backtop


Print 28 comment(s) - last by Lerianis.. on Dec 26 at 10:46 AM


The military has banned USB drives, CDs, and DVDs from SIPRNET-computers, under threat of court-martial. The military had long allowed such items under a policy of trust, until a shocking betrayal by one of its own made it rethink that policy.  (Source: U.S. Army photo by Spc. Michelle Waters, 133rd Mobile Public Affairs Detachment)
Crackdown comes in the wake of Wikileaks debacle

On Friday, December 3, 2010 the U.S. military rolled out a strict set of changes to try to prevent leaks of classified missions information to foreign sources. 

Excerpts of a memo published in Wired magazine's Danger Room blog are attributed to Maj. Gen. Richard Webber, commander of Air Force Network Operations.  The memo states that airmen will "immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET."

Similar memos went out to members of the other U.S. military branches.  Failure to comply could lead to a court-martial.  States the memo, "Users will experience difficulty with transferring data for operational needs which could impede timeliness on mission execution...[but] military personnel who do not comply … may be punished under Article 92 of the Uniform Code of Military Justice."

Article 92 covers disciplinary action for refusing to obey orders which it describes "shall be punished as a court-martial may direct." 

SIPRNET is the name for a U.S. government digital documents warehouse, which some government and military computers can access.  An estimated two million U.S. citizens have at least partial access to its contents, but they are legally bound to keep the information secret.  Up until recently, the government's policy of trust worked pretty effectively.

The recent provisions may seem severe, but they're understandable in the wake of the worst breach of secrecy in the U.S. military history.  U.S. Army Spc. Bradley Manning, a disgruntled private who had been demoted, used his access to SIPRNET to steal hundreds of thousands of U.S. military and State Department documents, which he passed to Wikileaks.  Mr. Manning burned the secrets to discs, which were labeled "Lady Gaga" -- and appropriately contained tracks by the artist as a cover.

That led to many of those documents being published by international news outlets, or by Wikileaks itself.  Some leaks have raised questions of wrongdoing (for example memos detailing civilian casualties), but some experts say that such attitudes are only the result of hyperscrutiny.  They argue that the published documents reveal that the Iraq and Afghanistan efforts were surprisingly clean as far as wars come.

More recent leaks of State Department secrets like undisclosed illnesses of world leaders or a list of top targets for terrorists to attack the U.S. have been embarrassing for the U.S.

The military has been struggling with how it should react.

Aside from the recent ban on media connected to SIPRNET computers, 60 percent of the computers are now monitored by a remote surveillance system.  Dubbed Host Based Security System, this system keeps a watchful eye for suspicious activity. 

Editorials at some news outlets (CNN) have dubbed the scuffle between Wikileaks and the U.S. government, "the first cyberwar".  Regardless of whether this label is hyperbole, or close to reality, the U.S. military is certainly trying to steel itself against future unintended releases.

 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Years behind...
By mdogs444 on 12/13/2010 1:12:19 PM , Rating: 5
Our hospital has had this policy in effect for several years. All USB ports are completely locked down and must be unlocked on a case by case basis for that specific device by a domain administrator. Our workstations also do not have CD or DVD writers.

Sure, there are cases where you give someone access to a CD writer to in order to burn images like xrays or echos, and they do something not allowed instead.

Why is it that the private sector is much better than the federal government at setting policies and avoiding these
"unintended consequences"?




RE: Years behind...
By eldardude on 12/13/2010 1:14:05 PM , Rating: 2
Same here. IDF has had this policy for years. All external media is banned and the moment you do try and plug something into the USB, security staff will be at your computer in minutes.


RE: Years behind...
By RugMuch on 12/13/2010 1:31:33 PM , Rating: 1
To be fair you also don't spend thousands of dollars in briefing, debriefing and background checks. There are also procedure after procedure for doc checkout.

This will slow the work of the government. It would've been a lot easier to just execute this kid, he did sign his life away for this exact infraction.


RE: Years behind...
By DigitalFreak on 12/13/10, Rating: -1
RE: Years behind...
By Cagekicker on 12/15/2010 11:02:00 AM , Rating: 1
Why? He's entitled to an opinion.
This idiot was NOT entitled to divulge classified information just because he was throwing a temper tantrum over getting demoted.
Personally, I agree. Save the government some money, a bullet costs much less.


RE: Years behind...
By Idler on 12/13/2010 2:56:35 PM , Rating: 3
This was already the policy for SIPRnet computers when I got out in 2008, and probably before that. The memo I received actually applied to all other computers too, even those not for use with classified information. All they did was send out a new memo reiterating the policy in light of all the news attention. The problem is that they never actually disabled the USB ports, either by physically removing them or disabling them in the BIOS.


RE: Years behind...
By foolsgambit11 on 12/13/2010 5:18:30 PM , Rating: 2
Yeah, the rule has been in place for years. About once a year, the DOD reaffirms their no-media rule, and everybody who needs to be able to transfer things between SIPRNET and non-networked classified systems has to apply for exceptions to policy all over again. I've gone through this song and dance at least 4 or 5 times in a couple of different shops. In general, it is a sound policy; it just irks me when it gets in the way of my mission.


