It’s too late to stop WikiLeaks from publishing thousands more classified documents, nabbed from the Pentagon’s secret network. But the U.S. military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media—or risk a court martial.
Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order”—obtained by Danger Room—which directs airmen to "immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET," the Defense Department’s secret network. Similar directives have gone out to the military’s other branches.
"Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media," the order adds.
View Full Article
The threat of court martial is not good enough. At LANL, during the "removable media woes" (lots of sloppiness, no evidence of any leak of classified information), our group proposed that secure computing be done under the following conditions:
* Fileservers (and backup facilities) housed in highly restricted vaults (SKIFs) available via fast networks.
* High-performance computer systems and giant fileservers also available via the network.
* The network is physically isolated from any non-secure computer systems, with no transfer mechanisms.
This part was pretty-much already in place, except the first item.
* A desktop computer would have
-Quality keyboard, mouse and screen, commercially available (but each inspected internally before use), with some choices for users.
-A contract-built, closed and non-tamperable box (also internally inspected) containing a system on a circuit board (fast processor, lots of memory, but no local disk or removable media ports), and only connections for the keyboard, mouse, screen and network cable . Booting from ROM (also verified), and completed by accessing a fileserver. These boxes would be inexpensive in quantity.
It leveraged our group's expertise in building supercomputer clusters with thousands of even-simpler boards (no need for human interfaces) including custom boot ROMs. But people working in secure computing wanted more variation than could be reasonably accommodated by this approach (Windows/OS X/Linux, mostly), so the proposal went nowhere. In the military, they don't have to take votes.
Displaying 1 comment