Tag: Leonard Rosen

Shredding Through Time

July 28, 2020 at 10:00 am by Flora Knolton

Paper shredding can first be accredited to Abbot Augustus Low of New York, who filed a patent for an improved wastepaper receptacle in 1909, sparking the first idea for a paper shredder. Low’s invention was intended for use in banks and counting houses, but unfortunately was never manufactured.

The first known mechanical paper shredder actually was created in Germany in 1935. A man, Adolf Ehinger, was inspired by a hand-crank pasta maker to create a machine to shred sensitive material after being questioned about anti-Nazi literature in his garbage. The machine was cranked inside of a wooden frame that was large enough to handle one sheet of paper. Later in the 1940s, he added a motor to power the shredder and sold the shredders to a host of government entities.

During the cold war, Ehinger’s shredder increased in popularity. In 1959, his company, EBA Maschinenfabrik, created the first cross-cut shredder that cut paper into tiny bits for an increased security level. To this day, EBA Maschinenfabrik continues to design and produce shredders under the name of Krug & Priester, who purchased the business in 1998.

Since Ehinger’s invention, shredders have played a role in many important times in history. Before the 1980s, shredders were nearly exclusively used by the government, military, and banking industry. But in 1987, the U.S Supreme Court that ruled that your garbage, once brought to the curb outside, is considered public property. Come the 1990s, statistics proved how corporate and personal identity theft had skyrocketed. Most of the public wasn’t even aware of the existence of paper shredders until they began to surface in connection with scandals such as Watergate in the 1970s, Iran-Contra in the 1980s, and Enron in 2002. The increase in identity theft and scandals caused concern which led to businesses and individuals burning their paper waste. Because it is so detrimental to the environment, this increase in burning led to laws prohibiting the incineration of trash, which had the effect of businesses and regular citizens turning to paper shredders for secure document disposal. Despite the negative stories and unfair reputation from the media about how they are used to cover the tracks of the guilty, Ehinger’s purpose was to protect the innocent. Throughout the 20th century, paper shredders have become more secure by using cross-cut methodology and creating smaller shreds.

Privacy laws such as the Health Insurance Portability & Accountability Act (HIPAA), The Fair and Accurate Credit Transaction Act (FACTA), The Family Educational Right and Privacy Act (FERPA) to name a few, render organizations responsible for protecting customer/consumer information. It’s important for businesses to legally comply with these regulations and it is also a best practice for business to routinely destroy data that has outlived retention periods. Shredding paper opens up many environmentally-friendly disposal alternatives that are better than tossing it all in the dumpster.

In 1968, in what is now known as “The Pueblo Incident”, Navy intelligence vessel USS Pueblo was captured by North Korean patrol boats. According to U.S. reports, the Americans tried their best to destroy all the classified information aboard the ship. Unfortunately, with the volume of material on board it was impossible to destroy it all prior to capture. Korean War Veteran and founder of SEM Leonard Rosen was struck with the idea that there has to be a better way to destroy classified information. Within weeks of hearing this news, he had developed the concept for the world’s first paper disintegrator and the SEM legacy of destruction devices had begun. It’s fascinating that Ehinger and Rosen were both motivated by protecting their countries’ intelligence for the greater good of humanity at the time to produce such ideas.

SEM may have coined the term “disintegrator”, but every device from SEM is always quality. SEM’s high security paper shredders are NSA/CSS listed and reduce waste to particles no larger than 1mmx 5mm. All SEM NSA listed paper shredders meet the requirements of the new CUI security regulation that requires CUI documents to be shredded and meet  . The Model 344 paper shredder produces particles of 0.8mm X 2.5mm, which is half the size of the current NSA requirements, for those looking for the highest security. Many of SEM’s paper shredders are factory installed with an automatic oiler, but for those looking to reduce their carbon footprint, the Model 1201CC paper shredder may be what’s necessary. The Model 1201CC was the first high security paper shredder tested oil-free by the NSA and listed on the NSA EPL for classified document destruction. Oil free shredders save money on oil refills and are perfect for the eco-conscious consumer.

