80 percent of all laptop PCs will come with TPM chips installed by 2009. Full activation of TPM, however, requires considerable work, experts say. “TPM is hardware,” said Charles Kolodgy, IDC’s director of security products research. “It needs software to make full use of it.”
Vista’s release will expand the software market and make TPM more valuable, Kolodgy said.
“TPM can be used to solve a lot of different problems,” said Ned Smith, a senior security architect at Intel. The applications for stolen laptop PCs are obvious, in that the technology can prevent unauthorized users from accessing data, Smith said. It can also protect desktop PCs. Although PCs are not as easy to steal, thieves can copy data to a CD, DVD or USB memory stick.
The differences between TPM and existing security technology are that TPM uses standards, offers a potential for uniformity and provides the ability to capture the integrity of the platform at a chip hardware level.
“For security to be meaningful, it has to be ubiquitous and based on standards everyone agrees to,” Smith said. “Otherwise, what you have is fragmented solutions, and it’s impossible for IT managers to have a comprehensive security strategy.”
Gerber is a freelance writer based in Kingston, N.Y.