SEM is looking for an experienced Mechanical Engineer to work in our engineering department. The successful candidate will be responsible for the overall product design, scheduling and time management of the project including external consultants and suppliers, testing and full implementation into production. This candidate’s focus will primarily be mechanical design, but they will need to specify and integrate electrical components into designs and also interact with and manage electrical design consultants. A good working knowledge of electrical systems and components is strongly desired. The position will also include other tasks when required. These may include the following: supporting production; supporting and troubleshooting products returned for repair; creating product documentation for new products; certification of products; etc.
Bachelor’s Degree in Mechanical Engineering or equivalent degree/experience.
3 to 5 years experience in designing electro-mechanical devices or equipment.
Proficiency in 3D CAD modeling. SolidWorks is strongly preferred.
Must have some electrical experience, preferably with single and 3-phase AC and DC power systems. Some knowledge of PLC and microcontroller based systems, a plus.
Ability to read electrical schematics on both system level and PCB level.
Must have good knowledge of machining and a full comprehension of mechanical drawings.Machining experience, a plus.
Must possess strong writing, communication, analytical skills and attention to detail.
Strong mechanical aptitude and conceptualization skills, strongly preferred.
Must be able to work both independently and with vendors, consultants and other departments.
Must possess good computer skills and proficiency in MSWord, Excel, and Power Point.
SEM is a world leader in providing information destruction equipment to the US Government and Data Centers world-wide.
SEM offers a team oriented business casual work environment, with benefits including medical, dental, 401K, profit sharing and paid time off. Please send your cover letter with salary requirements and resume to firstname.lastname@example.org.
Under a Microscope: Dissecting the Implications of DIN 66399
Covering everything from safeguards for children’s toys to design requirements for roller sports equipment, DIN Security Standards are also used to help define and standardize the different levels of security for international physical data destruction. Originating in Europe, these standards are continually making headway toward global acceptance as a benchmark to set the size and type of data that needs to be destroyed appropriately.
DIN 66399 specifically addresses standards for the destruction of data devices. This particular standard—which replaced DIN 32757—features over 40 variations based on protection classes, material/media and security levels. These three broad criteria are intended to drive the data device destruction process, guiding users so they can make informed end-of-life data disposal decisions.
Companies or government entities must begin the destruction process by first determining what type of data needs to be destroyed. DIN 66399 has three protection classes that help you define the requirements and classification for your data:
Class 1: Normal Protection: Sensitivity for internal data that’s accessible by fairly large groups of people. Unauthorized information disclosure or transfer at this level could have negative effects on a company or make individuals vulnerable to identity theft and besmirching of reputation.
Class 2: Higher Protection: Sensitivity for confidential data that’s restricted to a small group of employees. Unauthorized information disclosure or transfer at Class 2 would have serious effects on a company and could lead to violation of laws or contractual obligations. Disclosure of personal data runs the risk of serious damage to an individual’s social standing or financial situation.
Class 3: Very High Protection: Sensitivity for confidential and top-secret data that’s restricted to an extremely small group of named individuals. Any information disclosure here would pose catastrophic, existential threats to a company/government entity and/or lead to violation of trade secrets, contracts and laws. Disclosure of personal data runs the risk of jeopardizing an individual’s personal freedom, safety, or life.
Material/Media Classification and Security Levels
Having determined the applicable protection class, you should subsequently consult DIN-66399 to classify the material on which your data resides and identify the corresponding security level. Per DIN standards, this data destruction security level will dictate the appropriate final shredding size for your media or paper documents.
DIN 66399 requirements by data device material are as follows:
Film: DIN 66399 Material Classification F refers to information in miniaturized form (e.g., microfilm), with security levels running (lowest to highest) from F-1 to F-7. For example, F-1 stipulates a maximum material particle size of 160 mm2, while F-7 stipulates a corresponding size of 0.2 mm2.
Optical Media: DIN 66399 Material Classification O pertains to information on optical data carriers (e.g., CDs/DVDs). Security levels run from O-1 (max 2,000 mm2) to O-7 (max 0.2 mm2).