Buying a paper shredder is an insurance policy that helps protect sensitive information. Our trash is not “our” trash once it’s outside, and its vital to be conscientious about what is being thrown away. Paper shredders have been around for over 100 years now and will continue to be necessary even as  more offices vow to go paperless. Paper will still be around, and SEM has all the Classified and Unclassified paper shredders to meet your media destruction needs.

 

 

New CUI Directive Defines Latest Targets and Final Implementation Dates for all Executive Branches

May 27, 2020 at 8:46 pm by Flora Knolton


The Latest ISOO announcement details new target dates for policy, training, and implementation.

WESTBOROUGH, MA, May 26, 2020 —On 14 May 2020, the Information Security Oversight Office (ISOO) released CUI Notice 2020-01: CUI Program Implementation Deadlines (the “Notice”), which includes specific dates of implementation and deadlines for affected government agencies that handle or store Controlled Unclassified Information (CUI). The Notice applies to all Executive Branch agencies.

The Notice references 30 June 2020 as the deadline for the initialization of an awareness campaign for workforces within agencies that have access to CUI. By this date it is expected that relevant agencies will be able to define and identify potential CUI within an office as well as summarize the actionable plan the office will follow to properly store, dispose, and in the case of legacy material, re-mark and reuse said CUI information.

The deadline for agencies to draft their policies detailing CUI guidelines moving forward is 31 December 2020. By this date, now current policies must be rescinded or modified with a policy that satisfies the new mandates set by ISOO for individual agencies to follow, and these policies will be implemented over the course of the following calendar year. The use of any Classification Marking Tools (CMTs) in the labeling and marking of CUI materials must also be updated by the 31 December 2020 date.

“The CUI implementation timeline is a critical step towards data security in the U.S.,” said Andrew Kelleher, President and CEO of Security Engineered Machinery (SEM). “We applaud ISOO for their tireless efforts in safeguarding CUI. By ensuring all agencies are storing, labeling, and destroying CUI data appropriately, we can help protect government agencies and the citizens of our country as a whole.”

All physical safeguards must be in place by 31 December 2021, including how an agency ensures CUI is kept out of sight and out of reach from those who do not have access. All agencies that store CUI information in Federal Information Systems must additionally have those systems updated and configured to no lower than Moderate Confidentiality impact value, as outlined in 32 CFR 2002.14.

In addition, training on the policy for an agency’s workforce including sub-agencies must be implemented and completed by 31 December 2021. This includes detailing CUI’s purpose, individual responsibility, and destruction requirements. Destruction requirements for end-of-life CUI should be as detailed as possible and, at a minimum, follow specifications outlined by the National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines for Media Sanitization. It should be noted that NIST 800-88 specifically states that paper containing sensitive information such as CUI must be destroyed to a 1mmx5mm final particle size at end-of-life, which is the same final particle specification as classified information destruction.

“Technology advancements have made it easier for criminals to reconstruct data, whether on digital or traditional media,” added Heidi White, SEM’s Director of Marketing. “Ensuring that end-of-life media is destroyed to the appropriate specifications, which for CUI is NIST 800-88 standards, cannot be overstated.”

The Notice can be read in its entirety here.

Security Engineered Machinery Turns Electronic Data Into Dust

October 31, 2018 at 1:24 pm by Heidi White
Leonard Rosen, SEM Founder and Chairman of the Board

As the world becomes more technologically advanced, so has the world of data destruction. Westborough-based Security Engineered Machinery, founded more than 50 years ago, has met that demand with devices that destroy hard drives. Founder Leonard Rosen spoke to WBJ about the company’s role in securing the information of government agencies and government contractors.

How does SEM help keep the country’s data secure?

Every military installation — and company of note — is involved with electronic media. In the past, it was all paper. As time went on and advancements were made in communications and data storage, electronic media became the ultimate in information accumulation.

We have adapted by coming out with machines that can destroy the information on these new devices.

What kind of machines?

Our biggest area of expertise is in hard-drive destruction. That’s done in several ways. One is by deaussing, which is introducing a magnetic charge to a hard drive that basically erases that information.

Are the physical items also destroyed?

We have crushers that exert force into a hard drive and very heavy-duty shredders that accept hard drives and chew them up into tiny pieces.

How much communication is there with customers on new adapting SEM devices to fit their needs?

