Wiping standards have been debunked by the DoD. It’s been replaced by modern standards like the NSA/CSS policy manual 9-12 storage device sanitization and destruction manual.
But like the urban legend of the alligators in the New York sewer system, the data wiping myth persists. It claims that the NISP Operating Manual (DoD 5220.22-M) advocates overwriting hard disk drives as a secure method of media sanitation. It does not.
The Defense Security manual specifically disavowed overwriting as an acceptable method of sanitation for magnetic media in the June 2007 edition of DSS Clearing and Sanitization Matrix (C&SM).
How we got here
In the 1990s, the early days of data destruction, as people look for secure ways to permanently erase data from hard drives, overwriting was indeed considered. Devised by Peter Gutmann and Colin Plumb and presented in the paper Secure Deletion of Data from Magnetic and Solid-State Memory in July 1996, overwriting with three eraser passes was included as one option for data disposal.
Because of Gutmann and Plumb’s work, early (1995 and 1997) editions of the DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM) did include sanitization methods (including overwriting): within the Defense Security Service (DSS) Clearing and Sanitization Matrix (not text) inserted after Section 8-306,” according to Wikipedia.
To be abundantly clear, the NISPOM text itself never described any specific methods for sanitization. At no time was overwriting recommended as an official policy of the Department of Defense—especially for classified data.
But that didn’t stop this “pseudo standard” from being used and promoted by third-party computer recycling and refurbishing companies, IT asset disposition (ITAD) firms and other data disposal vendors. Many of these companies continue to claim overwriting is DoD compliant on their websites and marketing collateral to this day.
The marketing “buzz” became so intense that the DoD officially set the record straight in 2007. As of the Nov 2007 edition of the DoD 5220.22-M Matrix, overwriting is no longer acceptable for sanitization of magnetic media. Only degaussing (with an NSA approved degausser) or physical destruction is acceptable.
DoD 5220.22-M: Exposure and risk
The risk to ITAD professionals who choose to depend on overwriting as their primary means of data disposal are enormous. Just ask Morgan Stanley. When Morgan Stanley closed two data centers in 2016, the company decommissioned computer equipment through an outsourced data wiping (overwriting) vendor. Morgan Stanley expected a complete overwriting of customers’ private data. In 2020, four years later, they learned they didn’t get what they paid for. Instead, data remained on the “wiped” drives, which violated customers’ privacy. So far, Morgan Stanley has been fined $60M for this data security lapse. That’s just the beginning of the lawsuits and investigations to come.
Plus, there is no statute of limitations or safe harbor for improperly decommissioned IT assets. Partially destroyed data is a ticking timebomb. Improper #ITAD is a risk carried forward indefinitely. So, ask yourself, is relying on overwriting as your primary means of data disposal really worth the risk?
Best practices for data disposal
Today, the DoD and other organizations concerned with private, confidential, classified, and top-secret data disposal rely on the NSA/CSS policy manual 9-12 storage device sanitization and destruction manual. The manual recommends degaussing, disintegration, or incineration as the only acceptable methods of magnetic hard drive sanitation.
Your risk of a data breach from decommissioned hard drives and backup tapes can be reduced to zero with this simple three-step media decommissioning process:
- Degauss all hard drives in-house while the media in your company’s controlled, secure facility
- Physically destroy each hard drive in-house immediately after it is degaussed
- Maintain verified proof of data erasure and destruction