Since 2008, the United States military has banned the use of USB drives. It has caused great speculation as to why, but at the time the military prohibited these devices, the Pentagon said the decision to ban USB drives was related to concerns of a malware program called Agent.btz. However, on August 25, 2010, U.S. Deputy defense Secretary William Lynn, confirmed that a data breach in the U.S. defense network in 2008 was in fact the real reason the military prohibits the use of USB drives.
Lynn explained that a USB drive carrying a malicious code was inserted into a laptop computer at a United States military base in the Middle East by a foreign intelligence agency in 2008. The malware was uploaded and began spreading to classified and unclassified material. According to Lynn, as the program continued to spread silently through the network, it set up a “digital breachhead”. This means that the data obtained by the program could be transferred to foreign intelligence agencies’ servers. While Lynn refused to answer questions surrounding any stolen data, he described the network infiltration as the “most significant breach of U.S. military computers ever”.
Besides responding to the event by banning the use of USB drives, the Pentagon also took action by creating a mission designed to prevent such instances of occurring in U.S. Military networks again; “Operation Buckshot Yankee”. The operation attempts to "purge" infected systems of malware in order to create more security.
Due to the Military’s large amount of extremely confidential information, I believe the necessary measures were taken in order to create a more secure network. If the problem stemmed from the use of a USB drive, then bolstering the network security must begin there. Consequentially, the military happened to take those measures by banning USB devices. Lynn explained that the big issue wasn’t the security breach, but the chance that information was at risk of being leaked. Besides prohibiting USB drives, I believe it was necessary to launch a campaign similar to “Operation Buckshot Yankee” that continually checks for security threats within a computer network to protect important documents.
http://www.computerworld.com/s/article/9181939/Infected_USB_drive_blamed_for_08_military_cyber_breach?taxonomyId=82
Posts
I find it surprising that it took as long as it did for the military to ban USB drives. Viruses and malware being spread to critical systems via USB drives is only part of the threat. USB drives can also be used to make copies of classified information, whether authorized or not. And once the copies leave the confines of the network, control to the information becomes much harder to control. Consider what happened to with the WikiLeaks case.
ReplyDeleteEven when copies are being made for legitimate purposes, the small size of USB drives makes them both easy to lose and easy to steal. Hopefully the drives in question were encrypted drives, but given enough time, it could be possible to break the encryption on those drives. And once data is on a USB drive, a person no longer needs the specialized hardware and software required to access classified systems via non-publicly accessible protocols such as SPIRNet. This eliminates one more form of protection for the data.