Secure Data Destruction
I recently spoke at ChCon 2019 about data destruction, and what requirements are around data destruction for government in New Zealand.
Why does data destruction matter?
We store large amounts of personal and business information on our devices, but what do we do when we get rid of these? Do you consider what level of encryption was on your laptop before you sell it on TradeMe? How did you erase your data before you give your mate your old external hard drive? Are you confident that data was removed appropriately on your old cellphone before you threw it in the recycling? Do you think all of your service providers thought through these questions before they got rid of the multitude of hard drives in their data centers holding all of your confidential information?
Retrieving data of a hard drive without encryption that has simply been deleted or formatted is a trivial task. Using a tool such as Foremost on Linux, and an external hard drive caddy, you can start retrieving deleted photos, invoices, letters and spreadsheets off second hand drives within minutes. Formatting a disk does not actually remove data, but instead simply removes indexes to that data, meaning this is still easily accessible to widely available tools.
But what about encryption?
A simple answer to this is encrypting your data, however it's not always done as often as you may think. While operating systems are starting to encrypt data at rest by default (the current versions of Chrome OS, Android and iOS), major operating systems such as Windows 10, Mac OS X and Linux all have this as an optional step. This highly increases the likelihood that someone can get their hands on your data if they get an old hard drive that wasn't appropriately disposed of.
What are my options?
There are multiple options, and not all require physical destruction of drives, but what you want to do will depend on your level of comfort and the sensitivity of the data on the drives. Options include:
- Formatting your drive and overwriting with 0's and 1's. All major operating systems come with this built in. For example in Windows "format [drivename] /P:4" will overwrite data on the drive 4 times, and in Linux "dd if=/dev/zero of=/dev/sdb" will do the same.
- Degaussing the disk. This involves using either a physical, or electro magnet and changing the magnetic field on the disk, however only works on magnetic media and not solid state drives.
- Heat. Aluminum and glass, both used for platters in hard drives melt at 660 Celsius and 1400 Celsius respectively.
- Hammer mill/ Disintegrator. Both of these options are mechanical destruction methods used to crush hard drives and hardware. As these are generally large machines they are generally limited to commercial situations, and depending on the specifications of the machine can create waste to as small as 3mm.
- Sanding, cutting and drilling. All of these are possible to do at home, and are often used for personal devices. A flap disk on a sander is an easy way to destroy a hard drive platter, or a drill through a hard drive enclosure will reduce the likely of getting access to data greatly.
What are the requirements for data destruction?
Section 13.5 of the New Zealand Information Security Manual (NZISM) contains the requirements for destruction of data for NZ government. Destruction requirements depend on the type of media, and classification of the data however heat, hammer mills and disintegrators are determined appropriate for any media type. It should be noted however, to un-classify data appropriately the output of the destruction must result in pieces less than 3mm in size. It is also noted that if you outsource destruction you MUST use an approved facility to do so. Currently there are 2 providers in New Zealand who can provide this service and meet this requirement, as highlighted on the GCSB website.
Summary
There are a multitude of ways to ensure others can't access your sensitive documents and data, however it depends on how importance of these to you as to how you want to protect it once the hardware it resides on is no longer needed. Depending on the confidentiality of that data, a format may meet your needs, however there are a number of physical destruction methods and facilities available if required.
Some of you don't know Darik boot and nuke for hard drive erasing and it shows. Awesome summary Peter!
A tidy summary Peter. However from a quick glance at 13.5 of the NZISM you provided a link to it appears any SSD or EPROM that has contained Govt data must be sanitized by destruction. While this is undoubtedly a thorough position from a pure security perspective the investment of a bit more time/effort/budget (I note some of the reference material is more than a decade old) into a more granular policy might be worthy given the financial impact of that policy on the taxpayer? That can of worms aside what happens to all the SSD and EPROM 'in the cloud' that contain Govt. data and sit outside the boarders of that legislation?
Great information - now if only these agencies would handle the management of data and devices under NZISM we might have a resemblance of security awareness