Air Force's banning of thumb drives temporary solution to WikiLeaks

According to a report by Wired magazine, Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued a Dec. 3 order directing Air Force personnel to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET”, the Department of Defense’s secret network.

“Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media”, according to the order obtained by Wired.

Robinson, whose company has worked with the US Army on setting up information exchange policies and procedures, said that banning removable media will not provide a long-term solution to prevent a repeat of WikiLeaks.

“For the US government, [WikiLeaks] is not only a serious breach, it is also a significant embarrassment and highlights a significant break down in controls....The person who carried out this crime is taking advantage of the fact that they had to use thumb drives for real purposes. The thumb drives in this case were misused”, Robinson told Infosecurity.

The US military is currently holding Bradley Manning, a private in the Army, as the person responsible for the massive leak of classified documents to WikiLeaks.

“The Air Force and other government agencies need to go to the root cause. Why are thumb drives needed? People need to move files from one network to another because there is no automated way to do that….If you are going to have people working on networks that are not connected, and they have a valid reason for moving files from one network to the other….you need to have a mechanism to do that”, he said.

The most likely scenario for needing thumb drives at the Air Force is for transferring data from a less secure network to a more secure network. This is an appropriate and legal transfer of data in a secure environment, he explained.

Robinson recommended the use of multilevel security in transferring data from one network to another. “You can bridge networks that are operating on varying levels of security. The challenge has always been that it is complex to set up and expensive. The government is going to have to take this opportunity to look at the associated cost and look at their current risk exposure, as demonstrated by WikiLeaks. That trade-off is going to be ongoing process”, he said.

One strategy is the “two-person rule”, where one person cannot access sensitive information alone. Another person would also have to be present. “So if you access the secure system and a thumb drive is active, there have to be two people present”, he explained.

“The WikiLeaks incident highlights the risk that is inherent in having so much information readily available at somebody’s fingertips. I think the real long-term fix involves policy change and technology change as well”, Robinson concluded.

What’s Hot on Infosecurity Magazine?