Defense bans use of removable storage devices

The Defense Department has temporarily banned the use of thumb drives and all other removable storage devices on its networks due to concerns they are infected with malware, according to a message from Strategic Command.

Comment on this article in The Forum.In an internal message obtained by Government Executive, the Army also banned the use of external hard drives and digital cameras, which have the same type of flash memory as thumb drives, from being plugged into military computers and networks.

STRATCOM sent out its message on Nov. 14 and Defense commands scrambled to protect their systems from a possible malware infection that the removable storage devices posed. Users insert the devices into a computer's Universal Serial Bus port to store files from a computer or network.

Another internal message, this one from a command with a global presence and tens of thousands of users, said it planned to isolate removable media ports from Defense networks. According to the message, all users in the command "must immediately discontinue the use of removable media. . . . Tonight [Nov. 14] . . . network operations is taking steps to electronically block/disable access to all removable media ports for workstations connected to the network."

The message continued, "This will require an after hours reboot of all workstations. However, if for some reason removable media ports on your workstation are not disabled, the ban still applies."

Air Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman, did not directly acknowledge the ban on removable media. But, in a statement, he said, "We are aware of a global virus for which there are recent public alerts. We have seen some of this on our networks, and are taking steps to mitigate the virus. We are not going to discuss any specific defensive measures that we may be taking to protect and defend our networks."

The Naval Reserve Command, in a message written in red on its home page, told all reservists to suspend the use of thumb drives on all Navy networks at the direction of the Naval Network Warfare Command, but did not say why.

The Naval Post-Graduate School in Monterey, Calif., in an all-hands message sent on Nov. 20 said, "All NPS faculty, staff and students are directed to immediately discontinue use of USB media storage devices on any computer attached to any NPS computer network. This includes privately owned laptops that are temporarily attached to the NPS networks via wired, wireless or VPN connections. USB media storage devices include but are not limited to, thumb drives, portable hard drives, cameras and removable camera media, portable music devices, cell phones, digital picture frames, etc."

To ensure that systems can be scanned for potential viruses, NPS said, "Workstations and laptops must remain powered on until further notice. Users must power on all computers and laptops attached to the campus network. Users must not power down workstations or laptops until further notice. Any machines found disconnected or powered off should be reconnected to the network and left powered on."

Department sources said the ban on connection of removable media to Defense networks applies to both the Nonclassified Internet Protocol Router Network, which has connections to the Internet and therefore a potential source of infection, and the Secret Internet Protocol Network, which is not connected to the Internet.

One knowledgeable Defense source speculated the ban could have resulted from a user on the nonclassified network using a thumb drive to inadvertently copy an infected file to the classified network.

Army Gen. Walter Sharp, commander of U.S. forces in Korea, raised the possibility of such an incident in a Sept. 11 memo. He wrote that all personnel must "mitigate risk of compromising classified information stored on removable storage media. These media have multiple uses and their small size and adaptability can result in loss of accountability and inappropriate cross net (NIPT to SIPR) [use]."

The U.S. Computer Emergency Readiness Team issued a similar warning on Nov. 3: "An attacker might infect a computer with malicious code or malware that can detect when a USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer."

A knowledgeable Air Force source said the problem that led STRATCOM to ban the use of removable media was "much worse" than one person infecting the secret network with a virus picked up by a thumb drive on the classified network. He declined to elaborate.

Nate Cote, vice president of product management at Kanguru, which makes secure thumb drives, including those used by the Veterans Affairs Department, said drives could be infected during the manufacturing process, especially if the computer that loads the software is connected to the Internet.

Cote said the machines used in its manufacturing process are not connected to the Internet, and the company scans its drives for viruses before shipping them to customers. Most commercial thumb drives are manufactured in either China or Taiwan, and he said it was possible that a virus could be deliberately put on a thumb drive during manufacturing there.