BOOK A DEMO
Organizations
Organizations we support
Military
Defense Community
Sensitive and Classified Materials at the Edge
Learn More
dib-star
Defense Industrial Base
Safeguard Sensitive and Classified Data at the Edge
Learn More
Intel (2)
Intelligence and Special Ops Community
Secret Data in Extreme Environments
Learn More
FedCiv-2
Federal Civilian Solutions
Protection of Sensitive Data from Lost Device and Remote Attacks
Learn More
Local or Remote Admin
Commercial Solutions
Data Protection for the Modern Workspace
Learn More
Looking for Customer Support? CLICK HERE
How We Help
How We Help
Frame 86
Meet Compliance
Meet CSfC for DAR Сompliance Meet FIPS 140-2 Сompliance Meet Compliance
Frame 86(1)
Capabilities
Full Drive Hardware Encryption Multifactor Authentication Verified Data Erasure Features
Immutable Insider Protection - Cobalt Blue 1
Use Cases
Protection for Advanced Data Recovery Protecting for Remote Data Attacks Custom Data Protection Solution
Looking for Customer Support? CLICK HERE
Devices
Devices we protect
Prevent Ransomware & All Other Attacks - Cobalt Blue 1(1)
PCs
Learn More
Frame 84
Servers / Enterprise
Learn More
Frame 85
External Media
Learn More
Industrial Control Systems
Industrial Control Systems
Learn More
Frame 87(1)
Unmanned Vehicles
Learn More
Portfolio
Products
Learn More
Looking for Customer Support? CLICK HERE
Partners
Who we partner with
Handshake
Partnership
Cigent Ecosystem of Device and Service Partners
Learn More
Looking for Customer Support? CLICK HERE
Assets
Resources
Downloadable Assets
Whitepapers, eBooks, Infographics, and More
Access now
Blog
Read articles on all things cyber security.
Learn More
Looking for Customer Support? CLICK HERE
Company
Learn More About Cigent
Cigent Commercial Solutions Company Overview Investors Careers Customer Support
News from Cigent
4 min read
Edge Computing Requires Edge ..
Discover best practices for protecting sensitive ..
4 min read
Prevent Data Security Issues with ..
Explore how disk cloning and data destruction can ..
See all articles
Looking for Customer Support? CLICK HERE
Contact
Looking for Customer Support? CLICK HERE
Menu Close
BOOK A DEMO
Devices - Unmanned
Unmanned Vehicles

Data Protection Solutions for Unmanned Vehicles

UxV store and collect sensitive and classified data. Their mission parameters guarantee many will be recovered by adversaries. Unauthorized access to UxV data will have significant consequences. Adversary may gain unauthorized access to algorithms compromising UxV efficacy and access sensitive mission information including location, tactics, targets, and capability data.

Cigent protects data on UxV with layered security features that prevent unauthorized data access.

Book a Demo
Challenge

Unauthorized access to UxV data will have significant consequences.

Adversary accessing UxV algorithms can:

  1. Gain insight into ATR (Automated Target Recognition) criteria. Utilize to modify configurations undermining UxV efficacy.
  2. Compromise the efficacy of swarms with automated reactions. Utilize algorithms to understand and develop countermeasures.
  3. Degrade the effectiveness of PNT (Position, Navigation, and Timing) algorithms used to map the terrain in GPS-denied environments.
Adversary accessing mission information, including location, tactics, targets, and capability data.

Untitled design (37)
Data at Rest Encryption

Data at Rest Protection

Data security is fundamental to preventing unauthorized access to data at rest (DAR). UxV data is secured with three layers of encryption, including both hardware and software encryption. The solution meets NIST, FIPS, and CSfC DAR compliance requirements.

Prevent Ransomware & All Other Attacks - Cobalt Blue 1

Critical Data Protected from Attacks

Cigent protects UxV data from advanced data recovery, malware, and denial-of-service attacks. Protection includes zero-trust access controls and isolated storage partitions, ensuring constant, secure availability of critical data only by trusted users and applications.

Frame 93 (2)

Data Sanitization.

UxV operations make data destruction an essential element of each mission. Cigent implements erasure in seconds via crypto wipe, full block-level erasure, and firmware-based verification, ensuring UxV with remote and automated execution capabilities.

Efficient Administration

Insider Threat Mitigation

Reducing the risk of insider threat requires controlling access and monitoring activity. Separate partitions provide for the segmentation of data and controlling access to required personnel. Data access logs provide an uncompromised record of activity that can be exported for analysis and event forensics.

See Cigent in Action
Layout 1
Portfolio

Secure Storage Solutions for Unmanned Vehicles

Cigent is unique in its ability to provide an array of protected storage designed to meet the rigorous environment of unmanned vehicles.

01.

Secure Drive 2230 SSD Alpha.

Meets automotive temperature standards (-40 to 105 C). Features include hardware encryption with PBA, software encryption, hidden partitions, and data sanitization.

The Secure Drive 2230 is undergoing NSA validation, including PBA and FDE software for inner and outer layer CSfC protection.

02.