RE: Years behind...
By Spookster on 12/14/2010 7:39:36 PM , Rating: 2
quote:
This was already the policy for SIPRnet computers when I got out in 2008, and probably before that. The memo I received actually applied to all other computers too, even those not for use with classified information. All they did was send out a new memo reiterating the policy in light of all the news attention. The problem is that they never actually disabled the USB ports, either by physically removing them or disabling them in the BIOS.


This rule was in place when I got out back in 1998. All floppy drives, CD drives had to be disabled on any machine connected to SIPRNET.

And Jason Mickrosoft the SIPRNET (Secure Internet Protocol Router) is not a "digital warehouse" it's a secure version of the Internet with it's own WWW. Matter of fact the Internet that everyone knows is referred to in the military as NIPRNET. I'll let you guess at what the N stands for. And that is not all. There are also higher level secure "Internets" with their own acronyms of course.


RE: Years behind...
By justcorbly on 12/13/2010 4:27:36 PM , Rating: 2
The private sector is certainly not "much better" than the federal government regarding IT security. Both sectors are a mixed bag of varying approaches to security. There are federal agencies that more than 10 years ago physically removed CD/DVD drives and USB ports from all machines on their internal networks.

The strength of security measures always needs to be measured against cost, both financial and in terms of productivity. The military's approach to SIPRNET security seems to have worked for years. Of course, when there is an incident, then the public will invariably accuse you of being shortsighted and ignorant. Yet, if you want to spend money to counter a security threat that has never happened, you will also be attacked.


RE: Years behind...
By sprockkets on 12/13/2010 6:01:07 PM , Rating: 2
They had that policy. They relaxed it because it caused too much inconvenience in moving around data.

I read it on some news site, though can't find it right now. I'm willing to bet it will happen again.


All it takes...
By MrBlastman on 12/13/2010 1:14:34 PM , Rating: 3
Is one fool to ruin it for everyone.

Though, I think the military should go to further lengths to guarantee their data will not be taken. There is software they can install on their machines that makes it virtually impossible to copy data onto a thumb drive (basically blocks the data from passing to it)--unless, of course, you yank the drives out. That can be dealt with too, to a degree at least.

Instead of "on your honor" and a threat of courtmarshal, they should remove all DVD/CD Burners from machines along with all floppy disk drives. Better yet, they should reduce the number of people with access to the network also.

None of this though, stops people from taking pictures of the screen with special cameras or using a pencil and paper to write down information...




RE: All it takes...
By MozeeToby on 12/13/2010 2:17:17 PM , Rating: 2
quote:
None of this though, stops people from taking pictures of the screen with special cameras or using a pencil and paper to write down information...
Funny, I work in the defense industry, and if I was ever caught with a camera of any kind in a secure facility it would be my job, fired with cause (aka, blackballed in the industry), and that's if the government security office didn't press charges. The same can pretty much be said if I were caught putting writable media into a secure PC. And all that for working on a relatively obscure data radio.

So, the entire database of diplomatic cables is stored in a single database, along with a sizable number of intelligence reports, is accessible by millions of people (all of whom have clearance, true, but the vast majority have no 'need to know' for the vast majority of the material), and then you go and allow writable, removable media onto the network? WTF are they thinking!? There are a long list of people who are, in my opinion, more culpable for the cable leaks than Assange is, and the people who came up with these policies are pretty high on the list.


RE: All it takes...
By MrBlastman on 12/13/2010 3:47:46 PM , Rating: 2
I'm still a little in disbilief that they allowed thumb drives and cd/dvd burners on equipment that could access the database. Whoever came up with that policy, I hope, is at least losing a little sleep every night over this... but, I bet they aren't, as they trusted that human nature wouldn't get the best of people.

This is another reason why I have thought for some time that the secret/top-secret etc. classification system for military/government information needs to be re-thought. Far too many people have access to this stuff.


RE: All it takes...
By MozeeToby on 12/13/2010 5:12:10 PM , Rating: 2
If the proper procedures were being followed everyone shouldn't have had access, which is the part that so many people in the general public, the media, and even the organizations in charge of controlling access seem to forget.

Let's say for example, that you have a Top Secret clearance, along with all the ratings that can be attached to it as well. That doesn't mean that you can waltz into the data warehouse and take a look at anything you want. What it means is that if you need to know a piece of information to do your job, you are allowed to know it. If you don't have a need to know something, you are not legally allowed to view it and you should not have access to it.

That's why putting every diplomatic cable into the same database is so incredibly stupid, and, I suspect, against procedures. Throwing intelligence reports into the same DB and allowing removable media just compounds the problem. There's no reason why every single diplomat, intelligence analyst, and CIA agent needs to have access to every single diplomatic cable and intelligence report, allowing everyone access was the first, and most serious criminal act in the whole Wikileaks mess.


RE: All it takes...
By Master Kenobi (blog) on 12/13/2010 7:32:59 PM , Rating: 2
Having everything in the same database isn't an issue, not putting things into compartments with differing access criteria is.


