Defense Department to partially lift flash drive ban

(Credit: U.S. Navy)

The U.S. Department of Defense ban on USB thumb drives instated nearly a year ago will eventually be partially lifted to allow authorized people to use official flash drives for mission-critical functions, according to a top military official.

"In the future, we expect that a government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks, will be permitted for use by authorized individuals," Robert Carey, chief information officer for the Department of the Navy, wrote in his blog recently.

"We are working on upgraded antivirus and malware detection, alert and eradication capabilities, as well as implementation of controls to deny network access to unauthorized USB flash media and revised operating procedures for scanning and cleaning flash media," he wrote. "The bottom line is, the days of using personally owned flash media or using flash media collected at conferences or trade shows are long gone."

Thumb drives, CDs, and other removable storage devices were banned last November after military computers became infected with a worm that was partially spread by thumb drives.

The thumb drive ban has been inconvenient for military personnel who used them for carrying tech manuals, medical records of wounded troops, mission plans, and other types of important information, according to DefenseNews.

[n3td3v]

'No security through obscurity.'

[CodeyH]

I'd be willing to bet they use either IronKey or a Pointsec type program for encrypting these devices.

[krosafcheg]

Even event USB's, etc can be low level formatted (DBAN'd even) and install Truecrypt.

Done.

[dkong17]

Not quite that simple. Truecrypt requires admin rights on your system. Govvy / MIL employees usually don't have these rights on their machines

[descottdc]

Since when did CDs become unauthorized in DOD systems? Maybe the guidence is different for DON, but CDs have been the only choice for moving data, besides NMCI since thumbdrives were outlawed. Even the DON CIO blog only discusses thumbdrive policy.

[krosafcheg]

They can't boot IronKey's either with disabled autoruns, fake cdrom mounts, etc....preload with truecrypt and send them around. *shrug*

[solitare_pax]

Maybe the military should issue USB drives that act like a dongle, and will only work between authorized military machines carrying an authorization program.

That way, they can transfer everything in house - and if it gets swiped or lost, it would be unusable by computers without the authorization program.

[Lerianis3]

Or, better yet... simply vett these people a lot better, stop having so many 'secrets' in government in the first place, and move on! Part of the problem with this is the MASSIVE amount of government secrets out there right now... stop having so many 'secrets' and the problem with go away on it's own, because less secrets = more focus on the few secrets that are left and are REALLY NECESSARY.

[peppino_wm]

I agree with CodeyH, probably an application like SecureDoc from WinMagic that can set policies for USB thumb usage by white listing or black listing models, brands and serial numbers of USB thumb drives.