Gov-Owned USBs to be Used on DoD Nets

The Defense Department is taking steps to lift a 10-month-old ban on the use of most removable storage devices on Pentagon and military networks, but with a catch: only government-owned and procured USB flash media will be allowed.

"The bottom line is, the days of using personally owned flash media or using flash media collected at conferences or trade shows are long gone," writes Navy CIO Robert Carey in his blog. "Unfortunately, it was our bad IT hygiene that resulted in the ban of this all too flexible use of storage media."

The commander of the U.S. Strategic Command last November suspended the use of USB flash media and removable storage devices on all DoD networks, including USB thumb drives, memory sticks/cards and camera flash cards, because some Navy personnel failed to follow procedures aimed at protecting the networks from viruses and safeguarding data stored on Defense systems.

In an update on the progress the Pentagon is taking to allow use of flash drives, Carey says the DoD Removable Storage Media Tiger Team, led by the Defense-wide Information Assurance Program, has been coordinating policy for incorporation into future Strategic Command operational guidance. The Navy and Marine Corps are drafting organizationally specific concepts of operations and communications tasking orders in preparation for secure USB flash media pilots once the DoD-wide ban is lifted.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

"In the future," Carey writes, "we expect that a government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks will be permitted for use by authorized individuals. We are working on upgraded anti-virus and malware detection, alert and eradication capabilities as well as implementation of controls to deny network access to unauthorized USB flash media and revised operating procedures for scanning and cleaning flash media. Those who are authorized to use portable media devices will receive updated user training and awareness and be informed again of his/her accountability through compliance audits and inspections."

Until authorized USB drives are allowed, Carey says, the Navy will establish collaborative workspaces, file shares and portals within its networks to reduce reliance on USB flash media.

"While the future restricted use of flash media may seem somewhat draconian, the expanded use of portals and collaborative work spaces keeps our information in the protected net-centric environment," Carey writes. "It is accessible with the proper identity credentials. Seems to me, we are actively working to make sure that access to information is balanced with the appropriate security controls."