National Security Agency
The U.S. government's primary agency for the gathering of electronic intelligence, the National Security
Agency (NSA), has recently adopted a standard for full disk drive encryption based on the TPM. Published
NSA documentation cites how the agency has instituted full drive encryption in response to the broad
impact of data theft, the large variety of parties affect by such thievery, new legislation requiring
institutions to be responsible for data security and integrity, and changes in computing infrastructure and
user practices, all of which require both innovation in security measures and cooperation among branches
of the agency and other government agencies to protect stored data from theft and loss.
Following a practice long established with respect to incubating private industry, the NSA chose a solution
developed by the U.S. information technology industry. Also, the agency thought that using TCG
architecture would help ensure compatibility among and reliability of its vast array of PC clients. Benefits
of the architecture that the NSA cited for putting the encryption function on the disk drives included cost
effectiveness based on economies of scale, transparency in the sense that encryption implemented directly
on the drive would have zero performance impact, and the ease with which the standard architecture could
be sustained in future disk drive products.
The agency described some of the details of its implementation. Since access control is set by default to
"off," user action is required to achieve security. When a new PC is deployed, the user must set his or her
password to lock the drive. Thus, the solution depends on a robust set of institutional policies to support
drive encryption, including education for users and IT support personnel. The agency chose this method so
that users wouldn't find themselves locked out of drives before setting up their own access.