Depending on what the government agency or defense contractor is doing, we can adapt our machines to meet whatever security requirement they have.

SEM does work with defense contractors?

You’ll be hard pressed to find a major defense contractor in the U.S. that doesn’t use our technology.

Do these products have to meet any government standards?

When we find out what new devices need to be destroyed, we either have something that can destroy it or we start designing one that can do it. Once we have a completed product that we have confidence in, we sent it to National Security Administration for evaluation.

How is it evaluated?

They put it through volume tests, but the end product is more important. The toughest thing we’re doing now is destroying solid state drives. There’s so many layers of information in those, so it’s a two-step situation.

Original post by Worcester Business Journal on wbjournal.com

This interview was conducted and edited for length and clarity by WBJ Staff Writer Zachary Comeau.

Security Engineered Machinery Founder Honored as ASIS Life Member

June 26, 2018 at 2:59 pm by Heidi White
Leonard Rosen, SEM Founder and Chairman of the Board

Leonard Rosen has been a continuous member of ASIS since 1968

Security Engineered Machinery Co., Inc. is pleased to announce that Leonard Rosen, SEM founder and Chairman of the Board, has been honored with Life Member status by the American Society for Industrial Security (ASIS). ASIS grants Life Member status to individuals who have 50 years of continuous membership within the organization. Mr. Rosen founded SEM in 1967 and became a member of ASIS in 1968.

“Receiving ASIS Life Member status was unexpected, and quite an honor,” said Mr. Rosen. “To me, this speaks volumes about the quality and endurance of Security Engineered Machinery, which has enabled me to remain a member of ASIS over the past five decades. SEM has consistently adapted to changing technology while continuing to grow through the years, and I am so proud to be part of this incredible organization. We started by selling paper shreddersto the federal government and now manufacture data destruction devicesfor every type of data and for every type of client. SEM continues to be a robust organization that has helped to protect national security for over 50 years.”

Throughout the years, SEM has supported ASIS through trade show participation as well as advertising in ASIS publications, including Security Management. In addition, SEM team members maintain membership and actively participate in regional chapters of ASIS.

“ASIS is truly the premier security association for security-centric government and commercial entities, and I am thrilled to gain Life Member status in such an upstanding organization,” added Mr. Rosen.

Mr. Rosen founded SEM in 1967 to fill a clear need for high security disintegration equipment for the federal government. He has possessed numerous positions with SEM over the years, including sales and marketing and operations. Prior to founding SEM, Mr. Rosen served in the U.S. Army and is a Korean War Veteran, after which he served in management positions related to sales and marketing roles with various domestic and international manufacturers. A graduate of Boston University, Mr. Rosen continues to be actively involved with SEM day-to-day operations and serves as Chairman of the Board.

“In addition to strategic vision that laid the foundation for SEM’s success, Len possesses exceptional leadership capabilities that are directly responsible for the longevity of SEM employees, whose service can often be counted in decades rather than years,” commented Andrew Kelleher, President of SEM. “He valued and encouraged work-life balance and positive company culture before anyone even knew what they were, and SEM continues to operate in that vein. It is rare to find someone with the vision and integrity of Len Rosen.”