Magnetic Media: DIN 66399 Material Classification T pertains to information on magnetic data carriers (e.g., ID-cards, floppy disks and diskettes). Security levels run from T-1 (media must be rendered mechanically inoperable) to T-7 (max 2.5 mm2).
Hard Drives: DIN 66399 Material Classification H pertains to information on hard drives with magnetic data carriers. Security levels run from H-1 (media must be rendered mechanically/electrically inoperable) to H-7 (max 5 mm2).
Electronic Media: DIN 66399 Material Classification E pertains to information on electronic data carriers (e.g., chip cards and memory sticks/flash drives). Security levels run from E-1 (media must be rendered mechanically/electrically inoperable) to E-7 (max 0.5 mm2).
Paper: DIN 66399 Material Classification P pertains to information presentation in original size (e.g., paper, films and printing plates). Security levels run from P-1 (max strip width of 12 mm or max particle surface area of 2,000 mm²) to P-8 (8 mm x 2.5 mm).
The Relevance of DIN 66399 Regarding NSA Standards
In the U.S., of course, standards for classified data or otherwise protected information and data destruction device compliance are determined, implemented, and monitored by the NSA—not by DIN.
Nonetheless, DIN 66399 is increasingly gaining merit worldwide, including the U.S., as reflective of best practices within the data destruction industry, and DIN is frequently referenced in U.S. data destruction requirements. What’s more, despite the use of DIN Security Standards being voluntary, they can become mandatory in certain instances when they are referred to in contracts, laws, or regulations.
For these reasons, it’s important to stay current on the structure of DIN 66399 and its compliance requirements when you are beginning your data destruction process.
Over the 20 years I have been working for SEM, I have explained to customers and former military colleagues about the requirements for classified destruction. Lately these requirements have become stricter due to the ever-changing technologies. It’s not as easy as just putting your paper in a shredder or disintegrator and walking away knowing your classified is destroyed. Your classified now comes on many types of media. With so many types of media, a requirement had to be set forth by the National Security Agency (NSA) as to how these needed to be destroyed. We will discuss destroying hard drives as it relates to the National Institute of Standards and Technology (NIST) 800-88 and NSA Evaluated Products List (EPL) for Hard Drive Destruction.
For this blog, I will only discuss a brief overview for the destruction of hard disks (SCSI, ATA, SATA). NIST 800-88 explains on page 16, table 5-1 there are three methods of destroying hard disks. The first is to CLEAR. This method uses software to overwrite the storage space on the media with non-sensitive data (unclassified) and gives you the option to reuse your hard drive. The second is to PURGE. This method uses degaussing and the Secure Erase command present on some ATA drives. This method is very effective again for unclassified drives. The third method is PHYSICAL DESTRUCTION. This method is the standard for classified data and it destroys the drive by using disintegration, pulverization, melting, or incineration.
The second paragraph of the NSA/CSS EPL for Hard Drive Destruction Devices states, “Hard drive destruction devices on their own DO NOT SANITIZE magnetic and/or solid-state storage devices; use of these machines is only authorized in conjunction with degaussing for routine magnetic hard disk drive sanitization or by themselves only in extreme emergency situations. Sanitization guidance for classified storage devices is located in the NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This leads you to believe that degaussing could be used on a solid state drive (SSD). This is misleading! A magnetic field created by a degausser will cause no damage to an SSD. A degausser will only destroy information on a standard rotational magnetic drive.
In the third paragraph it states; “All shredders designed for hard drives are approved for deformation of magnetic hard drive platters. Shredding alone will NOT SANITIZE magnetic and/or solid state storage devices unless a two-millimeter particle size or less of the magnetic disk or solid-state memory chip is accomplished in accordance with NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This states that if you have a hard drive or SSD, you can shred it to a 2mm particle to sanitize the drive. This is confusing. Although the NSA guidelines REQUIRE you to reduce a classified SSD to a two-millimeter particle to render the device sanitized, the machine that does this may not be able to shred a standard magnetic hard disk drive to this two-millimeter particle. This is due to the size and materials used in the manufacturing of a magnetic hard disk.
In conclusion, in order to completely destroy the information in a hard drive is a two-step process for a magnetic hard drive and a single step process for a SSD.
