Portable flash drives likely to return to the battlefield
WASHINGTON—Officials in the U.S. Department of Defense (DOD) are considering lifting the year-long ban on removable data storage devices in military environments.
By Courtney E. Howard
WASHINGTON—Officials in the U.S. Department of Defense (DOD) are considering lifting the year-long ban on removable data storage devices in military environments. New guidelines for the use of USB thumb drives and similar devices are expected by year’s end.
In November 2008, the use of USB flash media and removable storage devices—including USB thumb drives, memory sticks, and camera flash memory cards—was suspended on all DOD networks at all classification levels by the order of the commanding officer of U.S. Strategic Command (USSTRATCOM).
The ban was mandated because it had become apparent to USSTRATCOM officials “that over time, our posture to protect networks and associated information infrastructure has not kept pace with adversary efforts to penetrate, disrupt, interrupt, exploit, or destroy critical elements of the GIG (Global Information Grid),” according to an unclassified, November 2008 e-mail message on the suspension of removable flash media.
“The decision to terminate use of removable rewritable media is a key component in the strategy to defend against attacks and establish a baseline for information system protection,” the e-mail read. “Memory sticks, thumb drives, and camera flash memory cards have given the adversary the capability to exploit our poor personal practices and have provided an avenue of attack.”
The Department of Defense is expected to relax its ban on removable storage devices, including USB thumb drives such as those pictured above from Kingston Digital.
Policy and processes were in place to facilitate the safe use of USB flash media, but they were not being followed, says Robert J. Carey, The U.S. Navy’s chief information officer, in his blog (http://www.doncio.navy.mil/Blog.aspx).
“Unfortunately, it was our bad IT hygiene that resulted in the ban of this all too flexible use of storage media,” Carey blogged. “We recognize the utility of portable media storage in support of mission operations. Such media provide a simple, inexpensive, reusable and ubiquitous means for transferring information between computers and servers on both public and private networks.”
Carey and a team of his colleagues are working with the DOD’s chief information officer to identify the minimum requirements necessary to “fortify our network security posture,” he says. At the same time, the DOD removable storage media tiger team, led by the defense-wide Information Assurance Program (DIAP), has been coordinating policy for use by USSTRATCOM. The Navy and Marine Corps also are drafting concept of operations and communications tasking orders.
Carey anticipates that, in the future, “government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DOD networks, will be permitted for use by authorized individuals. I expect (and support) that only approved, identifiable flash media of known origin will be permitted for use; and only by authorized and trained personnel, in support of mission-essential functions that could not be performed via non-flash media means.”
Technology firms throughout the mil-aero and commercial information technology markets are offering advice, expertise, and tools to aid DOD officials in their task. Among them are McAfee in Santa Clara, Calif.; Kingston Digital in San Jose, Calif.; SPYRUS in Fountain Valley, Calif.; and Sidense in Ottawa—each of which provides software-based methods of protecting removable storage devices.