Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
The SafeLogic Blog
The Need for Speed
October 6, 2015 •Walt Paley
The Miramar Air Show was this weekend, a highlight of the year for Southern Californians. Bay Area flight enthusiasts will get their own dose of the Blue Angels this weekend at Fleet Week San Francisco, before the iconic jet team heads to Oahu and then closes their season with dates in Georgia and Florida. I like to think that our San Diego event holds a special place in the hearts of these naval aviators, since Marine Corps Air Station (MCAS) Miramar was the setting for the film that still reigns #1 among pilots - Top Gun. I could have walked up to any of the soldiers on the base and asked if they 'felt the need for speed' and gotten a high five, or asked if they had 'lost that loving feeling' and gotten serenaded. Forget that Maverick and Goose first inverted to 'keep up foreign relations' years before this generation's hotshot pilots drove a car, let alone flew a plane; Top Gun is still the most effective two hour recruiting tool in the Navy.
Bottom line - the air show was awesome. My son had a blast (the Shockwave jet truck was a big hit) and I was left with the same patriotic awe and inspiration as years past. I'm still thunderstruck by the engineering feats that we have achieved, as a country and as a species.
I'm also equally blown away by our continually jaw-dropping idiocy. Chatting with one of the aforementioned millennial pilots (I'm no senior citizen, but this kid was definitely born during the Clinton administration), he told me that while some of his superiors had received iPads for flight plans, he had not. When I pressed him, he admitted that he used his own personal iPad... with a handy app that he had downloaded from the App Store, of course. I was flummoxed. Yes, the app (which shall remain nameless) has an excellent reputation and yes, it has a specific setup for military usage, including a worldwide library of Department of Defense Digital Flight Information Publications (D-FLIP) terminal procedures, airport diagrams, enroute charts and publications. Very handy.
But who is authorizing this? Or rather, who is looking the other way on this? I'm not suggesting that the app is corrupt (although they fail to include FIPS 140-2 validation). I recognize that the pilots are supposed to download their relevant data before takeoff and disable cellular signal while in flight. Good rules of thumb. But how about that GPS chip in the tablet? That's a major tracking beacon that has not been officially sanctioned. Or what if someone has hacked the app and is enjoying a MITM attack, collecting all user destination data? In that case, they could theoretically isolate the military users, even the type of plane and originating location. Gee, that wouldn't be helpful information at all.
iPads have been a huge boost to efficiency and modernizing the habits of pilots, both the military and civilian. I'm not disputing that. In fact, I've been a major advocate. That doesn't mean that unbridled BYOD is okay, let alone encouraged. It's a tight margin for error and it's shrinking. We need to address it, because it's not just the 20-something pilots that want it yesterday already, it's every customer, big and small.
New solutions are a balancing act and always have been. We constantly have to be vigilant, weighing the advantages of the technology with the compromises that we recognize in the current version before we can feel comfortable deploying it in sensitive environments such as the military. This is a recurring theme in our CEO's talks nationwide at security and technology conferences. It's just not enough to build something better - it has to be secure. And it's not enough to build something secure - it has to be ready faster. And if it's secure and fast? Yes, it's gotta be better than what's already out there.
As a technology vendor, you need to enter production faster. Getting bogged down in the FIPS 140-2 process is a fools' errand, but we definitely have it figured it out. Build your product, add CryptoComply, move fast, beat your competitors, and win market share.
If you've got the need for speed, then you need RapidCert.
P.S. - Top Gun 2 is in the works, bringing back Tom Cruise as Maverick. Seriously.
Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (111)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (18)
- OpenSSL (16)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- healthcare (12)
- partners (12)
- NSA (11)
- post-quantum cryptography (11)
- Cloud (9)
- PQC (9)
- security (9)
- CMMC (8)
- Suite B (8)
- testing (8)
- whitepaper (8)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- lab (6)
- CEO (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- iOS (5)
- procurement (5)
- C3PAO (4)
- Common Criteria (4)
- HITECH Act (4)
- deadline (4)
- encrypt (4)
- innovation (4)
- procure (4)
- public sector (4)
- Air Force (3)
- BSAFE (3)
- DFARS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- OpenSSL 1.1.1 (3)
- OpenSSL 3.x (3)
- POA&M (3)
- TLS 1.3 (3)
- magazine (3)
- queue (3)
- transition (3)
- 3PAO (2)
- ACVP (2)
- BAA (2)
- CIO (2)
- CSP (2)
- Cyber Defense Magazine (2)
- Defense Industrial Base (2)
- HIPAA security controls (2)
- Historical Status (2)
- MFA (2)
- OpenSSL 1.0.2 (2)
- SPRS (2)
- StateRAMP (2)
- entropy (2)
- excellence (2)
- finance (2)
- founder (2)
- gold (2)
- leader (2)
- maturity (2)
- overlap (2)
- pilot (2)
- rsa conference (2)
- solution (2)
- sponsors (2)
- sunset (2)
- vendor (2)
- year (2)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- CIO Prime Views (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DOJ (1)
- DoDIN APL (1)
- Entropy Source Validation (1)
- FCA (1)
- FIPS Compliance (1)
- FISMA (1)
- GSA (1)
- HITRUST (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Maturity Model (1)
- NCCoE (1)
- OMB (1)
- SLED (1)
- SP800-131A (1)
- SP800-90A (1)
- TLS 1.1 (1)
- background (1)
- best (1)
- co-founder (1)
- codies (1)
- congress (1)
- cybertech (1)
- education (1)
- elliptic curve cryptography (1)
- extended (1)
- faq (1)
- fintech (1)
- fiscal (1)
- fiscal year (1)
- fraud (1)
- globee (1)
- hill (1)
- interview (1)
- kratos (1)
- libgcrypt (1)
- national cybersecurity strategy (1)
- opportunities (1)
- parallel (1)
- profile (1)
- public (1)
- representatives (1)
- reseller (1)
- senate (1)
- senators (1)
- simplify (1)
- state (1)
- stealth mode (1)
- story (1)
- terminology (1)
- trophy (1)
- whistleblower (1)
- whistleblowing (1)