Why going nuclear on thumbdrives won't win the cyber war
Last week, the Pentagon confirmed that Defense Department networks were under attack by a computer worm. "We are aware of a global virus for which there are some public alerts, and we've seen some of these on our networks, and we are taking steps to identify and mitigate the virus," Pentagon spokesman Brian Whitman said in a statement on Nov. 21.
While Whitman would not go into the specifics of DOD measures, it was widely reported that Strategic Command (STRATCOM) had imposed an all-out ban on removable storage devices being attached to systems on the DOD's Global Information Grid in response to the worm, which spreads through devices like thumbdrives, writeable DVDs and removable hard drives.
Wired Magazine's Danger Room blog reported that an Army e-mail alert had been sent out relaying the instructions from STRATCOM, banning the use of removable media — thumb drives, external disks, CDs and DVDs — effective immediately. The e-mail indicated a worm, called Agent.btz, was the cause of the move by STRATCOM and Joint Task Force-Global Network Operations (JTF-GNO).
According to a report by Fox News, the virus may have caused the loss of classified data on a system that was infected through a thumb drive. Thumb drives, or flash drives, have been used on a number of occasions in penetration testing of networks because of the natural inclination of users to take a drive they've been given or have found and plug it into their systems to see what's on them — making them a potential security Jack-in-the-Box.
In the past, some commands have solved security concerns about small removable drives by going as far as to fill USB ports on desktop computers with glue. But removable media is also the bridge from the GIG's fast networks to its most disadvantaged users — mobile users, especially those on the battlefield. While the indefinite ban may be a short term fix to the spread of the worm it's a fix that could seriously interfere with the ability of warfighters to move data where it's needed.
Locking everything down “doesn't work for too long,” said Alan Murray, vice president for product management at Novell. “There are times when we need to 'sneaker-net' data around.”
The only way to get a perfectly secured computer, he said, is to disconnect it from everything — and that's hardly a mission-effective solution. Murray, who manages Novell's Zenworks Endpoint Security Management products, contends that a better long-term solution would be to blend security with configuration management, and restrict removable media through software to a set of trusted devices.
By using configuration management and access controls to identify in system management policy which users can connect removable media, and what removable media devices — by manufacturer, model number and serial number — you can “measure your exposure and risk,” said Murray, and find a balance between security and flexibility that prevents a total cratering of productivity.
Posted by Sean Gallagher on Nov 25, 2008 at 8:12 AM