Kristen Smith
Federal agencies are boosting hardware security as they begin to adopt post-quantum cryptography, a stronger encryption standard designed to withstand quantum computing, which could crack traditional encryption, according to an opinion piece published on FedTech on Wednesday.
What Hardware Security Does
Hardware security, or hardsec, protects the physical components of devices and helps guard sensitive data and cryptographic keys by blocking unauthorized access or tampering. Unlike software tools, hardsec provides security at the core of devices.
Tommy Gardner, chief technology officer at HP Federal, said people immediately focus on software when it comes to cybersecurity due to several vulnerabilities. “People don’t understand the same principles and the same attack vectors reside in hardware,” he said. “You need to build trust in your system, and in your network.”
Hardsec can be implemented using trusted platform modules and hardware security modules.
Gardner stressed that hardware security should come first. “That’s the first decision in the security chain: Are you evaluating the hardware?” he said. “If it’s not secure, the rest of the features don’t matter.”
Hardsec, however, is challenging for agencies responsible for protecting sensitive information and critical government systems. “The problem is that procurement should be based on true best value, but it is often relegated to the lowest cost technically acceptable,” Gardner stressed. “In certain parts of government, you just can’t live with second rate. You have to demand the best on the market, especially in the intelligence community and Department of Defense, the Department of State for critical infrastructure, and Homeland Security.”
