Posted on 02/19/2010 4:53:22 PM PST by SandRat
WASHINGTON, Feb. 19, 2010 – New guidelines from U.S. Strategic Command officials allow servicemembers to use “thumb drives” and other flash media to store computer data under specific circumstances.
Strategic Command officials banned use of thumb drives and flash media in November 2008, after the use of the media infected a number of Defense Department computer systems. Computers users had to turn to alternative means to transfer data from one machine to another.
Now, the command has lifted the ban on the devices under carefully controlled circumstances, said Navy Vice Adm. Carl V. Mauney, Stratcom’s deputy commander.
The command issued an order Feb. 12 that allows “a return to limited use of removable devices under very specific circumstances and guidelines,” Mauney said.
“This is not a return to ‘business as usual,’” the admiral emphasized. “There remain strict limitations on using these devices.”
In a telephone interview, Mauney said units in active operations in Afghanistan, Iraq and elsewhere will get priority in implementation of the new guidelines.
“In terms of the mechanics, we’ve put together several small kits of the equipment that’s needed and we’ll be transitioning those to people out in the theater – in Afghanistan in particular – to help certain groups facilitate their use,” Mauney explained. The kits will contain hardware and software to ensure the safe use of removable media, he added, and scans and filters are included in the process.
After extensive testing of mitigation measures, Defense Department officials decided to make the technology available again on a very limited and strictly controlled basis, the admiral said.
“Since the order restricting use of removable media, [the Defense Department] developed capabilities and processes that allow safe use of these devices,” Mauney said. “Removable media use will be limited to mission-essential operations, and only after strict compliance requirements are met.”
The order calls on combatant commands, the services and Defense Department agencies to establish approval authorities for determining whether flash media may be used.
“The commanders and directors can decide that the measures that we’re using already meet their needs,” Mauney said. “In fact, when we’re traveling, … we look to see how people are doing in moving around their information. People have trained themselves and are able to do it, and are effective and efficient. I think, initially, some will look at this and say they are good with what they are doing. It’s proven, and they may opt not to do this.”
The removable media will be a tremendous help in Afghanistan and Iraq, Mauney said. “We think there will be some ground to be gained there,” he added.
Use of the devices under the new guidelines is restricted to operational mission requirements, Mauney said, and only properly inventoried, government-procured and –owned devices will be allowed for use in Defense Department information systems. Servicemembers and civilians will not use personally owned devices on any Defense Department network or in any Defense Department computer, he said.
Computer users also will not use Defense Department thumb drives and flash media on nongovernment networks or computers without authorization from an approval authority, the admiral said.
Defense Department officials say they’re urging all computer users to be responsible and to do the right thing for cybersecurity. Mauney said the Defense Department has the means and the right to scan the department’s computers, and randomly selected users and drives will be subject to periodic auditing.
Joint Task Force Global Network Defense is the operational command that will oversee the program.
I am glad that they are finally addressing the use of flash drives and have at least some way of using them.
When I was a contractor for the Air Force the computer usage was a continual bane. It seemed like daily there was a new rule/regulation telling us that we can’t do something.
It was one of many reasons that I finally left that job. And I am so much happier now and the stresses of working in the environment are gone too.
A new patch for every panic, but no plan.
There are password-secured flash drives which can’t be accessed (read or write) by rogue programs. That’s what ought to have been in use.
If they are going to have restricted access why not design a different interface for military computers? If you have some oddball shape only approved devices could fit it would help prevent inadvertent access.
I'm in that position right now, and I can see what you mean. We call it DoD, for Distributed Denial of Service. An army of Chinese hackers couldn't do it better.
Don’t get me wrong, the DOD is really in a lousy position. They have the NIPRNET and the SIPRNET. But as long as the buy COTS computers and Software they are at risk.
As a user of their computers and systems it was a royal pain and at times made me wish to be back in the days of 386 and 486 PC’s. At least you go could get your work done without the risk of breaking at least one rule a day.
I was thinking that exact same thing just the other day. Another problem is the necessity of keeping an open line to the public internet.
Also they keep pointing to Linux as a solution. Personally I think that Linux is very usable. But with so many fingers in the pie that created it and the fact that it is open source code is troubling to me.
(Going into Dictator Mode now)/ I personally would have NSA come up with a robust and encrypted Operating System. Make it the Defacto DOD standard. Use only those machines for official work. The CAC card or better system would be required to use and multiple incorrect logon attempts would cause Hard disk erasure and/or other bad things to happen.
Sure it’s extreme but if you have to go this far to protect your equipment and data, well then, go all the way.
Have a few dedicated PC for the necessary public internet access. A legal and realistic use is Logistics research, or access to weather data.
If public data is required to be posted to the DOD computers it would have to go through a dedicated and thouroughly controlled “translator” PC to filter out Malware and convert it to DOD Format.
(End Dictator Mode)/
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.