FCW Insider

Blog archive

FCW Insider: Buzzing about DOD and malware

In recent weeks, we have heard bits and pieces of information about a malware attack against Defense Department systems. Security experts have a lot of questions, but DOD, so far, has not been forthcoming with the answers.

So for the Buzz of the Week, appearing in the Dec. 8 issue of FCW, I decided to focus on the questions. Here is what I wrote:

Questions about DOD, thumb drives and malware

Here is what we do know: A malicious bit of software known as Agent.btz has found its way into some Defense Department systems.

We also know that DOD officials have prohibited the use of most types of portable data-storage media on government computers — that includes USB-based thumb or flash drives, memory sticks, and camera flash memory cards. Such devices are widely used to move data or programs from one system to another. But they are also effective carriers of computer viruses and other malware.

According to a report by the Los Angeles Times, Agent.btz infected U.S. Central Command systems in Iraq and Afghanistan and even worked its way into highly secure networks. Senior DOD leaders have briefed President George W. Bush on the situation, the Times reports.

DOD officials have confirmed some of the basic facts, but they are leaving many questions unanswered. Security experts say one question immediately comes to mind: What made this piece of malware so effective against DOD defenses?

Other questions quickly follow, even if we assume that DOD’s cyber experts are able to track down the problem. For example, what other vulnerabilities exist that have yet to be exploited? And to what extent could such a cyberattack undermine military operations?
Here’s a question the feds might be asking: How long before my thumb drive is taken away? It is not likely to come to that, but look for stricter policies on when and how those devices might be used.

For example, NASA Chief Information Officer Jonathan Pettus recently issued a memo that instructed employees not to use their personal USB drives or other removable media on government computer systems. Likewise, the memo directed employees not to use government-owned removable devices on personal machines or machines that do not belong to the agency, department or organization.

Security concerns about removable media are nothing new, especially at DOD. But this time don’t hold your breath hoping that officials will quickly forget the matter and return things to normal.

Posted by John Stein Monroe on Dec 05, 2008 at 12:18 PM


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.