A Master List of Trenton Systems' Cybersecurity Advantages & Solutions
by Brett Daniel, on Feb 23, 2021 4:48:44 PM
Graphic: Trenton Systems cares about the security of your computing solution. It's why we place great emphasis on internal cybersecurity practices and investing in cybersecurity solutions that protect each layer of your server or workstation, in an all-hands-on-deck effort to fortify your system against both hardware-based and software-based cyberattacks.
Trenton Systems is dedicated to cybersecurity. We have and are continuing to put in place hardware and software processes, practices, and procedures that help verify the security of your system during every step of its build.
Examples of these processes, practices, and procedures include supply chain security measures, which help us validate the security protections and quality management systems of our suppliers, as well as help prevent supply chain attacks; a Counterfeit Protection Program (CPP), which detects, identifies, and removes potentially security-compromised and counterfeit electronic parts; partnerships with Intel that allow us to incorporate the company's security technologies for hardware, firmware, and software; and the fact that we're made in the USA in one secure facility and compliant with the TAA.
Our computing solutions can be configured with a slew of hardware-based and software-based cybersecurity protections, many of which our competitors can't match.
We've listed these advantages and solutions in this blog post and will update the list as we continue to incorporate additional protections that safeguard your sensitive information.
1. Made in the USA
Given recent revelations regarding hardware hacks perpetrated by foreign adversarial governments, we truly can't stress this advantage enough.
We've pasted the following statement into our promotional materials hundreds of times and for good reason. We believe that acquiring a made-in-USA high-performance computer from a trusted manufacturer housed in a vetted and secure facility is vital to the good cybersecurity hygiene of your mission-critical infrastructure.
Trenton Systems designs, manufactures, assembles, integrates, tests, and supports its cybersecure, high-performance computing solutions in Lawrenceville, Georgia, United States of America.
Having authority over each of these processes diminishes outside access to your system and the number of different - potentially compromised - facilities to which it must travel.
In just one facility, you've got a trusted set of eyeballs and ESD-protected hands on your computer.
By purchasing made-in-USA, you significantly reduce the likelihood that your HPC becomes compromised by nation-state forces seeking to steal your data and weaponize it against you and your business, organization, or agency.
2. Revision Control
Trenton Systems has control of its hardware down to the minutiae, and that includes hardware revision control.
We have a living, breathing Approved Vendor List (AVL), comprised of thousands of engineer-vetted parts, that we use to manage your computer's life cycle and facilitate the secure integration of any alternate parts.
This list tracks two things primarily:
- The primary part - the part that we've approved for use in your system
- The alternate part - the part that we've already researched, vetted, and confirmed would be compatible with your system should the primary part become obsolete
Maintaining and constantly monitoring this list secures our supply chain proactively by allowing us to vet and purchase replacement parts ahead of time, usually when we're first made aware that a component may be reaching end-of-life.
If we didn't meticulously monitor and add to this list, we'd have to scramble to find replacement parts for your system, which may ultimately jeopardize its security.
3. BIOS Control & Customization
Trenton Systems employs in-house software engineers who work directly with BIOS source code to create firmware security tweaks and enhancements, such as USB port and optical drive disablement during boot time.
Being able to customize the BIOS also allows us to make all sorts of security fixes, tweaks, and updates related to the Intel Management Engine (ME), Intel Active Management Technology (AMT), and Unified Extensible Firmware Interface (UEFI) specification.
In addition, our longtime partnerships with Intel and AMI allow us to implement updates from these companies quickly and efficiently, ensuring that you have the latest security patches for your system.
The key takeaway here is that we have significant control over the BIOS, which gives us the authority to not only suggest firmware security enhancements for our security-conscious customers but also provide our customers with the choice of tweaking the BIOS based on their own security-related requirements.
4. Intel Platform Firmware Resilience (PFR)
Intel Platform Firmware Resilience (PFR), a firmware security solution that uses an Intel Field-Programmable Gate Array (FPGA) to protect your system's firmware from malware, zero-day exploits, and unauthorized tampering, will be offered in the security packages of some of Trenton Systems' forthcoming computing solutions.
The FPGA helps protect the firmware by attesting that it is safe prior to executing the code.
- Intel, Third Generation Intel Xeon Processor Scalable Family Technical Overview
With PFR, suspicious activity is detected and blocked, and the system is able to default the system back to a known good condition.
In addition, PFR helps customers achieve compliance with NIST SP 800-193, which defines strict requirements for protecting system-level firmware.
5. Intel Software Guard Extensions (SGX)
Intel Software Guard Extensions (SGX) is a CPU-based security instruction set found in many of Intel's Core and Xeon processors. It works by creating secure enclaves within memory into which users' sensitive information is placed.
SGX protects against common cyberattacks by reducing the attack surface of servers and workstations through its use of encrypted portions of memory, which protect sensitive information from processes running at higher privilege levels.
Protected sensitive information could include:
- Financial records
- Medical records
- Classified information
- Controlled unclassified information (CUI)
- Encryption keys
- Any sensitive information that needs to be secured
In the case of other system layers, such as the BIOS, becoming compromised, SGX still protects sensitive information, as the data stored within the enclave is inaccessible to unauthorized users and safe from alteration or theft.
6. FIPS 140-2 Self-Encrypting Drives (SEDs)
FIPS 140-2 self-encrypting drives (SEDs) help Trenton Systems' customers achieve data-at-rest protection by encrypting and decrypting sensitive data automatically on hard disk drives (HDDs) and solid-state drives (SSDs).
The SED's hardware-based encryption mechanism protects against common software-level attacks by encrypting your data and storing encryption keys within the drive itself, rather than in memory, where it could be hijacked by a hacker employing a software-level attack.