Destruction is Their Business

June 13, 2018 at 4:33 pm by SEM
by Elizabeth Dinan
Follow the history of Westborough’s Security Engineered Machinery (SEM) and you also follow the recent history of America – beginning with the Pueblo incident and continuing post-Sept. 11. With each historic milestone along the way, SEM has also marked history by how it disposed of classified materials.
But back to the USS Pueblo, which was on an intelligence gathering mission when it was attacked by North Koreans on Jan. 23, 1968. Before 82 U.S. military men were captured and led off to 11 months of imprisonment, many of them frantically tried to burn, shred, smash, and dump the large volume of classified materials on board.
Soon thereafter, Leonard Rosen read a Navy request for an industrial shredder that would work in a ship environment and went on to design a paper disintegrator to fit the bill. He then formed a company, SEM, around it.
“The paper disintegrator became standard on every fleet,” said Mr. Rosen, Chairman of the Board at SEM. “With 700 ships in the Navy, it kept us going.”
Less than a decade later, the U.S. government passed the Clean Air Act, including a ban on the burning of currency and bank notes because of toxic inks. In response, SEM became the standard for currency and banknote disposal.
That same year, 1976, the government banned the burning of stamps because of inks and adhesives, and SEM took on the job of destroying obsolete postage.
“Whenever there’s a stamp increase,” Rosen said, “it’s good business for us.”
When the U.S. Embassy in Tehran was taken over in 1979, Americans there didn’t have time to destroy most of the classified materials, and the U.S. government followed up by purchasing SEM document destroyers for all of its embassies. When the Tylenol scare followed in 1982, SEM went on to sell lots of equipment for the destruction of countless bottles of the pain reliever.
The Tylenol scare led to more SEM machine sales to drug manufacturers looking to get rid of expired products without the risk of someone pulling it from their Dumpsters and reselling at flea markets or to Third World countries.
“FDA laws are lacking in Third World countries, and we’re talking cases and cases (of pharmaceuticals),” Rosen said. “So we destroy it down to ‘no recognizable particle’ so it can’t be used.”
And when he says ‘no recognizable particle,’ Rosen means his company’s machines break down documents, drugs and a host of other materials to 1/32-inch pieces, or no larger than the size of a single typewritten character. Compare that minute size to companies looking to dispose of 20,000 to 30,000 pounds a day and an ordinary shredder just won’t do. SEM’s shredders, on the other hand, use rotary-knife mill technology that continuously cuts until original objects are “virtually unrecognizable.”
“You’re not going to buy your first paper shredder from me,” Rosen said. “But you’ll probably buy your third and fourth from me.”

Talking Trash

at 4:28 pm by SEM
MGMA Connexion,  Mar 2004  by Leonard Rosen

Options for the storage and disposal of medical records

As health care organizations endeavor to comply with privacy and security standards mandated by the Health Insurance Portability and Accountability Act (HIPAA), there is growing interest in effective and efficient ways to manage protected medical records – and how to destroy them once they become obsolete.

Neither HIPAA’s privacy standards for paper documents nor its security standards for electronic records dictate specific means of compliance. However, the preamble to Section 164.530 does cite a few examples of appropriate safeguards, such as locking file cabinets that contain protected documents and shredding such documents prior to disposal. For electronic media, Section 164.310 (“Physical safeguards”) requires covered entities to address the “final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored” and to implement procedures for “removal of electronic protected health information from electronic media before the media are made available for re-use.”

Each group’s appointed privacy official must decide which procedures and equipment will best prevent unauthorized, unnecessary and inadvertent disclosure of protected information. For storage, this means locked office doors and cabinets, computer firewalls and passwords, etc. For disposal, it means destroying records. No one should be able to dig trashed records out of the dumpster and misuse them. Discarded medical information often is still confidential.

Destruction equipment abounds The market offers a variety of record destruction equipment. Paper shredders come in all sizes, speeds, horsepowers and capacities, but there are three basic choices:
  • Personal – Desk-side shredders, available on casters for portability, can shred roughly six to 20 sheets at a time. This is convenient for offices with relatively few documents to destroy.
  • Departmental – Larger facilities with more documents to dispose of may install shredders that can handle 20-50 sheets at a time.
  • Centralized – A heavy-duty shredder can handle up to 400 sheets at a time and destroy bound reports and thick stacks of paper.

Whatever shredder models your practice selects, you will need protocols for managing shredded waste. Some companies offer regular pickup, transporting the trash to landfills or recycling facilities. Also on the market are powerful disintegrators that use rotary-knife systems to reduce high volumes of books, binders, paper bundles and other bulk materials to tiny particles. Depending on the model, these machines even pulverize CDs, DVDs, floppy discs, microfilm, credit cards, ID badges, tape cassettes and circuit boards, slicing them into indecipherable fragments at the rate of up to two tons per hour. Other machines, designed specifically for optical media, can completely remove data-bearing surfaces from CDs and DVDs. Because they leave inner disc hubs intact, the hubs serve as proof of destruction, eliminating the need for detailed logs and witnesses where certification of destruction is required. Old computers can tell tales Security may become an issue when a practice donates old computers to a school or some other organization. Most people don’t know that when a digital file is “deleted,” the information actually remains on the computer’s hard drive or a formatted diskette, as do deleted e-mail messages and records of online activity. This information is recoverable with sophisticated tools. Disk-wiping software can prevent unauthorized recovery by overwriting entire drives/disks – or particular sections of them -before these magnetic media are discarded or reused. Overwritten areas should be unreadable, but look for a software brand that meets or exceeds the Department of Defense standard for permanent erasure of digital information. When you require absolute certainty in erasing magnetic media, certain degaussers remove all recorded information in a single pass, allowing hard drives, diskettes, audio and video tapes, and four- and eight-millimeter data cartridges to be reused many times with no interference from previous use. Hand-held degaussing wands erase both floppy and hard computer disks. For both electronic and paper records, the variety of equipment on the market today enables a medical practice to tailor record-disposal to its particular needs.

