U.S. military bans USB flash drives and removable media

The United States military has banned the use of removable rewritable media as part of its strategy to "defend against attack and establish a baseline for information system protection." Examples of removable rewritable media would be USB-based flash drives, CDs and various types of memory cards. The ban underscores the growing prevalence of USB-based malware, which researchers at Symantec say have seen an upswing over the last year.

An e-mail from the head of U.S. Strategic Command shed more light on the rationale behind this ban. "It is apparent that over time, our posture to protect networks and associated information infrastructure has not kept pace with adversary efforts to penetrate, disrupt, interrupt, exploit or destroy critical elements of the GIG [Global Information Grid]."

Wes Miller senior technical product manager at privately-held security solutions company CoreTrace disagrees that such a ban will solve the problem in the long run.  In a prepared statement, Miller noted that, "Banning flash drives and other types of media or memory devices is simply a case of 'stopping the symptom,' but does not actually cure the disease. What's more concerning is that the US military machine is now at the mercy of a piece of executable code, and that traditional anti-malware products (which the DOD has plenty of) are doing nothing to actually stop the problem."

Whatever the case, this problem is not one that will go away soon. Certainly, USB-based malware will be with us for some time yet.  One possible action would be to disable the AutoRun functionality for removable media. Moving ahead, companies can also set policies to stop USB storage devices from being accessed.

To read more about this story:
- check out this article at Wired Blog
- check out this article at eWeek

Related Articles:
U.S. Federal Government news from FierceCIO