A magnetic disk MUST BE degaussed using an NSA approved degausser THEN physically destroyed. This second step of physical destruction is left up to the end user and can vary greatly. It can be as simple as drilling a hole in the drive, hitting it several times with a hammer, or using a hydraulic punch or hard drive shredder. A solid state drive MUST be shredded to a two-millimeter particle and cannot be degaussed.
If you have any questions or would like to talk to a security professional, feel free to reach out to me or any SEM representative.
Karl Lotvedt, DC Region Sales Support, has over 20 years of experience with SEM, including targeted expertise in understanding military procedures and requirements. Prior to joining SEM, Karl spent 20 years in the United States Air Force including over five years in procurement. Now retired from the Air Force, Karl currently serves as an Air Force resource advisor. Karl received his AA and CIS from National College in Rapid City, SD.
Along with the Fair Credit Reporting Act (FCRA), creditors, accountants, lawyers, financial institutions, and other organizations dealing with consumer credit information must follow the regulations set by the Fair and Accurate Credit Transactions Act (FACTA). FACTA is an addendum to the FCRA and limits how consumer information can be shared as well as controls how this private data is disposed of, to ensure protection of the individual in which the information pertains from identity theft.
FACTA-Compliant Data Disposal
When it comes to the proper disposal of consumer information, FACTA stipulates that reasonable measures must be taken by the organization to prevent the theft or otherwise unauthorized access and use of the protected data.
The Rule mandates said data be destroyed by the pulverization, shredding, or burning of all papers in which the consumer information is printed, rendering the information unreadable and otherwise unable to be reconstructed in any manner. FACTA disposal policies also extend to the electronic media housing the protected consumer information. Appropriate disposal methods for electronic media include overwriting non-sensitive information with software or hardware to clear the data, degaussing the media and rendering the magnetic field permanently unusable, or destroying the media by shredding, melting, pulverization, disintegration, or incineration. As with the actual data, the electronic media must be rendered unreadable and otherwise unable to be reconstructed.
If you’re working with a third party data disposal company to comply with FACTA data destruction, you are required to conduct an independent audit of the process to ensure the integrity of the disposal and to ensure complete data destruction.
Lastly, you may need to incorporate your data disposal policies into your organization’s security information program as required by the Federal Trade Commission’s Standards for Safeguarding Customer Information, 16 CFR part 314 (“Safeguards Rule”) and for persons subject to the Gramm-Leach-Bliley Act.
Consequences of a FACTA Violation
Failure to comply with FACTA for either the data or the drive destruction can result in major damage to your company’s reputation and financial standing. If you become victim to a data breach and have not maintained FACTA regulations, the affected individuals of the breach can seek damages under the law. Your organization may face a class action lawsuit and fines up to $1,000 per individual violation, regardless of whether the persons suffered identity theft.
Moreover, the reputation of your company may be tarnished by the data breach and subsequent FACTA violations. This could mean the loss of existing customers and potential new business, furthering your organization’s financial loss and eroding economic stability.
When it comes to working with third-parties for data destruction, however, there is a reality of risk that needs to be considered. If your third-party experiences a breach, your organization maintains its sole liability for the data you have collected and stored; meaning you will still face civil penalties, and not the third-party.
It is therefore highly recommended that you partner with a vendor like SEM who can provide both data and drive destruction devices for your organization to use and keep in-house. By controlling who, where, when and how your data and drives are destroyed, you can better ensure data protection at every step during destruction.
This past December, the NSA released a complete new set of Evaluated Products Lists for secure document/media destruction devices, all dated 06 November 2018. Such an extensive new EPL posting was quite a surprise to end users and equipment makers. Typically, these lists come out in one at a time, often with years between updates. Seven of them released all at once was unusual and unexpected.
Even more of a surprise was a change in the particle size standard for destroying classified DVD and Blu-ray Discs (BDs). The change, apparent in the new EPL for Optical Media Destruction Devices, states the new standard as “DVDs and BDs to a maximum edge size of 2mm or less.” This sudden change has led to a flood of inquiries at SEM from government organizations, so it seemed a good time to address this particular change.
The existing CD particle size standard, “CDs to a maximum edge size of 5mm or less,” was not changed. As a result, looking at the list of products on the EPL, there is a column noting the acceptable materials that indicates whether each device is good for CD, DVD, BD, as well as other non-optical materials for which some of those machines are certified. A key takeaway is that NSA listed optical media destroyers are no longer all the same in terms of what they can destroy. Users will need to check the EPL to make sure all items they want to destroy are approved. This could make for a lot of confusion when looking at products on the market.
Yet another uncertainty is the timeline for users to make a changeover. The EPLs do not give a transition period to switch to new machines, or grandfather the use of existing equipment. In the past, when the NSA changed a standard for shredders or media destroyers, there was some time allowed to comply. So far, there has been no announcement of that for the new DVD/Blu-ray standard, but many government entities are hopeful for such an announcement.
What does this mean for the status of existing optical media destroyers in use and on the market? The change is significant. The great majority of optical media shredders that are in use are no longer shown on the EPL as approved for DVD or Blu-ray. This includes the most popular optical media shredders on the market and almost all document and multi-media disintegrators. Producing a 2mm particle with no oversized particles is simply not possible with those machines.
Only a few machines on the EPL for optical media destroyers have approval for DVD and BD. Of those, most are solid state media destroyers, which are large, expensive machines that cost $65,000 and up. Users seeking a compact, affordable machine to destroy optical media can choose a machine like the SEM Model 0200 OMD/SSD. Even better is the recently announced version of this machine with a more office-friendly configuration, the Model 0200 OMD/SSD-C. The new version will better suit most customers with its attractive cabinet and better sound proofing for the vacuum versus the tabletop style of the standard version. Both versions of the 0200 grind optical discs (not just the surfaces) into the NSA required particle size, which looks like beach sand. The waste is collected and bagged by a vacuum. These devices are not quite as user friendly as standard optical media shredders, like the SEM Model 0202 OMD. Users who only have CDs, no DVDs or Blu-ray, will surely be happier with a machine like the 0202 OMD.
As an aside, another change on the optical media destruction device EPL, and the other EPLs, is that the NSA is no longer publishing official throughput rates. In recent years these rates were on the EPLs. This was a way for folks to check the claims made by vendors on capabilities. The EPLs now direct users to the manufacturers to get throughput data. In terms of optical media, the rating in question is the number of discs per hour.
At the end of the day, the NSA EPL is the golden standard for all types of secure data destruction, whether government or commercial, and must be followed for the destruction of classified and top secret data. SEM has over 50 years of experience with the destruction of sensitive and secret data and is here to help anyone who has questions on or needs assistance with the new EPLs.
Bob Glicker, Mid-Atlantic Regional Sales Manager, has over 35 total years of sales experience with over 23 years of targeted government sales experience. Bob prides himself on providing the highest level of service to his government clients, and he enjoys working with key resellers. Bob received his BS in Chemistry from the University of Maryland, College Park. In his free time, Bob enjoys a variety of activities including gym workouts, cycling, reading, and listening to podcasts. He is also an avid science lover, an amateur juggler, a vegetarian, and the quintessential family guy.
In today’s digital age, the majority of data is stored electronically in internet-based cloud software. Whether for convenience or accessibility, or due to physical hardware storage limitations, using a cloud to store data has become a norm for businesses, organizations, and individuals alike. And while cloud systems offer security measures that physical storage systems cannot, they also come with their own set of risks and security threats.
Moreover, the size and even financial power of an organization doesn’t necessarily equate to better and more secure methods of privacy protection for data stored in its cloud. Recent data breaches at large data centers like Experian, Facebook, and Target have proven that the proper protection of private and otherwise sensitive information is paramount, especially when stored electronically.
For healthcare providers, professionals, and clearinghouses (hereto referred as covered entities), HIPAA has specific regulations for safeguarding Protected Health Information (PHI), especially when it comes to the disposal of such sensitive and private data.
HIPAA Regulations & Best Practices for Data Disposal
If you’re a covered entity and need to dispose of data containing PHI, you cannot simply abandon the PHI data or dispose of it using a public container like a dumpster that can be accessed by unauthorized personnel. The only time this is appropriate is if the PHI has already been rendered unreadable, indecipherable and otherwise cannot be reconstructed. In order to fully destroy this data, certain steps must be followed.
The HIPAA Privacy Rule requires the covered entity to implement appropriate physical (e.g., facility access and control; workstation and device security), technical (e.g., access control; audit controls; integrity controls; transmission security), and administrative (e.g., security management process; security personnel; information access management; workforce training; policy and procedure evaluation) safeguards for PHI to avoid prohibited as well as incidental use and disclosure of the PHI data. See 45 CFR 164.530(c).
This Rule holds especially true with the disposal of PHI and requires the covered entity to not only destroy the electronic PHI (ePHI) and the hardware or electronic media it is stored on, but to first properly dispose of the ePHI data on the media before that media is made ready for reuse.
In addition, the HIPAA Security Rule also requires the covered entity to set policies and procedures for the disposal of ePHI. As part of this mandatory safeguard process, covered entities must also train their workforce members on the proper disposal policies and procedures erected and enforce these policies. See 45 CFR 164.310(d)(2)(i).
It is up to the covered entity to determine a method of data destruction and disposal, by assessing their own potential risks to patient privacy as well as the form, type, and amount of PHI collected and stored. For instance, PHI such as name, social security number, driver’s license number, diagnosis, or treatment information are examples of sensitive information that may necessitate more care with regard to disposal. HIPAA does not require one method of data destruction and disposal over another, so long as the Security and Privacy Rules are followed.
In the case of ePHI, whether on hardware or in an internet cloud system, proper HIPAA disposal methods include overwriting non-sensitive information with software or hardware to clear the data, degaussing the media and rendering the magnetic field permanently unusable, or destroying the media by shredding, melting, pulverization, disintegration, or incineration. You may also opt to maintain a secure area for PHI disposal and/or you are permitted to work with a disposal vendor like SEM to destroy the PHI on your organization’s behalf (so long as there is a written agreement or contract authorized by both parties). There are no set HIPAA rules for how employees or workforce members dispose of PHI; if you have off-site employees who use PHI or ePHI, you can require that they return all PHI to your organization for proper disposal.
Failure to adhere to the HIPAA Security and Privacy Rules could result in unlawful release of PHI, and consequently, the potential for identity theft, employment discrimination or even harm to the individual’s reputation.Moreover, the covered entity can face serious penalties for noncompliance.
Penalties for Noncompliance
In tandem with the Department of Justice, the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) are responsible for the administration and enforcement of the HIPAA Security and Privacy Rules for the disposal of PHI.
Failure to comply with the HIPAA Security and Privacy Rules can result in an investigation and audit, and in some circumstances civil and criminal penalties. Factors such as violation date, whether the covered entity was aware of the failure to comply, or whether the failure to comply by the covered entity was willful neglect will determine the end consequence of the violation to either the Privacy or Security Rule.
If found guilty or in violation of either Rule, civil money penalties of $100 up to $50,000 per violation (and not exceeding $1,500,000 per calendar year for multiple violations) can be imposed. A civil penalty may not be imposed under certain circumstances, such as: the failure to comply was not due to willful neglect and was corrected during a 30-day period from the date in which the violation occurred; if the Department of Justice has imposed a criminal penalty; or, if the OCR chooses to reduce the penalty due to reasonable cause in the covered entity’s failure to comply, in that the penalty would be excessive given the nature and extent of the noncompliance.
In addition, criminal prosecution, in the form of a fine of $50,000 and up to one year of imprisonment, can be mandated for a person who knowingly obtains or discloses PHI and ePHI, which can occur as a result of improper disposal of the PHI. The criminal penalty increases to $100,000 and up to five years of imprisonment if the violation involves false pretenses, and to $250,000 and up to 10 years of imprisonment if the wrongful act involves the intent to sell, transfer or use the PHI for commercial advantage, personal gain, or malicious harm.
One last note: the HIPAA Privacy Rule does not include requirements for the length of time medical data like PHI should be retained before disposal. Instead, check with your state’s laws for medical record retention rules before disposing of any data.