Typical response
By roykahn on 12/15/2010 4:25:48 AM , Rating: 2
This new security policy is exactly what a corrupt organisation does in response to leaked information. It's pretty much the same response that was taken when the Abu Ghraib torturing was revealed. Basically, there will be a continuation of lawlessness by those in power while better securing the information that could provide proof of illegal and immoral activities. If that's the only response that America can come up with after the scandals that Wikileaks helped reveal, then it's an absolute failure of democracy. Those who abuse power will now only be better protected from accountability and justice.




RE: Typical response
By Lerianis on 12/15/2010 6:43:45 AM , Rating: 2
True. I pity those people who think that government has to have secrets. They are OUR EMPLOYEES! Are the people doing jobs for private organizations allowed to have secrets from their employers when it impacts on them doing their jobs?

Hell no, they aren't!

It's time to put the same standards on government officials, and tell them "Redact and release EVERYTHING immediately after an operation is concluded. If you don't like that Americans will take issue with what you did? You shouldn't have damned well done what you did!"


RE: Typical response
By roykahn on 12/15/2010 3:44:31 PM , Rating: 2
Some secrets are ok to have. The problem is that there are far too many and they often protect those who abuse power and engage in illegal and immoral activities.

Contrary to what many believe, Wikileaks did not release all the leaked documents relating to Iraq, Afghanistan, and diplomatic cables. Some sensitive information was withheld to protect the innocent. Although, that filtering process can't always be perfect.


RE: Typical response
By Lerianis on 12/26/2010 10:46:38 AM , Rating: 2
No, no secrets are okay to have, when you are the EMPLOYEES OF THE AMERICAN PEOPLE!
If they want to keep something secret, they had better well justify it to the American people beforehand.
I look at government wanting secrets as a sign that they are doing something that we wouldn't agree with and which could put them in prison.

You are also right in that Wikileaks didn't release all documents, and they are redacting as they go in order to protect people and assets, if there are any in danger by releasing the documents non-redacted.


No, it isn't...
By InfantryRocks on 12/13/2010 9:57:32 PM , Rating: 2
quote:
SIPRNET is the name for a U.S. government digital documents warehouse, which some government and military computers can access.
It's just the Secret-level network.

Anyway, this is just nonsense, as usual. Thumb drives are already banned, unnecessarily due to the various systems out there, and the optical drives were the only way left to transfer data (outside of standard network connectivity). Policies always have exceptions, which means that there will still be computers allowed to use it (a policy I'm developing at my level right now).

So, all we're doing now is adding another layer of bureaucracy due to some idiots. This will stop nothing. Good job, NETCOM.




RE: No, it isn't...
By Manch on 12/14/2010 10:04:03 AM , Rating: 2
The correct acronym for SIPRnet: Secret Internet Protocol Router Network


RE: No, it isn't...
By Spookster on 12/14/2010 7:45:17 PM , Rating: 2
quote:
Replying To: RE: No, it isn't...
by Manch on December 14, 2010 at 10:04 AM

The correct acronym for SIPRnet: Secret Internet Protocol Router Network


FAIL!!!! Actually the correct acronym for SIPRNET: Secure Internet Protocol Router Network.


...
By Etern205 on 12/13/2010 1:13:46 PM , Rating: 2
In other news, by not installing CD drives on to their computers. The gov't has save over 1 trillion dollars!!!111111




bloated death
By Shadowmaster625 on 12/13/2010 1:48:21 PM , Rating: 2
The military is too big and bloated to ever manage something like this. Removable media itself is a virus to such a creature. Without the use of removable media, there is no way to move information around, securely or not. Lives can and will be lost if what used to take 20 seconds now becomes a 10 minute, 10 hour, or even 10 day(!) bureaucratic nightmare. RIP USA. Death by thumb drive.




Quick, get 'em closed!
By Taft12 on 12/13/2010 5:30:42 PM , Rating: 2
Those barn doors are getting slammed shut with prejudice! Now if only the horses were still in there.....




Excess Drama
By Wiggim on 12/13/2010 6:05:28 PM , Rating: 2
quote:
...in the wake of the worst breach of secrecy in the U.S. military history


I'd say the leaking of plans for the first atomic bomb to the Russians was maybe a little more problematic.




SIPRNET...document warehouse?
By SilthDraeth on 12/13/2010 11:32:24 PM , Rating: 2
"SIPRNET is the name for a U.S. government digital documents warehouse, which some government and military computers can access."

I don't really like that description, but I guess if that is how you describe the internet, then it can be considered correct.

SIPRNET is more accurately described as a secure network, it works virtually the same as the internet, except that it is secured.

It houses websites, and services such as chat, email, etc. Just using the Secret Internet Protocol Router Network. Calling it a digital documents warehouse makes me think that you think it is nothing more than a server farm that people VPN in to.




By Lerianis on 12/15/2010 6:39:14 AM , Rating: 2
After that, expect to see this ban overturned and these things just highly monitored.

I am one of the people who thinks that our government should NOT be allowed to have any secrets except when an operation is ongoing that would be put in jeopardy by no secrecy, and only until the END of that operation.
After the operation is over? Redact and release EVERYTHING, and take the lumps if Americans at large don't like what you are doing in their name, military and public officials.




"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki