Military still gives thumbs down to thumb drives

Ban of portable storage devices entices employees to find less-safe workarounds, experts content

Despite relaxing the ban on using portable storage devices on Defense Department computer systems, it appears thumb drives will not return to the military services anytime soon.

The Air Force and Army plan to continue banning the devices on their systems for now, according to two reports.

The Army Global Network Operations Security Center is currently performing a study to determine how to safely start using thumb drives again, according to an Army News Service report. Army officials say two conditions must be met before the drives are approved for use: There must be a way to ensure that users are only using government-approved and purchased devices and that Army networks are properly configured, according to the report.

The ban on thumb drives is still in place for the Air Force too, according to an Air Force Space Command report. The ban will stay in place until new guidelines and procedures for using the portable drives are written.


Related story

DOD details strict flash drive rules


“This will not be a return to 'business as usual,'" Maj. Gen. Michael Basla, Air Force Space Command vice commander, said in the report. “There will be strict limitations on using flash media devices when the Air Force returns to limited access and use. These limitations will be vital to our cyber security.”

The cautious approach the services are taking is wise, according to Dale Meyerrose, the former CIO for the Office of the Director of National Intelligence and currently Harris Corp.’s vice president and general manager for cyber integration.

The threats posed by removable drives increased significantly over the last two years and continues to be a serious problem, Meyerrose said.

“The underlying threat to removable media and drives is in the corrupting of the supply chain,” Meyerrose said. “The opportunity to implant and hide viruses, Trojans, and malware in devices and software during design and manufacture will always undermine security—no matter how fast technological protections advance. Cyber trust is not possible without supply chain integrity.”

Despite the risks, DOD officials were wise to scale back the all out ban on thumb drives, said Richard Ford, a computer science professor of assured information at the Florida Institute of Technology.

The problem with bans is that employees find ways around them resulting in an even worse cybersecurity posture, he said.

“In industry, one hears horrible stories of people sending confidential documents to Gmail and downloading them from home, for example, to get around restrictions,” Ford said.

“At the end of the day, when the security medicine we're prescribing is, at least at face value, worse than the disease, workers find creative ways to beat the system, often to the detriment of security,” he said. “In this case, I think DOD is making a very smart decision by recognizing that people will find a way to get their jobs done, and instead of rejecting technology is trying to find a way to embrace it. The technology genie can't be put back in the bottle; the trick is to find a way to, if not tame it, at least keep it manageable.”

Meyerrose agrees that the ban causes people to use less secure workarounds in order to do their jobs. But rather than a ban DOD officials should provide users with trusted, certifiable sources for portable media devices, he said. DOD officials should also provide a transparent mechanism for creating a trusted avenue for moving digitized information in the work environment, he said.

“Such a move might have cost a little bit more than the ruthless banning edict, but it would have preserved user capability and really enhanced cybersecurity,” Meyerrose said.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.