Copiers are also a compliance issue Chris Bilello, director, business development for Konica, Minolta Business Solutions U.S.A., Inc July 18, 2007 To properly discuss security issues related to multi-function peripheral (MFPs) - devices that copy, print, scan and fax – it’s helpful to first have some background on the underlying technology in the machines that have raised so much concern as a possible data security risk. Just 10 years ago, copiers used analog systems and were stand-alone devices that did one thing – made copies on paper. The "new generation of copiers," including all those manufactured today, uses digital technology, similar to that found in laser printers. The older analog copiers produced a copy by scanning an image to an electrostatically charged photoconductive drum that transferred the toner to paper to make a print. Each time a new copy was made, the drum was cleaned and the previous image was erased. However, in a digital copier, the scanned document is converted to a digital file and is temporarily stored in the copier until a copy is made. The image of the document may reside in the copier until it is overwritten or deleted from the copier memory or hard drive. Most digital copiers use a hard disk drive to store these scanned document images, the same kind of data storage device found in a PC. It wasn't a giant technological leap to add printing capability to a digital copier. In addition, since users have the ability to connect a printer or copier to a PC, why not connect it to a network so everyone can share the device? Rapidly following on the heels of printing, the ability to scan a document, store it on a copier hard drive, and send it via email or to a file server was added. At about the same time, the ability to send and receive faxes was added and the true MFP was born. With millions of documents being printed, copied, scanned and faxed on MFPs, it is natural to wonder just how secure is the data captured on the device's embedded hard drive. Adding to that possible security risk is the concern that machines connected to an internet-accessible network are even more vulnerable to an outside attack. With the dramatic increase in electronic transfer of sensitive and confidential information, various government- sponsored security regulations have called into question the link between security and the integrity of technological systems. Security technology has become critically important as various organizations and businesses use their electronic systems to comply with government regulations. Recent laws and initiatives on this front include: HIPAA; Sarbanes-Oxley Act; Gramm-Leach-Bliley Act; Federal Information Security Management Act of 2002 (FISMA) and FDA 21; CFR Part 11; ISO 15408, also known as, Common Criteria Certification In response to the increased awareness of security issues and to address such regulations, manufacturers are recognizing the need to develop and implement security-based information technologies in MFP devices. The Need for a Common Standard To date, the only official security-based certification for digital office products is an international standard generally known as the Common Criteria (CC). The official international designation for this security standard is ISO 15408. What is ISO 15408 or "Common Criteria" The International Common Criteria for Information Technology Security Evaluation establishes an internationally agreed upon language for specifying security functionality, as well as an evaluation methodology to assess the strength of security implementations embedded in various types of technology located on the network. The Common Criteria initiative has evolved into an international standard known as ISO 15408. In the United States it is managed by the National Information Assurance Partnership (NIAP), which is run by the National Security Agency and the National Institute of Standards and Technology (NIST). Common Criteria standards applicable to digital MFPs HDD Security The biggest concern in MFP security is that data is accessible and can be stolen from the MFP's hard disk drive (HDD), either by accessing the MFP remotely or removing the HDD and extracting the data. Most manufacturers now offer some form of hard drive overwrite security function that erases data stored on the device's HDD or memory by overwriting it with a series of characters. These kits are available as options or in some cases, come as a standard feature with most MFP models. Hard drive overwrite is performed immediately upon completion of all copy, print, scan and fax jobs and some offer an extra level of security by providing hard drive encryption using 128-bit Advanced Encryption Standard (AES). Another layer of security that can be added involves the ability to lock the host MFP to HDDs using a passcode of alphanumeric characters; this means that the data is protected, even if the drive is removed from the machine. At the time of decommissioning, relocation or replacement of an MFP, the entire HDD can be overwritten so that all of the data is completely removed. Any leftover image data can be overwritten up to seven times to military specifications [such as U.S. Navy (NAVSO P-5239-26), Department of Defense (DoD 5220.22M), and Army Regulations (AR380- 19)]. RAM Security Another major concern regarding memory is the potential vulnerability of the machine's random access memory (RAM). The three types of RAM typically used in a digital MFP are: volatile RAM, non-volatile RAM, and flash memory. Volatile RAM Volatile RAM consists of: File memory – electronic sorting Work memory – storing program parameters, temporary data and image conversion of controller Fax memory – working RAM for fax Information that is written to Volatile RAM can be temporarily held in memory while the power is on. The data held in this type of RAM is overwritten by the next page or job being printed. Once the job is printed, the document is deleted from RAM. If the power is turned off. The image in Volatile RAM is deleted as well. Volatile RAM is secure; if RAM is removed after an engine is powered off all the data on that RAM chip would have already been deleted. It would be impossible to remove the RAM while the engine power is on. The only other way to possibly extract image data would be an indirect route or via a security hole. Non-Volatile RAM (NV-RAM) Typically Non-Volatile RAM would be: Machine Counter Data Job Settings Utility Settings The data written to non-volatile RAM is normally not image or document related, meaning the data is not confidential or private. This information is not cleared when the power is turned off unlike volatile RAM. It is important to note that when the HDD is formatted the user or account information in NV-RAM, will be deleted and set back to factory default. Flash Memory Stores Typically Flash memory is used with: Machine Firmware Control Panel Data Printer Resident Fonts Copy Protect Watermarks Flash memory is embedded on an MFP circuit board and cannot be erased. The data stored in flash memory is not critical, confidential or private Network Security Any MFP connected to a network may be vulnerable to unauthorized access. Some MFPs include the following features to prevent this: User authentication – Requires User ID and Password. Virus protection – Manufacturers such as Konica Minolta include an embedded, non-commercial operating system that is not susceptible to attacks by viruses and worms. Allow or prohibit functions by user – An advanced level of security allows or prohibits use and availability of specific features, such as scanning, user box, copying, faxing and printing as a remote function. Network vulnerabilities – Open ports and protocols can be opened/closed or enabled/disabled at the machine or remotely by an administrator. As a further safeguard against unauthorized access Konica Minolta introduced the industry's first biometric authentication unit, in which the vein patterns of a finger are scanned, encrypted and stored and are used to distinguish individuals. File transmission security Since MFPs perform various functions including network printing, scanning and fax, special steps have to be taken to prevent unauthorized use or access. The following features may be included in MFPs on the market today: Confidential print – A Secure Print function holds the job until released with the proper encrypted password. Secure mailbox print stores a print job in a user box where a user ID and password must be entered for that job to be accessed for printing, faxing or forwarding by email. Scan/PDF encryption – Scanned files can be encrypted as a PDF file and requires the receiver to have the decryption code to open the file. Copy protection – A security watermark is placed on the original document as it is printed. If it is copied on any other MFP the secure watermark will appear. Advanced email security Advanced fax line security Access history Account tracking Audit and job logs HIPPA and MFP Security With the dramatic increase in the volume of protected health information in electronic form, HIPAA privacy requirements tie together the security and integrity of technological systems and processes. Technology security has become critically important as covered entities use their electronic systems to comply with HIPAA regulations. With the growing popularity of connected office machines, people in the health care industry will increasingly look to MFPs as an efficient and cost effective method of distributing, storing and receiving ePHI (electronic Patient Health Information). Any discussion of HIPPA merits its own article, however, security measures described above for MFPs can easily be adopted for use in the health care industry and will grow more relevant as the trend towards electronic storage and maintenance of protected health care information continues. For the record, the following are the HIPPA sections regarding access control and technical safeguards that apply to the MFP: HIPAA Security Specification, Access Control Section Technical Safeguards (Section 164.312): (a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software program that have been granted access rights as specified in Sec. 164.308(a)(4). (2) Implementation specifications: ( i ) Unique user identification (Required). Assign a unique name and/or number for identifying and tracking user identity. All MFP manufacturers do business with health care organizations and should have a statement of compliance with HIPPA for their devices. Just ask for a copy. Questions you should ask your dealer Without a doubt security of information flowing through MFPs is a serious and growing issue and the potential for identity theft is real. MFP manufacturers continue to invest a tremendous amount of engineering resources in developing security-related features and use independent security consultants to evaluate the technology. Whether the issue is network intrusion, data theft or compliance, manufacturers are offering security technology demanded by internal clients and federal legislation. You should review your entire MFP fleet to evaluate potential security holes. Ask your manufacturer to provide a comprehensive list of security features on each machine. Older models should provide some basic security measures, i.e. password protection, secure printing. As a minimum, newer models should have some kind of hard drive overwrite capability. If you plan to purchase a new MFP ask for a list of security features. There is a growing trend in the industry to certify the entire MFP system as ISO 15408, or CC, compliant. MFPs with the proper security features listed above can be used with confidence in any application requiring the highest levels of data security.