“This is not a return to business as usual," Vice Adm. Carl Mauney, deputy commander of the U.S. Strategic Command, told SCMagazineUS.com in an email on Friday. “There remain strict limitations on using these devices.”
The U.S. Department of Defense (DoD) originally banned USB drives and other removable media devices in November 2008, after a worm infiltrated Army networks. A variation of the worm, W32.SillyFDC, was targeting thumb drives and other removable media and spreading through military networks. To stop the infection, all removable storage devices — including USB drives, external hard drives, cameras and some printers — were prohibited on all military networks.
The order to partially lift the ban came last week from Gen. Kevin Chilton, commander of the U.S. Strategic Command, and is applicable to all DoD information systems, Mauney said. Under the order, removable devices should only be used as a “last resort” when it is necessary to carry out a mission and there is no other way to transfer data.
Also, only government-procured and owned devices will be allowed. Personally owned devices will continue to be prohibited.
“After extensive testing of mitigation measures, DoD decided to make this technology available again on a strictly controlled basis on DoD computers,” Mauney said. “Since the order restricting use of removable media, DoD developed capabilities and processes that allow safe use of these devices.”
Removable media devices, which also include most cell phones and all MP3 players, have their benefits and their drawbacks, said Frank Kenney, vice president of global strategy at network monitoring and file transfer software vendor Ipswitch.
They allow employees to be productive and to access the data they need, when they need it, he said.
“Yet as more people become reliant on these devices, they are exposing themselves to huge potential gaps, where the intelligence of a business or organization can be seriously compromised,” Kenney said.
Military network administrators can monitor and audit activity on DoD networks, including files that may be introduced through removable devices, Mauney added. The DoD regularly monitors its networks for intrusions and has procedures in place to address threats, he said.