Another essential part of using an SED properly is setting a drive password and storing it in a secure place; otherwise, you're just leaving your information vulnerable to a physical-access attack. Thankfully, Trenton's support team can help you with properly authenticating your SED.
Trenton Systems takes SEDs a step further for its military and government customers by helping ensure that their drives are compliant with FIPS 140-2, a government computer security standard for securing and validating cryptographic modules.
We even partner with FUTURA Cyber for encryption key management solutions to further ensure the security of your drive's data.
7. Counterfeit Protection Program (CPP)
Trenton Systems has a thorough Counterfeit Protection Program (CPP) in place. The CPP is aimed at detecting, identifying, documenting, and removing counterfeit electronic parts that could compromise the security of your computing solution.
We've observed high-profile hardware-based infiltrations over the past few years, and it's clear that hackers are focusing more and more on supply chain attacks and physically modifying hardware to surreptitiously access to governments' and corporations' sensitive information.
The CPP allows Trenton to identify, report, and remove potentially counterfeit electronic parts before they ever make their way to into your system, or our facility, for that matter, where they can wreak havoc on your infrastructure and steal or expose information that must be kept private at all costs.
Trenton also adheres to AS5553 and ARP6328, which focus on avoidance, detection, mitigation, and disposition of counterfeit electronic parts.
8. Supplier Quality Surveys
Trenton Systems has a thorough vetting process for its suppliers, which helps protect your system from potentially compromised software applications and electronic parts. This process involves validating our suppliers' quality control systems and certifications and other vetting practices.
Our supplier quality surveys include a five-page questionnaire and evidence-based documentation process for determining whether a supplier meets certain quality standards, capabilities, and ultimately, whether they're a trusted source with whom to do business.
By meticulously vetting each supplier, we ensure that your system has even further protection against hardware and software that could undermine your cybersecurity protections, access your sensitive data, and cause widespread harm to your agency, department, business, or organization.
9. CMMC Compliance
Trenton Systems is in the process of obtaining its Cybersecurity Maturity Model Certification (CMMC).
CMMC Level 3 requires that an organization establish, maintain, and resource a plan demonstrating the management of activities for practice implementation. The plan may include information on missions, goals, project plans, resourcing, required training, and involvement of relevant stakeholders.
CMMC Level 3 also includes satisfying practices under Level 1 and Level 2 as well and specifically addresses the protection of controlled unclassified information (CUI), which the National Archives and Record Administration (NARA) defines as "information that requires safeguarding and dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies."
By obtaining our CMMC, Trenton Systems will be able to offer its customers even more assurance of its internal cybersecurity practices.
10. TAA Compliance
Trenton Systems is TAA-compliant, meaning that its computing solutions are manufactured or substantially transformed in the USA or manufactured in a TAA-designated country.
The Trade Agreements Act (TAA) of 1979 lets program management offices limit their procurement of goods and services to products that are manufactured or wholly transformed in the USA or a TAA-designated country. TAA compliance is a requirement for many of our government customers.
Although there is no official TAA certification, internal verification is a must, as the responsibility of verifying TAA compliance rests with the contractor or supplier that must comply with the TAA.
As such, Trenton is happy to provide evidence that its computing solutions are manufactured or substantially transformed in the USA or manufactured in a TAA-compliant country.
You can also view our TAA Compliance Statement here.
11. Titanium Security Suite
Trenton Systems partners with Star Lab, a Wind River company, to offers its customers their multi-layer Titanium Security Suite.
The Titanium Security Suite, comprised of Titanium Linux, Titanium Secure Hypervisor, and Titanium Secure Boot, is the most robust system-hardening and security capability available on the market for operationally-deployed systems.
It ensures that your computing solution is:
- Secure at rest
- Protected during boot
- Hardened at runtime
The TSS also adheres to common cybersecurity standards and requirements, including DoD anti-tamper requirements, STIG, DODI 8510.01, NIST SP 800-53, and FIPS 140-2.
12. Computational Storage Drives (CSDs)
Trenton Systems partners with NGD Systems, which allows the company to incorporate ruggedized computational storage drives (CSDs) into its computing solutions.
With NGD's CSDs, data is processed directly on the storage drive, which reduces the amount of data transmitted to the host system, reduces latency, but most importantly, increases security.
Processors located within the CSD's drive controller carry out the processing of the data within the drive, ensuring that much of the data never even leaves the CSD for processing by the host system. Less data is being transmitted to the host system, which means less of it is up for grabs by hackers.
13. CSfC, ITAR, & ISO9001 Adherence
Trenton Systems adheres to the National Security Agency's (NSA's) Commercial Solutions for Classified (CSfC) Program, International Traffic in Arms Regulations (ITAR), and complies with international standards for an ISO9001 quality management system.
Adherence to and compliance with these programs, regulations, and standards allows us to consistently provide high-quality computing solutions that satisfy common security and regulatory requirements.
For more information on CSfc, ITAR, and ISO9001 visit our Policies and Government Information webpage or the links below:
- Commercial Solutions for Classified (CSfc) Program
- International Traffic in Arms Regulations
- ISO9000 Family of Quality Management
14. 45-Day Loaner Program
Curious about the security of our computing solutions? Try our 45-Day Loaner Program.
You can borrow one of our computing solutions free of charge for 45 days and run as many security-related tests as you want. Our support team will also be there to assist you with any questions or issues you may encounter.
Using our 45-Day Loaner Program helps you verify whether you're acquiring a competently cybersecure computing solution that fits nicely into your already-established and vetted cybersecurity infrastructure.
If you're interested in participating, let us know. We'll guide you through the process every step of the way.