U.S. National Security Agency Approves Spyrus Hydra PC

SPYRUS, Inc. announced that the patented SPYRUS Hydra Privacy Card Series II (Hydra PC) Personal Encryption Device is the first and only commercially available Suite B On Board encryption product that is approved to protect tactical data in accordance with CNSS Instruction 4009 at the Secret level and below, when used with the approved operational security doctrine.

Continuing its innovation and leadership in the field of high-assurance security products, the SPYRUS Hydra PC successfully completed a detailed review by the National Security Agency (NSA) against strict security requirements for protecting data at rest in a personal USB memory device. No other commercial-off-the-shelf (COTS) personal USB encryption device has ever passed such a groundbreaking review or met these strict security requirements. The Hydra PC is also validated to FIPS 140-2 Level 3.

Until today, government and business organizations handling classified data were limited to expensive Type-1 encryption devices. As the only approved commercially available USB encryption product, the pocket-sized Hydra PC is an extremely cost-effective alternative to Type 1 products for securing classified data. It is exempt from Type-1 device lifecycle procedures – and the personal liabilities for mishandling Type-1 products – and it requires no Controlled Cryptographic Item (CCI) approvals or auditing. This gives organizations a flexible, easy-to-use mechanism to protect and transport tactical data at the SECRET level.

The Hydra PC is not limited to protecting classified data. It can also be used by government and commercial organizations to protect valuable data and personally identifiable information, with the strong security used to protect classified data.

In order to meet NSA requirements for classified use, the Hydra PC implements advanced COTS security features. Hydra PC encrypts data on an individual file/folder basis, which provides much stronger security than standard sector-based encryption. It uses the strongest commercially available cryptographic algorithms (ECC P-384, AES-256 and SHA-384) to hash, compress, encrypt, digitally sign, and seal individual files and folders.

All encryption is performed in hardware within a tamper-resistant security boundary. Private keys cannot be imported, exported, or corrupted. The advanced hardware-based security protects against sophisticated hacker attacks. For added security against ‘brute-force’ attacks, the Hydra PC permanently deletes the encryption keys after 10 incorrect PIN entries, rendering the encrypted data undecipherable.

Use of the Hydra PC can be limited to administrator-authorized computers within a defined enclave, preventing removal of sensitive data or unauthorized access to the Hydra PC or its data. Even with the correct PIN, the encrypted data cannot be decrypted outside of the secure enclave.

“We are extremely proud to have worked very closely with NSA to qualify the Hydra PC as a product secure enough to safeguard tactical data at the SECRET level. The Hydra PC goes beyond conventional data encryption by uniquely providing data containment through its advanced security techniques. AES encryption alone, without equally strong key management and a secure implementation, is just not good enough to protect sensitive data,” said Tom Dickens, SPYRUS Chief Operating Officer. “For the first time in history, NSA has approved a personal USB memory device that every DoD or Federal employee and contractor can purchase to protect tactical data at the SECRET level and below, without the burden of Type-1 security paperwork and controls.”