US Air Force bans removable media

Thumb drives? Blank discs? Uncle Sam says no.

In the wake of the WikiLeaks scandal, it appears the US Military is taking extra measures to ensure sensitive materials stay out of the wrong - or right, depending on how you look at it - hands.

Wired reports that commander of Air Force Network Operations Maj. Gen. Richard Webber issued a ''Cyber Control Order'' on December 3, banning the use of all removable media on machines attached to SIPRNET, also known as the Secret Internet Protocol Router Network.

“Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media,” the order reads.

Wired claims that similar orders have gone out to other branches of the military, and personnel who do not comply can face a court-martial under Article 92 of the Uniform Code of Military Justice. Removable media was last banned from SIPRNET in 2008 as the Defense Department struggled to contain the SillyFDC worm. That ban was lifted in February after a cleanup operation was completed.

PFC (Private, First Class) Bradley Manning, 22, allegedly used rewriteable CDs falsely labelled as music CDs to download more than 250,000 classified embassy dispatches which he claimed to have then passed to WikiLeaks. PFC Manning has been charged with downloading the cables, along with a classified PowerPoint presentation and a classified video of a military operation in Baghdad on July 12, 2007. He has also been charged with communicating the video and at least one of the cables to an unauthorised source. PFC Manning faces a maximum sentence of 52 years jail and is expected to appear before a court-martial in spring 2011.

Report a problem with article
Previous Story

Gawker source code and database leaked

Next Story

Twitter worm spreading virally, possibly connected to Gawker attack

26 Comments

View more comments

I can't believe it's almost 2011 and this is only now taking place. The way that PFC Manning obtained this information is so embarrassing from an IT security standpoint. It's surprising that it took 6 months after the fact for this to be put in place in just one branch of the military when it should have already been the standard for many years.

1. A ban on removable media has existed in the past, but for some reason it was lifted in Feb 2010 - This came back to bite the military in the ass.
2. This isn't being enforced by just the Air-force. Any computer residing on SPIRNET is subject to these restrictions.

agreenbhm said,
I can't believe it's almost 2011 and this is only now taking place. The way that PFC Manning obtained this information is so embarrassing from an IT security standpoint. It's surprising that it took 6 months after the fact for this to be put in place in just one branch of the military when it should have already been the standard for many years.

This information is wrong. I know for a FACT that removable media not only has been banned, but GPO's have been put in place since Windows XP SP2 that shut down USB ports for this stuff.

Maybe the rule has been updated or re-written but its not new.

rrode74 said,

This information is wrong. I know for a FACT that removable media not only has been banned, but GPO's have been put in place since Windows XP SP2 that shut down USB ports for this stuff.

Maybe the rule has been updated or re-written but its not new.

Well good, that should be the case. However, being able to burn CDs but not use USB drives doesn't really solve the problem. It's good that all removable media is now banned.

agreenbhm said,

Well good, that should be the case. However, being able to burn CDs but not use USB drives doesn't really solve the problem. It's good that all removable media is now banned.

agreed any one who has ever been forced to use the air forces version of windows would know this. hell we just got vista.

id say that were i work usb drives were banned about 3 or 4 years ago.

but lets be reasonable here how are we supposed to take sensitive material from a classified computer and take it to another computer to use for say a briefing or some other sort of presentation with out some sort of removable media.

so we are still able to burn disks but these are shredded after use.

REDBEARDD said,
Lets hope this doesn't end up being a precedent for a future "cyber control order."

What are you talking about. This is best practice for most companies. I'm just surprised that our military is behind on implementing these best practices.

Quattrone said,
The American government is a complete idiot. It takes something wrong or a big disaster in order for them to act and fix the issue from the root. This is what I called: lack of knowledge, lack of training, and lack of security. This is the US Army.

It isn't just the government that has these issues. This happens more than you think everywhere even with proper training, knowledge and security.

Quattrone said,
The American government is a complete idiot. It takes something wrong or a big disaster in order for them to act and fix the issue from the root. This is what I called: lack of knowledge, lack of training, and lack of security. This is the US Army.

Didn't realize that the government is a single person with an IQ? Or are you suggesting that every single person that works for the government is an idiot? I know plenty of people that work for the government that are not idiots.

Quattrone said,
The American government is a complete idiot. It takes something wrong or a big disaster in order for them to act and fix the issue from the root. This is what I called: lack of knowledge, lack of training, and lack of security. This is the US Army.

Where to begin on this comment.

chadlachlanross said,
Seriously, this policy wasn't in place before?

No. They use to have the policy that the company I am at now has. You can bring them, just don't copy government/military property onto them. It is one of those policies that shouldn't have to exist. When you get your secret/top secret clearance, you have to sign documents stating you won't leak info. Now there are two policies in place that are meant to have the exact same effect. Won't stop it from happening again.

CoMMo said,
The Army banned USB storage media about a year and a half ago.

if this is the case how did the PFC get the information onto removable media?
for sake of argument a PFC is not an airmen because there are no privates in the air force.
so your down to Army or the Marines. but rest assured this was a member of the army.

I kinda find it odd/scary how the article goes to quote General Webber on "Unauthorized data transfers ROUTINELY occur on classified networks"

I can't understand how a military PFC got hold of diplomatic stuff in the first place? I worked in high security comm centers back in the good old Cold War days, and the military, intelligence and diplomatic services all had completely separate networks back then. There was no way that such a thing could have happened. On top of which the removal of just one Top Secret document would entitle you to a minimum of 20 years free accommodation in a Government facility :-)

I am working at the Air Force and removable media using flash has been banned for a couple years and was never lifted. I guess they extended it to any removable media.

Solution one: No network. Solution two: NO computers at all. Anything else is half baked and won't solve anything.
This is one extreme way of problem solving. A terrorist carries explosives in his underwear - solution: we scan everybody's underwear. Information is stolen from a computer via external media - solution: we take away everybody's media.
I don't think this is problem solving. This is an excuse not to solve the problem in the first place.

Just to help clarify a few things having dealt with this in the past:

1. This affects computers attached to SIPRNET, which are systems usually located in secured areas and are usually working with classified data. This does NOT affect the everyday computers that the average military person works on, which is connected to what is called NIPRNET, the unsecured network that lets you surf the Internet (and yes, I have watched folks at our site who are connected to NIPRNET surfing the net.)

2. The reasoning behind having removable media for the SIPRNET systems has always been one more of convenience. If you need to give a classified briefing, and the system you're giving it on is not connected to SIPRNET, then you need to copy that data in some fashion for display. A CD, DVD or thumb drive is a nice, easy, convenient way to do that, but your security risks increase dramatically when doing so. Outright banning of removable media will only work for a short while, until some General complains about the inconvenience at which time it'll be quietly rescinded again.

3. Just for the record, on Feb. 12 the U.S. Strategic Command (STRATCOM) issued an "all-DOD message" allowing "the limited return to use of memory sticks and thumb drives in all DOD NIPRNET, SIPRNET and JWICS computers using Windows operating systems." The caveat is that the devices must be government "procured and owned," the command said. Additionally, those drives needed to have built-in encryption, which is offered by a number of companies. Now here it is 10 months later, and the military has reversed course on SIPRNET usage. I don't expect the military to make it a blanket coverage to all systems, but we'll see what happens.

Commenting is disabled on this article.