In the age of sophisticated cyberattacks and data breaches, digital security continues to be a primary concern for government organizations and businesses of every industry. To be effective, today’s security procedures must treat internal threats with the same level of importance as external threats. While it may not be the first thing that comes to mind, a key element of your overall digital security strategy is your plan for what you do with information when it’s no longer needed. Hard drive data destruction is a general term for the process of clearing all sensitive information from your computer hard drives and solid state drives (SSDs), and it’s an essential step for protecting your organization, your customers, and your employees.
There are three methods of hard drive data destruction: erasing (sanitizing), crushing, and destroying. Here’s a look at each option.
Sanitization of the Hard Drive (Erasing): Degaussing
Degaussing is a very effective method of erasing data on magnetic media (hard drives and or data tapes). If you are trying to erase unclassified or sensitive data, a commercial degausser such as the SEM Model EMP-1000 is a perfect solution. The SEM EMP-1000 is the most powerful commercially sold degausser in the marketplace today. With the strength in power at 16,000 gauss (1.6 Tesla), it erases the highest coercivity magnetic media available today without the use of adapters.
However, if you are erasing classified or highly sensitive magnetic media, the NSA listed SEM EMP-1000HS would be the correct choice for your organization. The EMP-1000HS is a 20,000 gauss (2.0 Tesla) machine that has been evaluated by the National Security Agency for use on classified media.
Considerations: when choosing to sanitize hard drives, be sure to choose a company such as SEM that offers both NSA approved and commercial (PII/CUI) type degaussers. Regardless of the sanitization level required, don’t take the easy path of simply reformatting the drive or removing the directory. These methods simply make the data on the hard drive harder to find. The hard drive should be completely erased (sanitized), which the SEM EMP-1000 series can assure your organization on every single degauss cycle.
Crushing the Hard Drive
Most organizations and their IT leaders know that destroying a hard drive is the most secure way to dispose of data, but they often mistake damaging it for actual drive destruction. Damaging a hard drive with a hammer or by driving a nail into it is less time consuming than hard drive shredding or crushing, but it is also much less secure. For lower volume applications, hard drive crushing is the most secure and economical solution.
SEM’s Model 0101 automatic hard drive crusher is a hard drive crusher that has been evaluated by the NSA and meets NSA and DoD compliance guidelines for the physical damage of media. Note that all classified rotational hard drives MUST be degaussed prior to destruction. Not only does the Model 0101 punch a hole in the drive, it also bends the platter, rendering the drive inoperable. This handy device is compact and affordable, making it the ideal solution for smaller installments or where portability is of key importance.
Destroying the Hard Drive
The fastest and easiest way to destroy a hard drive is to shred it. Hard drive shredders quickly chew up hard drives to particle sizes ranging from 0.75″-1.5″ for rotational media to 0.375″ for solid state media. The SEM Model 0315 Combo Shredder is SEM’s best-selling hard drive shredder that destroys both HDDs and SSDs in one convenient device.
Considerations: The most compliant form of rotational hard drive data destruction that protects your organization from liability associated with data stored on magnetic media’s the NSA’s two-step process of degauss and destroy. This process is only NSA compliant when NSA listed devices are used. Consider the SEM Model EMP-1000HS degausser and the SEM Model 0101 hard drive crusher or SEM Model 0315 hard drive shredder. However, solid state media is not degaussable and stores significant amounts of data on tiny chips. Therefore, the most secure way to destroy solid state drives is by following the NSA directive that mandates a 2mm or less particle, such as is achieved with the SEM Model 2SSD.
Mike Palaia is Western Regional Sales Manager at Security Engineered Machinery (SEM)
On 13 December, 2018, the SEM team celebrated the holiday season. The sales and service teams flew into town for the week so the whole team could be together. The evening started with the company breaking into five teams to participate in escape room challenges at Live Action Escapes in Worcester, MA. We are happy to say that three of the five teams escaped their rooms. The other two tried their best but were stumped in the end. All in all, employees agreed that the experience was a lot of fun.
After the escape room challenge, the group make its way downstairs to The Citizen, where everyone enjoyed each others’ company over food and drinks. The evening was a fun and relaxing way to celebrate the holiday season with the team. Happy Holidays to you and yours!
