Jump to content

Return of the USB/thumb/flash drive?

Spoo

By Spoo
in Squadron Bar

 Share

Recommended Posts

Spoo Gray Beard

Spoo

Posted
Posted

From an undisclosed secret comm facility somewhere in the NCR:

To: All HAF customers

Recently, there has been buzz (bzzzzzzzzzzzz) concerning new DOD guidance allowing USB removable media devices (i.e., thumb drives) back into the network environment. The Air Force is studying the rules and information contained in the guidance regarding mandatory training, accountability, documentation, checks, auditing, and other constraints. For now, the existing policy stands: Personnel cannot use thumb drives on the HAF network. AFSPC is diligently working with the communications experts from 24th Air Force and SAF/XC staff to develop new standardized policies, procedures and controls on how the Air Force will be able to utilize thumb drive devices.

Link to comment
Share on other sites
M2 Gray Beard

M2

Posted
Posted

Here's the "official" gouge...

Military officials ease thumb drive, flash media bans

02/19/2010

New guidelines from U.S. Strategic Command officials allow servicemembers to use "thumb drives" and other flash media to store computer data under specific circumstances.

Strategic Command officials banned use of thumb drives and flash media in November 2008, after the use of the media infected a number of Defense Department computer systems. Computers users had to turn to alternative means to transfer data from one machine to another.

Now, the command has lifted the ban on the devices under carefully controlled circumstances, said Navy Vice Adm. Carl V. Mauney, Stratcom's deputy commander.

The command issued an order Feb. 12 that allows "a return to limited use of removable devices under very specific circumstances and guidelines," Admiral Mauney said.

"This is not a return to 'business as usual,'" the admiral emphasized. "There remain strict limitations on using these devices."

Units in active operations in Afghanistan, Iraq and elsewhere will get priority in implementation of the new guidelines, Admiral Mauney said.

"In terms of the mechanics, we've put together several small kits of the equipment that's needed and we'll be transitioning those to people out in the theater -- in Afghanistan in particular -- to help certain groups facilitate their use," Admiral Mauney explained.

The kits will contain hardware and software to ensure the safe use of removable media, he added, and scans and filters are included in the process.

After extensive testing of mitigation measures, Defense Department officials decided to make the technology available again on a very limited and strictly controlled basis, the admiral said.

"Since the order restricting use of removable media, (the Defense Department) developed capabilities and processes that allow safe use of these devices," Admiral Mauney said. "Removable media use will be limited to mission-essential operations, and only after strict compliance requirements are met."

The order calls on combatant commands, the services and Defense Department agency officials to establish approval authorities for determining whether flash media may be used.

"The commanders and directors can decide that the measures that we're using already meet their needs," Admiral Mauney said. "In fact, when we're traveling, ... we look to see how people are doing in moving around their information. People have trained themselves and are able to do it, and are effective and efficient. I think, initially, some will look at this and say they are good with what they are doing. It's proven, and they may opt not to do this."

The removable media will be a tremendous help in Afghanistan and Iraq, Admiral Mauney said.

"We think there will be some ground to be gained there," he added.

Use of the devices under the new guidelines is restricted to operational mission requirements, Admiral Mauney said, and only properly inventoried, government-procured and -owned devices will be allowed for use in Defense Department information systems. Servicemembers and civilians will not use personally owned devices on any Defense Department network or in any Defense Department computer, he said.

Computer users also will not use Defense Department thumb drives and flash media on nongovernment networks or computers without authorization from an approval authority, the admiral said.

Defense Department officials say they're urging all computer users to be responsible and to do the right thing for cybersecurity. Admiral Mauney said the Defense Department has the means and the right to scan the department's computers, and randomly selected users and drives will be subject to periodic auditing.

Joint Task Force Global Network Defense officials will oversee the program.

So I shot our IA Manager an email, and got this response...

We have authorization to use Flash media, BUT...

There are two pieces that need to be in place before we can issue them.

1. Our comms folks need to configure HBSS to recognize authorized flash media and deny the rest.

2. DAR needs to be implemented. Presently, it's not.

I have no time frame when these two pieces will be in place. You will have to get with our comms folks.

So I had to look up HBSS (Host Based Security System, or Hank's Buffered Salt Solution, could be either as far as I know) and DAR (Data At Rest, as defined by the DoD Policy Memorandum “Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media").

In other words, it may happen some day, but don't hold your breath!

Link to comment
Share on other sites
Spoo Gray Beard

Spoo

Posted
  • Author
Posted

Wow, sounds like it will be a very easy and painless process. We should just bring back the old 5.25" floppy disk drives. I wish there was a way to write the way it sounded when accessing that 50k of data.