Secure Drive SSD BGA Encrypted Alpha.

Meets automotive temperature standards (-40 to 105 C). Features include hardware encryption, enterprise management, cloning and wipe prevention, data erasure, and crypto and full-block erasure.

03.

Secure Drive SD Encrypted Alpha.

Provides 64 GB of storage and meets industrial temperature standards. Features include hardware encryption, enterprise management, hidden partitions, cloning and wipe prevention, data erasure, and crypto and full block erasure.

04.

MicroSD Encrypted Alpha.

Provides 64 GB of storage and meets industrial temperature standards. Features include hardware encryption, enterprise management, hidden partitions, cloning and wipe prevention, data erasure, and crypto and full block erasure.

Features

Unmanned Vehicle Solution Capabilities

Cigent provides a layered approach inclusive of secure storage, firmware-rooted capabilities, and data access control software that secures UxV data.
Data at Rest Protection
Data at rest (DAR) protection is provided with multiple security layers, using a defense-in-depth strategy to protect data from all adversarial attack vectors during all operational scenarios.

Hardware Full Drive Encryption. Encryption is AES-256 and FIPS compliant in accordance with the TCG (Trusted Computing Group) Opal 2.0 or similar guidelines. Storage may also adhere to the FIPS 140-2 Level 2 requirements, including using epoxy on the drives.

Locked Ranges. Ranges are defined segments of data storage that are monitored and protected independently. To protect data from attempts to wipe, clone, or view data at the hex level storage ranges are locked at the firmware layer, rendering the ranges/data unreadable by cloning tools and hex readers.

Pre-boot Authentication. Pre-boot authentication (PBA) provides a secure user authentication platform on the device that is fully protected at rest. Properly configured PBA prevents adversaries from circumventing encryption by manipulating the boot process.
ADR Protection
Advanced data recovery (ADR) are sophisticated methodologies used to extract protected data. Examples of ADR include chip off, HEX reader, and utilization of an electron microscope.

All storage utilizes hardware encryption. If an adversary removes the data from the drive with advanced techniques, the data remains in an encrypted state. Without the decryption key, adversaries will be unable to decrypt the data.

The key will not be stored in its entirety anywhere on the drive and the pieces of it that are stored on the drive will be encrypted. Between these two measures, the key cannot be accessed or recreated.

Secured Firmware. In addition to the encryption capabilities, the storage firmware has been modified to resist advanced threat vectors. SSD firmware has been modified to meet compliance with FIPS 140-2, NIAP Common Criteria FDE_EE standards, and CSfC DAR Capabilities Package 5.0 requirements. Including:

Standalone approved cryptographic algorithm certification, power-on self-tests of all cryptographic algorithms, a module entering error states when any cryptographic function fails, NIST-approved methods for cryptographic key generation and using approved techniques for the generation of random bits, and minimum entropy of hardware random bit generator evaluated according to SP 800-90B, and tamper-evidence protection.
Protection while Device Is In-use / Malware Prevention
Methodology and technology designed and tested for UxV will not impede operations while mitigating risk of unauthorized data exfiltration and minimizing malware compromise and eliminating risk of spread. Cigent utilizes separate ranges that can segregate system files, mission data, and reconnaissance information, limiting access and mitigating risk of malware introduction.

Locked Ranges. Devices can be configured where data, software, and configuration files can be stored separately, providing the ability to create “read-only” secure enclaves where software and configuration files will be sequestered. Devices will still be able to “write” collecting and processing data as their role requires. These partitions will also enable access controls defined by user requirements.

File filter driver. Once the O/S loads a file filter driver will be initiated. The file filter driver will provide a layer of runtime protection ensuring only appropriate (allow list) apps and processes can access and save files, preventing malicious access, data extraction, and compromise (such as modification, deletion, overwriting, etc.)

App Whitelisting. The appropriate file or application for accessing a file can be allow list preventing the MFA prompt. This ensures proper execution of the system functionality, while simultaneously preventing malicious access and data extraction.

OS partition. The O/S partition will further be mounted in read-only mode. This will ensure malware is not loaded on this partition and a reboot process will reload the system into a known good state.
Insider Threat Protection / Data Access
Mitigation of risks associated with malicious insiders includes preventive protection and protected log files of data activity.

Data Access Control. Access is controlled with 2FA/MFA. In the event an adversary attempts to access files in an unauthorized manner, a prompt will be displayed, requiring the user to authenticate. If they are unable to authenticate, they will not be able to access the file. An adversary attempting to access a file will not disrupt the allow list apps or processes from accessing the file. All access log attempts will be stored on the system in a secure location in a special log file designated for this purpose.

File Level Encryption. Preventive protection is delivered through file level encryption that encrypts data collected and stored on UXV devices. File level encryption sustains encryption protection if data is removed from the device. The approach prevents an insider from exfiltrating data in clear text.

Secure Data Logs. All data access is captured in secured logs with restricted access. Logs can be utilized to detect malicious insider activity and for post-recovery evaluation.

Both system and firmware logs can be captured and uploaded to the enterprise management software for reporting, analysis, and suspected insider threat alerts. These can also be exported to a SIEM for ongoing analysis. Both system and firmware logs can be captured and uploaded to the enterprise management software for reporting, analysis, and suspected insider threat alerts. These can also be exported to a SIEM for ongoing analysis.
Data Sanitization
Data on UXV that are repurposed or at end-of-life needs to be sanitized. The sanitization solution will include the ability to both erase and verify data has been erased. The solution may provide an alternative to physical device destruction and can be used in emergency situations.

Crypto and Block Erasure. Crypto erase deletes encryption keys thereby rendering data permanently inaccessible. Block erase utilizes an electrical charge to erase data.

Verified Data Erasure. Firmware immediately verifies that all data has been erased with block-by-block analysis. Block erasure can be automatically re-run until all data is successfully sanitized.

Sanitization Execution. Sanitization command can be initiated manually either locally or remotely or utilizing automated requirements. For example, if connectivity is severed or an UxV falls below a pre-determined altitude sanitization can be set to execute.
Maintenance and Updates
An effective data protection solution requires methodology for updates and management. Cigent capabilities include maintenance PCs, servers and external media to support secure and efficient maintenance and updates. This is to mitigate risk of the insertion of malware on UxV devices, the malicious utilization of these devices to exfiltrate data, or protection of data if a compute device is lost or stolen.
Untitled design (37)-1
Tagline

The Cigent Advantage

Cigent is prepared to support your mission, navigating the complex compliance requirements to protect data at the edge. Its solutions were developed for and with US Federal agencies with deep expertise in data protection. Cigent protections have been thoroughly tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).

To ensure availability and provide flexibility, Cigent works with leading drive manufacturers including Digistor, Kanguru, and Seagate and Cigent offers our own branded drives.

Rectangle 3(2)
datasheet

Protect Unmanned Vehicles

All Cigent Secure Storage provides AES-256 full drive hardware encryption with additional data protection to support unmanned vehicle operations.

Download the Datasheet
Cigent - UxV Data Sheet_V2
Resources / Blog
More from Cigent
View all
4 min read

Edge Computing Requires Edge Security: Best Practices for Protecting Sensitive Data at the Edge

Discover best practices for protecting sensitive data at the edge with Cigent's insights ..

Read more
4 min read

Prevent Data Security Issues with Disk Cloning & Data Destruction

Explore how disk cloning and data destruction can prevent security issues. Learn how to ..

Read more
Blog 4 min read

FIPS 140-2 & FISMA — Understanding Cybersecurity Compliance for Cryptography Modules

Learn about FIPS 140-2 and FISMA compliance for cryptography modules, essential for ..

Read more

Frequently Asked Questions

Check out the answers to some of most frequently asked questions about Cigent, what we do, and how we do it. Don’t see your question on the list? Click the BOOK A DEMO button in the top right corner of your screen to learn more about us during a custom demo.

Why is it important to protect data on Unmanned Vehicles?

Unmanned vehicles collect, process, and warehouse significant data. This data can include mission information, data gathered during the mission, algorithms and other proprietary information enabling the vehicle. Unmanned vehicles are operating in uncontrolled environments where they risk being compromised through accidental loss or intentional actions. Even in the event of a physical accident any sensitive data is likely still accessible. To ensure the integrity of data on the vehicle it is imperative that robust protections are in place.

Why do I need hardware encryptions vs relying on software encryption?

Protecting sensitive data from advanced threat actors requires layers of protection. Software encryption provides a basic level of protection but can be defeated using a variety of techniques and technologies. This is why the NSA, DISA, NIAP and other leading experts require full drive hardware encryption to meet standards including CSfC for data at rest and FIPS 140-2. Ideally organizations use a combination of software and hardware encryption with pre boot authentication and multifactor authentication providing layers of protection that can defeat the most sophisticated threat actors.

What types of storage does Cigent offer for Unmanned Vehicle?

Cigent provides multiple secure storage to support Unmanned Vehicle operations. These include M.2 2230 SSD that provides full drive hardware encryption, the ability to create up to eight separate hidden partitions, and patented verified data erasure. Additionally, Cigent offers SSD BGA with full drive hardware encryption, the ability to create hidden partitions, and remote and policy data erasure. Both of these drives have Automotive temperature ratings. Additionally, Cigent provides the flexibility and security of hardware encryption on SD and MicroSD cards. These also include the ability to create hidden partitions and data erasure and have Industrial temperature ratings.

Has the Cigent solutions been validated by external organizations?

Yes, Cigent protections have been thoroughly tested and validated by leading Federal agencies including MITRE, NIST, NSA, NIAP, the Air Force, Cyber Resilience of Weapon Systems (CROWS), and NSSIF (UK).

Still have questions?

Learn more about Cigent and our solutions by downloading our company overview.

DOWNLOAD COMPANY OVERVIEW
Card

Cigent’s Federal Data Protection Solutions are second to none

Learn more about how Cigent can help you achieve your mission and protect data at rest and data on the edge from all forms of attack.

Schedule a Demo