FCW Insider

Blog archive

FCW Insider: Buzzing about DOD and malware

In recent weeks, we have heard bits and pieces of information about a malware attack against Defense Department systems. Security experts have a lot of questions, but DOD, so far, has not been forthcoming with the answers.

So for the Buzz of the Week, appearing in the Dec. 8 issue of FCW, I decided to focus on the questions. Here is what I wrote:

Questions about DOD, thumb drives and malware

Here is what we do know: A malicious bit of software known as Agent.btz has found its way into some Defense Department systems.

We also know that DOD officials have prohibited the use of most types of portable data-storage media on government computers — that includes USB-based thumb or flash drives, memory sticks, and camera flash memory cards. Such devices are widely used to move data or programs from one system to another. But they are also effective carriers of computer viruses and other malware.

According to a report by the Los Angeles Times, Agent.btz infected U.S. Central Command systems in Iraq and Afghanistan and even worked its way into highly secure networks. Senior DOD leaders have briefed President George W. Bush on the situation, the Times reports.

DOD officials have confirmed some of the basic facts, but they are leaving many questions unanswered. Security experts say one question immediately comes to mind: What made this piece of malware so effective against DOD defenses?

Other questions quickly follow, even if we assume that DOD’s cyber experts are able to track down the problem. For example, what other vulnerabilities exist that have yet to be exploited? And to what extent could such a cyberattack undermine military operations?
Here’s a question the feds might be asking: How long before my thumb drive is taken away? It is not likely to come to that, but look for stricter policies on when and how those devices might be used.

For example, NASA Chief Information Officer Jonathan Pettus recently issued a memo that instructed employees not to use their personal USB drives or other removable media on government computer systems. Likewise, the memo directed employees not to use government-owned removable devices on personal machines or machines that do not belong to the agency, department or organization.

Security concerns about removable media are nothing new, especially at DOD. But this time don’t hold your breath hoping that officials will quickly forget the matter and return things to normal.

Posted by John Stein Monroe on Dec 05, 2008 at 12:18 PM


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.