ViaSat CEO: “When we talk about protection, we protect the whole system"

We spoke to ViaSat UK CEO Chris McIntosh about the latest range of encrypted hard drives for Macs. The company has risen to notability as one of the few firms trusted by the UK government to be used for data at the highest level of security clearance, and is accredited by the Government Communications Headquarters (GCHQ).

"People like the government and military can lose laptops," McIntosh told us, "but we encrypt them to a state where even if someone got hold of the laptop, they wouldn't be able to get to the information on there."

"At the heart of ViaSat UK is protecting information and data from attack, whether it be someone casually coming across the machine, or a targeted theft."

ViaSat's encrypted hard drives use advanced encryption standard (AES) 256, which uses a 256-bit key, and 14 cycles of transformation.

What this allows, McIntosh said, "is the highest classification data (ie. Top secret) to be protected so that if it's lost or stolen, people can't get to that information."

Using hardware-based encryption is the only way to ensure total information security, according to McIntosh.

"When it comes to encryption, it's a bit like a safe," he said. "People focus on the lock of the safe – in this case, the algorithm – but when someone attacks a safe, they don't necessarily go through the lock. They go for the hinges, or from the top or bottom, or even round the back of the safe itself. Or they'll just do something as simple as knowing what kind of codes are used for the actual lock."

"When we talk about protection, we protect the whole system. We are one of the few companies with a hardware based solution."

Hardware-based solutions offer a whole range of benefits over standard software-based encryption. For one thing, "the drive itself is always encrypted," McIntosh said. "It does not rely on the host machine to encrypt and de-encrypt it. If people are using a software solution, it means there are ways to attack a system via the host laptop or host computer. You can put an app on the machine itself, or you can do something that allows you to get hold of the keys, allowing you to unencrypt the drive."

Hardware based encryption is a different matter.

"When the computer boots up, it's actually our hardware booting up. We have total control of the booting process, and then every time the information passes to and from our storage device, it is encrypted and decrypted on the fly."

Perhaps the greatest advantage is that a hardware-based encryption solution has very little effect on the overall performance of the machine.

"As drives get faster, with SSDs for example, our system can have a very slight detriment on the performance of the drive," McIntosh conceded, but "because we're doing it in hardware, there's a negligible performance impact."

It certainly outpaces leading software-based encryption models.

"If you compare it with a software solution, they're taking the time to do the encryption and decryption on the host machine itself. They're using the power of the processor's power, but with a hardware solution, you use the power of the hardware itself."

What's more, "because we encrypt the whole drive, we are completely operating system agnostic."

We spoke a little about the advancing state of encryption, and how safe the new models really are, with state-sponsored hackers, cyber-criminals and even the American three-letter agencies breaking encryption protocols every day. McIntosh was confident in the robustness of ViaSat's encryption algorithms.

"Old encryption techniques were like shuffling the pages of a book," he told us. "Attackers could simply rearrange the pages of the book until they got a story that made sense. Then, encryption advanced, and it became like shuffling the words of a chapter. Still, if you put a supercomputer up against it, there's a chance that, given time, they would come up with the whole chapter. Now the levels of encryption we're talking about is like taking every letter of a large book and shuffling them up. What that means is that if you put a supercomputer up against it, you may come up with a book that made sense - you may come up with the story, but you have no way of telling if it's the correct story, because there are lots of different options."

However, McIntosh conceded that if attackers know that certain plaintext phrases are likely to occur, the name of a country or person, say, they might be able to more effectively crack the encryption.

"If anyone ever says that their system is completely unbreakable, unfortunately, they're lying," he told us. "Things will always change, and the ways they're attacked will always change. All we can do is protect to the highest level we can, and make sure we know the different kinds of attacks that are being used."

For users with critical data, the systems will be tempting. The levels of encryption mean "there's no need to fry the drive" if the hardware is physically tampered with, McIntosh said.

There's also "no ability to switch off our encryption," he told us. "With software solutions, a lot of them give the option to switch it off, which becomes ludicrous because when people have problems with performance, with the speed of their computer, or they have applications that aren't working properly, they just turn it off."

This means most software solutions are simply failing the usability test. Indeed, "studies showed a few years ago that over 50 per cent of people with software encryption had switched it off," Chris said.

Asked about the credibility of the UK's cyber defence, Chris had little good to say. It's "poor," he said, but at least there's some good news: "we have acknowledged that it's poor, and we're taking steps to address that."

That, he said, put us at least a little ahead of the curve.

"If you look internationally, there are whole swathes of countries that have no idea how vulnerable they are."