Maybe Paper Isn’t the Only Thing You Should Be Shredding

at 4:27 pm by SEM

SIGNAL CONNECTIONS E-newsletter August 15, 2005

Hard drive disposal has become a hot topic over the past few years for both the defense community and the private sector. As personal computers advance and older units become obsolete, disposal of sensitive information still left on the hard drive is of serious concern. For most companies simply throwing the computers or drives away is not an option. Some choose to “erase” the drive with either software or degaussing equipment, but experts agree that the process is not always 100% effective. The best way to be certain that important information is not accessible after disposal is to physically destroy the hard drive. Current methods for destruction or defacing prior to disposal can be effective but are often primitive and labor intensive. They include everything from drilling, crushing or removing the platter for sanding or grinding. Recently, at the request of several customers, SEM began developing machines to destroy entire hard drives, by turning them into an unrecognizable pile of shredded material.

Through testing several combinations, exploring alternate materials and working out safety concerns, we enhanced two of our current disintegrators (industrial shredders) to successfully destroy hard drives. The process is actually very simple. Drives are placed into one of our disintegrators and are continually shredded until the particles are small enough to pass through a waste disposal screen. The unrecognizable, unreconstructable waste can then be disposed without fear of information theft. This type of one-step destruction is viable and cost-effective for many companies. However, as in all forms of destruction, understanding the process and knowing the requirements is the key to success.

Limitations/Maintenance – One-step destruction does have limitations and maintenance associated with it. There are limitations on drive size (1 ½ lbs. case weight), volume (drives fed per hour) and collection capacity depending on the method chosen. Maintenance includes periodic blade sharpening, lubrication and replacement of consumable items, all determined by amount of use and volume. None of these items alone or combined are deterrents but must be factored into the cost and overall maintenance budget.

Understanding How the Disintegrator Works – The disintegrator or industrial shredder is a rotary knife mill, which uses a number of rotating and stationary knives working in unison to create a scissor-type cutting action. The level to which the product is cut or broken up is determined by an interchangeable sizing screen. Screens are available with various hole sizes, which allows the end user to tailor the final particle size to their requirements of security. Once the product is destroyed and passed through the sizing screen, it falls into a tote bin or larger collection device (drum, cart, or dumpster).

Going Beyond the Hard Drive – Once we had perfected hard drive destruction, we in the destruction community were faced with another challenge. It seems the process of opening all the computer cases and removing all the hard drives was becoming a burden to the folks charged with sending us the drives. It may seem like a small thing, but many older tower computers may require as many as 10 screws to be removed before a drive can be taken out. The procedure could take several minutes. In response to demands to simplify the process, we have developed a machine that will destroy an entire tower or desktop CPU with no need to open the case or remove any items. The dual-shaft design machine literally shreds them into 2” wide pieces at random lengths. The 2” particle size can be reduced even further, if desired, by running it through a disintegrator.

What About Cost? – The decision to purchase a system should not be based on cost, but on potential risk. For lower volumes, destruction services are an option. Even so, many companies simply cannot afford to purchase this equipment for the relatively small number of computers that need to be destroyed. In these cases, we recommend investigating a destruction service. At SEM we not only sell the equipment, but we maintain and operate a full-scale destruction facility. So, if you have old computers to dispose of, stop and think about the best way to do it. Destruction, specifically shredding, just might be the answer.

About the Author – Leonard Rosen is the Founder and Chief Executive Officer of Security Engineered Machinery. He has over 40 years of experience in the field of information security and destruction.