How a Company Protects Businesses, Government Agencies with Cyber-Security

President Obama is ostensibly aware the U.S. faces two critical cyber-security issues that will not easily disappear.

They include:

1. Thousands of daily online attacks on IT security systems at key government agencies and financial institutions. The culprits? Attacks on public-sector agencies stem from global computer espionage. Organized crime is responsible for a dramatic, computer-fraud increase in the financial sector.

2. Precautions deemed necessary to protect the privacy of Americans means that privacy may have to take a back seat, despite assurances from the president.

Obama’s interim director of cyber-security,  Melissa Hathaway, told a gathering of officials from government and the private-sector that the nation is at-risk and that strategies to protect the U.S. was past-due. She made the comments at the Center for Strategic and International Studies, www.csis,org, a Washington-based policy research group.

In addition, dozens of payment processors and retailers have admitted countless data breaches – totaling nine figures – since 2005, according to the Privacy Rights Clearinghouse, www.privacyrights.org, the nonprofit consumer-information and advocacy organization.

Such shadowy developments warrant updating a 2007 Biz Coach column:

Along the Interstate-5 corridor near Tacoma, WA there’s an information-technology firm without signage in a non-descript office building. Inside, employees are busy developing highly secretive encryption tools used by U.S. government agencies. So much so, a visit to the business is reminiscent of a power-packed James Bond movie, “For Your Eyes Only.”

Twelfth in the Bond film series based on Ian Fleming’s short stories, the movie featured Roger Moore as Bond. Critics called it his greatest Bond work. The plot: Bond was assigned to find a missing encrypted gadget from a sunken British submarine before it fell into the hands of the Russians.

In my two visits to Vadium Technology, Inc., www.vadiumtech.com, the company was decidedly less spectacular than scenes in the memorable Bond movie, which included extreme adventures and exotic locales, it nevertheless underscored the high-stakes strategies in information-technology secrecy and security.

Vadium is a software and services company that offers products that encrypt digital data for your eyes only. Actually, there’s more technology to the privately owned company, which doesn’t publicly divulge its revenue or client base.

“Given the sensitive nature of these organizations, we are not permitted to disclose specific names,” said Lance Gaines, Vadium’s senior vice president of engineering. “We expect to add commercial clients who will be more willing to promote their use of Vadium’s products as a demonstration of their commitment to information security and privacy.”

The company’s anchor product is called AlphaCipher System, which stems from cipher and encryption ideas that are surprisingly 90 years old.

“AlphaCipher was originally designed for those situations where unbreakable security and privacy are absolutely unconditionally required,” said Gaines. “Built around the long established one-time pad (OTP) used in the intelligence community since 1917, AlphaCipher is the only cipher which provides absolute security and privacy for data at rest or in motion from all attacks regardless of the resources or time applied.”

Here’s how OTP evolved during World War I:

Gilbert S. Vernam, an engineer at Bell Labs in 1917, invented the stream cipher, an encryption process which makes use of algorithms. A captain in the U.S. Army Signal Corps, Joseph Mauborgne, later suggested improvements. Their ideas combined to form the process referenced by Gaines as OTP, which was patented in the mid-1920s.

In essence, OTP is an encryption-decryption method in which plaintext is used with a random key. It’s as long as the plaintext, but is used only once. Because OTP isn’t even used a second time and is kept confidential, it’s deemed unsolvable.

For example, Gaines suggested that the United States Government uses the OTP to protect its most sensitive information like the nuclear launch codes. 

“The resurrection of the one-time pad is extremely significant to the information security landscape,” said Gaines. “It gives Information-security practitioners a completely new tool and paradigm to protect core critical data.”

Gaines offers another analogy: “For those that understand the real threat on the Internet is a place to be taken very seriously, it is a Wild West environment, every person for themselves. If you protect the data the infrastructure security becomes less important. Firewalls and IDS are not doing the job to protect our core critical infrastructures.” 

IDS is an acronym for intrusion detection system, which detects unwanted computer-system manipulations.

He admits AlphaCipher is not a cure-all, but is intended for use with other security measures. “It is all about risk assessment and holistic security policies that implement an amalgam of appropriate tools for the tasks.”

The product is applicable for all files, folders, Outlook documents, text messages, and instant messenger from desktop computers to mobile and from mobile to mobile.

“AlphaCipher uses a unique encryption/decryption key that can be stored on any portable device, such as a USB flash drive,” added Gaines. “It can operate in either installed mode, where it is installed on a computer or in stealth mode where the application is executed from the portable storage device leaving no trail on the host computer.”

But that’s not all. Vadium also offers a more sophisticated system, AlphaCipher Voice.

“AlphaCipher Voice will provide protection for cellular phone conversations allowing users to have private conversations, which has been an elusive goal for a long time.” said Gaines. “The technology is also available for license as an SDK (software development kit), allowing organizations to truly mold the unbreakable OTP to their unique security environment.”

Although Vadium was launched commercially in 2001, its roots date back to 1987 with Wolfgang and Elizabeth Hammersmith, who envisioned a business opportunity in using OTP as computer software and hardware advanced.

Hammersmith is also inventor of the company’s AlphaCipher system. He’s considered an expert on security with international experience and his lifestyle resembles what would be a real-world Bond…James Bond. He holds various licenses: As a ship’s master, armed private investigator, and helicopter pilot. He plays chess, scuba dives and has ridden more than 1 million miles on a motorcycle over the last 45 years.

His co-founder wife, Elizabeth, who is on the company’s advisory board, has similar hobbies and skills. In fact, her bio says she received a helicopter pilot’s license as the youngest woman in the nation. 

Note that Gaines is also a good salesperson. Note his benefit statement and prevention of buyers’ remorse: “AlphaCipher is designed to let you express your unique security and privacy policy with absolute confidence delivered.”

From the Coach’s Corner, if you’re planning an overseas trip, here’s a tip about health care and travel abroad:

Many insurance companies will pay for your immediate care if you have a medical emergency in another country, but they won’t pay for your transportation home. An air ambulance can cost you as much as $100,000 to be flown home.

While it’s not really insurance, several companies sell memberships to pay the cost of emergency trips for a nominal charge.

If necessary, Overseas Citizens Services in the State Department will loan money to traveling Americans so they can get home. For more information, contact the nearest consulate or embassy, visit online at www.travel.state.gov/about/info/info_308.html, or dial (202) 501-4444.