On November 28, 2018, Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, participated in Operation Playhouse, a unique program offered through Habitat for Humanity Metrowest/Greater Worcester. Operation Playhouse enables local businesses and organizations to build and donate a custom playhouse to benefit the children of local veterans and military personnel. The one-day event culminated with the presentation of the firetruck-themed playhouse to United States Marine Corps Operation Iraqi Freedom combat veteran Richard Brown and his family.
The event started at 9am onsite at SEM corporate headquarters in Westboro. SEM employees volunteered to participate in various tasks including painting, constructing, roofing, and decorating the playhouse as well as building accessories. Several authentic firetruck items were donated by the Boston and Dunstable fire departments for use in the playhouse. The construction was overseen by David Hamilton, Community Program Manager for Habitat for Humanity. Veteran Richard Brown and his family, from Dunstable, MA, arrived at 3:30pm to receive the playhouse. Nicholas Cakounes, Executive Vice President of SEM, made the presentation.
“Veterans have a special place in our heart here at SEM,” said Mr. Cakounes. “We are filled with gratitude to those who have served our country and protect our freedom, so giving back in some small way through Operation Playhouse was an absolute honor.”
“This event was incredibly special to me personally,” added Korean War Veteran Leonard Rosen, who is SEM’s founder and Chairman of the Board. “Mr. Brown selflessly served his country, ensuring our rights and freedom. That is a debt we can never repay, so we were thrilled to be able to do something to bring joy to him and his family.”
SEM is a veteran-owned company whose primary client base is the United States Federal Government and its entities, including all branches of the United States Military.
Trends in data storage are changing at an exponential rate. The past few years alone have seen the progression of data storage from large servers with magnetic media to cloud-based infrastructure with increasingly dense solid state media. Along with every technological advancement in data storage has come the inexorable advancement of data theft. As a result, the scope and level of responsibility for protecting sensitive and Personally Identifiable Information (PII) has expanded to include not only the originators of data, but also all of the intermediaries involved in the processing, storage, and disposal of data. To address these critical issues and to protect organizations and citizens of the United States, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has developed NIST 800-88 “Guidelines for Media Sanitization” to promote information system security for all other applications outside of national security, including industry, government, academia, and healthcare. NIST 800-88 has become the predominant standard for the US Government, being referenced in all federal data privacy laws, and has now been overwhelmingly adopted by the private sector as well.
NIST 800-88 assumes that organizations have already identified the appropriate information categories, confidentiality impact levels, and location of the information at the earliest phase of the system life cycle as per NIST SP 800-64 “Security Considerations in the Systems Development Life Cycle.” Failing to initially identify security considerations as part of the data lifecycle opens up the strong potential that the organization will fail to appropriately maintain control of and protect some media that contains sensitive information.
Confidentiality and Media Types
Confidentiality is defined by the Title 44 US Code as “preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.” FIPS 199 — NIST’s Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal Information and Information Systems — adds that “a loss of confidentiality is the unauthorized disclosure of information.” Bearing these definitions in mind, organizations must establish policies and procedures to safeguard data on used media. Common methodologies of illicit data recovery include basic acquisition of clumsily sanitized media either through third party sale or old-fashioned dumpster diving, or the more sophisticated laboratory reconstruction of inadequately sanitized media.
Currently, two types of basic media exist: hard copy and electronic. Commonly associated with paper printouts, hard copy actually encompasses a lot more. In fact, all of the materials used in the printing of all types of media, including printer and fax ribbons for paper and foils and ribbons for credit cards, are considered hard copy. Electronic media consists of any devices containing bits and bytes, including but not limited to rotational and solid state hard drives, RAM, boards, thumb drives, cell phones, tablets, office equipment including printer and fax drives, server devices, flash memory, and disks. It is expected that, considering the rate at which technology is progressing, additional media types will be developed. NIST 800-88 was developed in such a way that sanitization and disposal best practices pertain to the information housed on media rather than the media itself, allowing the guideline to more successfully stay current with future innovations.
Media Sanitization – Methodologies, Responsibilities, and Challenges
Three methodologies of media sanitization are defined by NIST 800-88 as follows:
Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory
Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of
One of the most commonly used clearing methodologies for data sanitization on magnetic media has traditionally been overwriting using dedicated sanitize commands. Note that basic read/write overwriting is never recommended as it does not address all blocks on the media. Drawbacks to overwriting using sanitize commands are two-fold: 1) it is only effective for magnetic media, not solid state or flash, and 2) this methodology is wide open to operator error and theft, as well as undetected failure.
A common form of purging used for magnetic media sanitization is electromagnetic degaussing, whereby a dedicated degaussing device produces a build-up of electrical energy to create a magnetic field that removes the data from the device when discharged. Degaussing has long been an acceptable form of media sanitization for top secret government information when used in tandem with a hard drive destruction device such as a crusher or shredder. Degaussing alone poses the same concerns as overwriting in that operator error or deceit remains a possibility. In addition, the strength of the degausser is critical when eliminating sensitive information from magnetic media. Typically, degaussers evaluated and listed by the National Security Agency (NSA) are considered the golden standard.
While clearing and purging provide adequate media sanitization involving less sensitive data, destroying is the most effective and permanent solution for secure data applications. Organizations should take into account the classification of information and the medium on which it was recorded, as well as the risk to confidentiality. As the internet continues to expand and the switch from physical to digital document-keeping becomes the industry standard, more and more data holds PII information such as financials, health records, and other personal information such as that collected for databases or human resources. As a result, security-focused organizations are becoming more cognizant of the fact that comprehensive data sanitization — including destruction — must become a top priority.
Industry-tested and accepted methodologies of secure data destruction include crushing, shredding, and disintegration, but even these secure end-of-life solutions require thoughtful security considerations. For example, shredding rotational hard drives to a 19mm x random shred size provides exceptional security for sensitive information. However, a 19mm shred size would not even be an option for solid state media, which store vast amounts of data on very small chips. Instead, sensitive solid state media should be shredded to a maximum size of only 9.5mm x random, while best practices for the destruction of highly sensitive or secret information is to disintegrate the media to a nominal shred size of 2mm2. In addition, some destruction devices such as disintegrators are capable of destroying not only electronic media, but also hard copy media such as printer ribbons and employee ID cards, providing a cost-effective sanitization method for all of an organization’s media.
Responsibilities and Verification
While NIST 800-88 has become the industry standard for secure data sanitization, the guidelines do not provide definitive policies for organizations. Rather, NIST 800-88 leaves the onus of appropriate data sanitization to organizations’ responsible parties including chief information officers, information security officers, system security managers, as well as engineers and system architects who are involved in the acquisition, installation, and disposal of storage media. NIST 800-88 provides a decision flow that asks key stakeholders questions regarding security categorization, media chain of custody including internal and external considerations, and potential for reuse.
Regardless of the sanitization method chosen, verification is considered an essential step in the process of maintaining confidentiality. It should be noted that verification applies not only to equipment and sanitization results, but also to personnel competencies. Sanitization equipment verification includes testing and certification of the equipment, such as NSA evaluation and listing, as well as strict adherence to scheduled maintenance. Organizations should fully train personnel responsible for sanitization processes and continue to train with personnel turnover. Lastly, the sanitization result itself must be verified through third party testing if the media is going to be reused. When media is destroyed, no such verification is necessary, as the pulverized material itself is verification enough. Because third party testing can be impractical, time consuming, and costly, many organizations choose to destroy media to ensure full sanitization of data and in doing so, to greatly mitigate risk.
NIST 800-88 was developed in an effort to protect the privacy and interests of organizations and individuals in the United States. Adopted by nearly all federal and private organizations, NIST 800-88 provides an outline of appropriate procedures for secure data sanitization that both protects PII and confidential information while reducing organizational liability. Determining proper policies is realized by fully understanding the guidelines, following the sanitization and disposition decision flow, implementing data sanitization best practices, and engaging in ongoing training and scheduled maintenance. Because NIST 800-88 guidelines do not provide a definitive one-size-fits-all solution and are admittedly extensive, working with a knowledgeable data sanitization partner is key to a successful sanitization policy.