Infection Prevention: <br /> New USB script nets high number of violations

Published March 14, 2011
By Steven J. Merrill
28th Bomb Wing Public Affairs

ELLSWORTH AIR FORCE BASE, S.D. -- A new USB monitoring tool used by the 28th Communications Squadron to scan the network for unauthorized devices identified about 300 violations during routine checks in the past six weeks.

"The results were eye opening," said Maj. Robert Kelly, 28th CS commander. "The initial scan of the network detected a large number of thumb drives, iPods, