Military ban against USB drives partially lifted

Share this article:
After a more than yearlong ban, USB drives and other removable media devices may now be used on military networks under “very specific circumstances and guidelines,” according to the U.S. Strategic Command.

“This is not a return to business as usual," Vice Adm. Carl Mauney, deputy commander of the U.S. Strategic Command, told SCMagazineUS.com in an email on Friday. “There remain strict limitations on using these devices.”

The U.S. Department of Defense (DoD) originally banned USB drives and other removable media devices in November 2008, after a worm infiltrated Army networks. A variation of the worm, W32.SillyFDC, was targeting thumb drives and other removable media and spreading through military networks. To stop the infection, all removable storage devices — including USB drives, external hard drives, cameras and some printers — were prohibited on all military networks.

The order to partially lift the ban came last week from Gen. Kevin Chilton, commander of the U.S. Strategic Command, and is applicable to all DoD information systems, Mauney said. Under the order, removable devices should only be used as a “last resort” when it is necessary to carry out a mission and there is no other way to transfer data.

Also, only government-procured and owned devices will be allowed. Personally owned devices will continue to be prohibited.

“After extensive testing of mitigation measures, DoD decided to make this technology available again on a strictly controlled basis on DoD computers,” Mauney said. “Since the order restricting use of removable media, DoD developed capabilities and processes that allow safe use of these devices.”

Removable media devices, which also include most cell phones and all MP3 players, have their benefits and their drawbacks, said Frank Kenney, vice president of global strategy at network monitoring and file transfer software vendor Ipswitch.

They allow employees to be productive and to access the data they need, when they need it, he said.

“Yet as more people become reliant on these devices, they are exposing themselves to huge potential gaps, where the intelligence of a business or organization can be seriously compromised,” Kenney said.

Military network administrators can monitor and audit activity on DoD networks, including files that may be introduced through removable devices, Mauney added. The DoD regularly monitors its networks for intrusions and has procedures in place to address threats, he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.