backtop


Print 28 comment(s) - last by Lerianis.. on Dec 26 at 10:46 AM


The military has banned USB drives, CDs, and DVDs from SIPRNET-computers, under threat of court-martial. The military had long allowed such items under a policy of trust, until a shocking betrayal by one of its own made it rethink that policy.  (Source: U.S. Army photo by Spc. Michelle Waters, 133rd Mobile Public Affairs Detachment)
Crackdown comes in the wake of Wikileaks debacle

On Friday, December 3, 2010 the U.S. military rolled out a strict set of changes to try to prevent leaks of classified missions information to foreign sources. 

Excerpts of a memo published in Wired magazine's Danger Room blog are attributed to Maj. Gen. Richard Webber, commander of Air Force Network Operations.  The memo states that airmen will "immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET."

Similar memos went out to members of the other U.S. military branches.  Failure to comply could lead to a court-martial.  States the memo, "Users will experience difficulty with transferring data for operational needs which could impede timeliness on mission execution...[but] military personnel who do not comply … may be punished under Article 92 of the Uniform Code of Military Justice."

Article 92 covers disciplinary action for refusing to obey orders which it describes "shall be punished as a court-martial may direct." 

SIPRNET is the name for a U.S. government digital documents warehouse, which some government and military computers can access.  An estimated two million U.S. citizens have at least partial access to its contents, but they are legally bound to keep the information secret.  Up until recently, the government's policy of trust worked pretty effectively.

The recent provisions may seem severe, but they're understandable in the wake of the worst breach of secrecy in the U.S. military history.  U.S. Army Spc. Bradley Manning, a disgruntled private who had been demoted, used his access to SIPRNET to steal hundreds of thousands of U.S. military and State Department documents, which he passed to Wikileaks.  Mr. Manning burned the secrets to discs, which were labeled "Lady Gaga" -- and appropriately contained tracks by the artist as a cover.

That led to many of those documents being published by international news outlets, or by Wikileaks itself.  Some leaks have raised questions of wrongdoing (for example memos detailing civilian casualties), but some experts say that such attitudes are only the result of hyperscrutiny.  They argue that the published documents reveal that the Iraq and Afghanistan efforts were surprisingly clean as far as wars come.

More recent leaks of State Department secrets like undisclosed illnesses of world leaders or a list of top targets for terrorists to attack the U.S. have been embarrassing for the U.S.

The military has been struggling with how it should react.

Aside from the recent ban on media connected to SIPRNET computers, 60 percent of the computers are now monitored by a remote surveillance system.  Dubbed Host Based Security System, this system keeps a watchful eye for suspicious activity. 

Editorials at some news outlets (CNN) have dubbed the scuffle between Wikileaks and the U.S. government, "the first cyberwar".  Regardless of whether this label is hyperbole, or close to reality, the U.S. military is certainly trying to steel itself against future unintended releases.

 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Years behind...
By mdogs444 on 12/13/2010 1:12:19 PM , Rating: 5
Our hospital has had this policy in effect for several years. All USB ports are completely locked down and must be unlocked on a case by case basis for that specific device by a domain administrator. Our workstations also do not have CD or DVD writers.

Sure, there are cases where you give someone access to a CD writer to in order to burn images like xrays or echos, and they do something not allowed instead.

Why is it that the private sector is much better than the federal government at setting policies and avoiding these
"unintended consequences"?




RE: Years behind...
By eldardude on 12/13/2010 1:14:05 PM , Rating: 2
Same here. IDF has had this policy for years. All external media is banned and the moment you do try and plug something into the USB, security staff will be at your computer in minutes.


RE: Years behind...
By RugMuch on 12/13/2010 1:31:33 PM , Rating: 1
To be fair you also don't spend thousands of dollars in briefing, debriefing and background checks. There are also procedure after procedure for doc checkout.

This will slow the work of the government. It would've been a lot easier to just execute this kid, he did sign his life away for this exact infraction.


RE: Years behind...
By DigitalFreak on 12/13/10, Rating: -1
RE: Years behind...
By Cagekicker on 12/15/2010 11:02:00 AM , Rating: 1
Why? He's entitled to an opinion.
This idiot was NOT entitled to divulge classified information just because he was throwing a temper tantrum over getting demoted.
Personally, I agree. Save the government some money, a bullet costs much less.


RE: Years behind...
By Idler on 12/13/2010 2:56:35 PM , Rating: 3
This was already the policy for SIPRnet computers when I got out in 2008, and probably before that. The memo I received actually applied to all other computers too, even those not for use with classified information. All they did was send out a new memo reiterating the policy in light of all the news attention. The problem is that they never actually disabled the USB ports, either by physically removing them or disabling them in the BIOS.


RE: Years behind...
By foolsgambit11 on 12/13/2010 5:18:30 PM , Rating: 2
Yeah, the rule has been in place for years. About once a year, the DOD reaffirms their no-media rule, and everybody who needs to be able to transfer things between SIPRNET and non-networked classified systems has to apply for exceptions to policy all over again. I've gone through this song and dance at least 4 or 5 times in a couple of different shops. In general, it is a sound policy; it just irks me when it gets in the way of my mission.


RE: Years behind...
By Spookster on 12/14/2010 7:39:36 PM , Rating: 2
quote:
This was already the policy for SIPRnet computers when I got out in 2008, and probably before that. The memo I received actually applied to all other computers too, even those not for use with classified information. All they did was send out a new memo reiterating the policy in light of all the news attention. The problem is that they never actually disabled the USB ports, either by physically removing them or disabling them in the BIOS.


This rule was in place when I got out back in 1998. All floppy drives, CD drives had to be disabled on any machine connected to SIPRNET.

And Jason Mickrosoft the SIPRNET (Secure Internet Protocol Router) is not a "digital warehouse" it's a secure version of the Internet with it's own WWW. Matter of fact the Internet that everyone knows is referred to in the military as NIPRNET. I'll let you guess at what the N stands for. And that is not all. There are also higher level secure "Internets" with their own acronyms of course.


RE: Years behind...
By justcorbly on 12/13/2010 4:27:36 PM , Rating: 2
The private sector is certainly not "much better" than the federal government regarding IT security. Both sectors are a mixed bag of varying approaches to security. There are federal agencies that more than 10 years ago physically removed CD/DVD drives and USB ports from all machines on their internal networks.

The strength of security measures always needs to be measured against cost, both financial and in terms of productivity. The military's approach to SIPRNET security seems to have worked for years. Of course, when there is an incident, then the public will invariably accuse you of being shortsighted and ignorant. Yet, if you want to spend money to counter a security threat that has never happened, you will also be attacked.


RE: Years behind...
By sprockkets on 12/13/2010 6:01:07 PM , Rating: 2
They had that policy. They relaxed it because it caused too much inconvenience in moving around data.

I read it on some news site, though can't find it right now. I'm willing to bet it will happen again.


"This is from the DailyTech.com. It's a science website." -- Rush Limbaugh














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki