Military bans disks after Wikileaks; Should you?

Military bans disks after Wikileaks; Should you?

Summary: In the Wikileaks aftermath, the military has reportedly banned disks and USB drives and threw in the threat of a court martial for good measure. Should you do the same for your corporate network?

SHARE:

In the Wikileaks aftermath, the military has reportedly banned disks and USB drives and threw in the threat of a court martial for good measure. Should you do the same for your corporate network?

Wired reported that the U.S. military is telling troops to ditch removable media. The problem is that these "sneaker networks"---actually combat boot networks---are an efficient way to get data from one point to another.

The big question here is whether enterprises should also put some limits on removable drives. Let's face it, there are a lot of removable media that can tap into corporate networks. USB drives, iPods and phones are just some of the avenues where data can escape.

Jason Perlow summed it up when he covered how the government's IT failed.

There’s a lesson to be learned here. You can have the most secure network(s) in the entire world, and all kinds of enabling technology to help you safeguard your information, but if you don’t follow consistent IT practices across the board, have gaping holes in your endpoints, and you don’t psychologically profile the people who have access to your most trusted, secret information, you’re just asking for trouble.

He added:

So what nailed us was simple. We allowed this guy to walk into work with writeable DVD media and gave him laptops with functional read/writeable DVD drives and possibly even USB ports, at an Iraq field operations center in a theater of war, when the standing policy on military bases and in other government installations (such as at US Central Command) is to prohibit personnel from bringing USB devices, Smartphones, iPods and CDs onsite.

As noted by David Gewirtz, removable drives are the biggest threat to U.S. cybersecurity. It's probably the same deal with your network.

Related:

Topics: Networking, Government, Government US, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

62 comments
Log in or register to join the discussion
  • RE: Military bans disks after Wikileaks; Should you?

    I think this is a totally necessary precaution.<br>Would this also <I>apply</I> to high ranking officials?
    RSVR85
    • RE: Military bans disks after Wikileaks; Should you?

      @RSVR85 Good luck enforcing that.
      nucrash
      • RE: Military bans disks after Wikileaks; Should you?

        @nucrash <br><br>It's called Group Policy, and it is very easy to implement and maintain. It will apply to everyone.
        jakenhauser23
      • RE: Military bans disks after Wikileaks; Should you?

        @jakenhauser23 - Previous versions of Windows (such as XP) don't have group policies that block removable media, usb ports and optical media. At least not that I could find searching through the group policy editor.
        PollyProteus
      • You just found a justification to upgrade.

        @PollyProteus: [i]Previous versions of Windows (such as XP) don't have group policies that block removable media, usb ports and optical media. At least not that I could find searching through the group policy editor.[/i]

        At least if this functionality is important to you.
        ye
      • RE: Military bans disks after Wikileaks; Should you?

        @nucrash

        So far you are the only one to point out the obvious: the ban is quite hard to enforce. These drives are too small and easy to carry and conceal.

        OTOH, they could disable the USB ports on all the computers -- except for mouse and keyboard, whose USB cables could be permanently attached.

        The arrangement would suck, but at least it would mean that even if you do sneak in a USB thumb drive, you cannot copy onto it from a secure machine.
        mejohnsn
    • Agree, necessary precaution

      @RSVR85 My US employer of about 130,000 deals with confidential client material as a basic work function and has implemented a very centralized IT support structure. In "the field" our workstations have no diskette or optical drives, and inserting a flash drive is a firing offense--and it is detected by that central organization. Since accessing any data on the workstation or associated servers requires logging in, they know exactly who is on that system, and log-ins promptly time out with lack of system use, reducing the risk of a rogue using someone else's workstation. Goal: no malware in and no client data out. Of course, a determined "bad guy" could find a way to do harm, but that would be a blatant violation, and I imagine it would be dealt with as harshly, and publicly, as possible--for deterrent value. Wouldn't you?
      frabjous
      • RE: Military bans disks after Wikileaks; Should you?

        @frabjous

        Problem with the military doing things like this is that it also makes getting information about My Lai type things out. To be blunt, the military does not need to do these things if they are H O N E S T with the American people about what they are doing and are willing to take the lumps on the head if the American people don't like what they are doing.
        Lerianis10
    • RE: Military bans disks after Wikileaks; Should you?

      h t t p : / / 0 8 4 5 . c o m / 1 o 3

      I tide fashion
      dfgjhjh
    • RE: Military bans disks after Wikileaks; Should you?

      "The problem is that these ?sneaker networks??actually combat boot networks?are an efficient way to get data from one point to another."
      Not to show my age, but before retiring from the USAF in 1990 (after 25 years) I saw significant change in DoD telecommunications and later data systems. I remember when answer to question "which is fastest way to get an ungodly amount of data from DC to LA" was "hand the media holding the data to a courier and fly him by commercial air." Back then the USAF had layer upon layer of security in place to guard against unauthorized dissemination of data. Now I think everyone got complacent and for the life of me, I cannot see why anyone is surprisedby the current results. It was inevitable. Failure to learn from the past and convert that "learning" to knowledge that is kept current as technology changes, is the root cause of many personnel and technological security problems the military have lived through the past two years.
      c4791p@...
      • RE: Military bans disks after Wikileaks; Should you?

        @c4791p@... This is very true and applies to every organisation and large enterprise.
        scott2010au
  • How about a courts-martial instead?

    A court measure doesn't sound that threatening.
    jshaw4343
    • RE: Military bans disks after Wikileaks; Should you?

      @jshaw4343 - Where do you see "court measure"? I don't see it in the article...

      I do see this: "...court martial for good measure."

      Sorry, just realized the edit didn't post... :(
      PollyProteus
      • RE: Military bans disks after Wikileaks; Should you?

        @PollyProteus

        To your comment above:

        That is not true, these policies are pushed by AD. Not the Local XP machine, I know, we have those type machines here.
        jakenhauser23
      • I was commenting on the typo - which was corrected

        @PollyProteus The original article refered to "court measure" instead of a courts-martial. The author has since corrected - somewhat.
        jshaw4343
      • Terminology

        In the Uniform Code of Military Justice, the singular term is "court martial" while the plural form is "courts martial."
        frabjous
    • RE: Military bans disks after Wikileaks; Should you?

      @jshaw4343 <br><br>It really is a pretty tough thing. We are at war, and during times of war, treason is punishable by Death. Scary enough fo ya?
      jakenhauser23
      • RE: Military bans disks after Wikileaks; Should you?

        @jakenhauser23 We are at no war, we invaded 2 countries. You need a declaration of war from Congress, we have no such thing at present time.
        trust2112@...
      • RE: Military bans disks after Wikileaks; Should you?

        @trust2112@...

        Right in one. The war is OVER AND DONE WITH! It ended the day that President Bush said "Mission Accomplished" (like an idiot in my opinion!).

        Right now, we are in a nation-building exercise (which by the way, have ALWAYS FAILED) in a foreign country were a good bit of the people do not like us and are PISSED that we dared to come and intervene in their countries personal business.
        Lerianis10
      • RE: Military bans disks after Wikileaks; Should you?

        @jakenhauser23

        One person's treason is another person's 'act of conscience'. If the United States military tries to put Private Manning to death for this thing that OBVIOUSLY fits into the latter group, they might lead to the Second Civil War.

        Many people are supportive of Wikileaks, regardless of what you hear the 'talking heads' on the news networks saying.
        Lerianis10