This is a two-part look at one of the most commonly misunderstood means of data disposal – hard drive overwriting. Last week, in Part 1 we looked at the general misconceptions. Today in Part 2 we’ll focus on the dangers of overwriting to dispose of top secret data.
It’s a huge responsibility securing the nation’s secret intelligence or highly confidential patient records. When that kind of data gets in the wrong hands, the danger is not only civil liability, fines or media embarrassment. Human lives and business stability are on the line.
One of the United States’ main concerns is malicious data recovery capabilities targeting financial institutions. U.S. Departments of State, Treasury, Homeland Security, and FBI recently issued the DPRK Cyber Threat Advisory to serve as a resource on managing the cyber threats to your business.
Risk of exposure via data breaches is so high that there are very specific security protocols in place to ensure compliance with NSA/CSS standards.
Given all that, it’s surprising that data wiping (overwriting) service vendors claim that overwriting has Department of Defense (DoD) approval, and is completely secure for top secret data disposal. As of June 2007 (13 years ago!), the Defense Security Service (DSS) clearly stated it no longer approved of any overwriting procedures “for sanitization or downgrading of Information Systems (IS) storage devices used for classified processing.” Additionally, the NSA/CSS does not include software overwriting or software wiping as means to reliably destroy data.
So, how are overwriting service vendors able to make that claim and what is the reality?
DoD protocol referenced by the data wiping industry is DoD 5220.22-M, incorrectly referred to as the data wiping “standard.” DoD 5220.22-M is not a standard. It was never intended as a standard because it has no certification. No IT asset disposal company can be “certified” to DoD 5220.22-M standards. Instead, DoD 5220.22-M references a particular method, a set of steps, for overwriting data.
5220.22-M method appeared in the National Industrial Security Program (NISP) Operating Manual in 1995. The method called for three overwriting passes of all addressable segments of the hard drive. DoD 3-pass method, is usually implemented in the following way:
- Pass 1: Overwrite all addressable locations with binary zeroes.
- Pass 2: Overwrite all addressable locations with binary ones (the compliment of the above).
- Pass 3: Overwrite all addressable locations with a random bit pattern
- Verify the final overwrite pass.
But in 2006, mentions of 5220.22-M disappeared from the NISP manual, to be replaced by the National Institute of Standards and Technology (NIST) 800-88 guidelines
As stated above, in June 2007, the Defense Security Service (DSS) went further and clarified that overwriting procedures Are NOT APPROVED “for sanitization or downgrading of Information Systems (IS) storage devices used for classified processing.”
Overwriting compromises your security
DSS took that position for two key reasons: laboratory tests showed that data could be recovered from the hard drive even when the three overwriting pass method was used, and there was no way to verify that the data had been completely erased. (link to Part 1 here)
The data wiping industry even admits to this fact. They acknowledge that bits of data can remain on the drive due to “bit shadowing.” A bit shadow is a remnant of a bit of data that has been overwritten and can be detected using a standard magnetic force microscope (MFM).
It works like this: Magnetic fields do not have a hard edge. Like light, a magnetic field is the strongest in the center and gets weaker at the edges. When recording or overwriting, the hard drive cannot write exactly over the existing field. Old data can be detected at the edges of the bit patterns. Shadows of overwritten data can be seen using Magnetic Force Microscopes (MFM). This is known as bit shadow.
While laboratory attacks using MFM are more time consuming, they are still possible and effective. The very fact that this is a concern to the data wiping industry itself is reason enough to show that overwriting is not a suitable method of data elimination.
Degaussing is the solution for non-discriminatory data elimination.
Degaussing doesn’t rely on the software or operator to decide what data is sensitive, it leaves no data behind. Only degaussing erases the entire hard drive working or not, in less than one second by delivering a strong magnetic pulse. The process can be laboratory tested and verified. Degaussing, not overwriting, is an approved method of erasing TOP-SECRET data by the NSA.
Garner Products is a nationally recognized leading manufacturer of NSA/CSS EPL-Listed data destruction equipment. Garner offers a full line of degaussers and destroyers from office-quiet desktop units to equipment for top secret data elimination. Learn more about Garner Products at GarnerProducts.com.