In the Wikileaks aftermath, the military has reportedly banned disks and USB drives and threw in the threat of a court martial for good measure. Should you do the same for your corporate network?
Wired reported that the U.S. military is telling troops to ditch removable media. The problem is that these "sneaker networks"---actually combat boot networks---are an efficient way to get data from one point to another.
The big question here is whether enterprises should also put some limits on removable drives. Let's face it, there are a lot of removable media that can tap into corporate networks. USB drives, iPods and phones are just some of the avenues where data can escape.
Jason Perlow summed it up when he covered how the government's IT failed.
There’s a lesson to be learned here. You can have the most secure network(s) in the entire world, and all kinds of enabling technology to help you safeguard your information, but if you don’t follow consistent IT practices across the board, have gaping holes in your endpoints, and you don’t psychologically profile the people who have access to your most trusted, secret information, you’re just asking for trouble.
So what nailed us was simple. We allowed this guy to walk into work with writeable DVD media and gave him laptops with functional read/writeable DVD drives and possibly even USB ports, at an Iraq field operations center in a theater of war, when the standing policy on military bases and in other government installations (such as at US Central Command) is to prohibit personnel from bringing USB devices, Smartphones, iPods and CDs onsite.
As noted by David Gewirtz, removable drives are the biggest threat to U.S. cybersecurity. It's probably the same deal with your network.
- The Battlefield Beyond Bad Flash Drives (ZDNet Government)
- Wikileaks: How our Government IT Failed Us
- Don't Wikileak Yourself: How Safe is Your Smartphone?