325px-Commodore64_fdd1541_front.jpg

Or maybe this badboy...

vic20-cass.jpg

Link to comment
Share on other sites
Guest Hueypilot812

Guest Hueypilot812

Posted
Posted

You laugh, but we use floppies to transfer CFPS routes from our flight planning computers to the TASM computers at work...I had almost forgot those existed...

Link to comment
Share on other sites
  • 5 months later...
Toro Gray Beard

Toro

Posted
Posted

In case you were wondering what started all the fuss - Defense official discloses cyberattack.

Highlights:

Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008....malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command.

"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control...It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Link to comment
Share on other sites
Splash95 Crew Dawg

Splash95

Posted
Posted

You laugh, but we use floppies to transfer CFPS routes from our flight planning computers to the TASM computers at work...I had almost forgot those existed...

Yep, floppies (of the 3.5-in variety) still play a big role in mission planning and operations in my community as well, though those days MAY be coming to an end soon. I'll believe that we're entering the 21st century when I see it.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

The SOF guys and their JTACs used to come into the MPC to load the ATO (including the upcoming drafts), Comm plan, SPINS and ACO on the thumb drives they wore on a chain around their necks before they headed out on a DA mission. What do they do now, take a stack of paper?

Link to comment
Share on other sites
nsplayr Gray Beard

nsplayr

Posted
Posted

What do they do now, take a stack of paper?

From what I've seen everyone just uses external hard drives. They're bigger and you can't exactly wear one around your neck but it gets the job done and allows you to bypass the ban on flash media. And as a bonus they're way more expensive and are unnecessarily big!

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

From what I've seen everyone just uses external hard drives. They're bigger and you can't exactly wear one around your neck but it gets the job done and allows you to bypass the ban on flash media. And as a bonus they're way more expensive and are unnecessarily big!

They the external HD out in the field on missions?

Link to comment
Share on other sites
Toro Gray Beard

Toro

Posted
Posted

From what I've seen everyone just uses external hard drives. They're bigger and you can't exactly wear one around your neck but it gets the job done and allows you to bypass the ban on flash media.

How does that bypass it? It's still removable media, which is what is prohibited. Our systems will flag any sort of external media that is connected to a computer and send a message direct to the administrators.

Link to comment
Share on other sites
JarheadBoom Gray Beard

JarheadBoom

Posted
Posted

How does that bypass it? It's still removable media, which is what is prohibited. Our systems will flag any sort of external media that is connected to a computer and send a message direct to the administrators.

Can't speak for other MAJCOMs, but here in AMC it's removable flash media that is 100% prohibited. External HDDs are permitted under very specific circumstances (the HDDs are gov't property, must never be connected to a non-DoD computer, user must be specifically designated as requiring removable media for job performance, must sign an agreement with the Comm folks, etc.). Our systems will flag ANY other removable media and trigger a very rapid response by Comm and WG leadership - I've seen it happen, unfortunately. Fortunately, I was not the one stuck explaining why I thought plugging my iPhone into my USAF desktop computer "just to charge it" was acceptable...

Link to comment
Share on other sites
HuggyU2 Gray Beard

HuggyU2

Posted
Posted

Wow, sounds like it will be a very easy and painless process. We should just bring back the old 5.25" floppy disk drives. I wish there was a way to write the way it sounded when accessing that 50k of data.

325px-Commodore64_fdd1541_front.jpg

Or maybe this badboy...

vic20-cass.jpg

Spoo,

Is this your not-so-subtle-way of poking me in the eye?

For the record, Comm had NO control of those "bad boys".

Link to comment
Share on other sites
nsplayr Gray Beard

nsplayr

Posted
Posted

They the external HD out in the field on missions?

Planning laptop -> harddrive -> field laptop. Seen CDs used as well.

Can't speak for other MAJCOMs, but here in AMC it's removable flash media that is 100% prohibited. External HDDs are permitted under very specific circumstances (the HDDs are gov't property, must never be connected to a non-DoD computer, user must be specifically designated as requiring removable media for job performance, must sign an agreement with the Comm folks, etc.). Our systems will flag ANY other removable media and trigger a very rapid response by Comm and WG leadership - I've seen it happen, unfortunately. Fortunately, I was not the one stuck explaining why I thought plugging my iPhone into my USAF desktop computer "just to charge it" was acceptable...

AFSOC is the same way as far as I know...squadron issued hard drives for our use. YMMV.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...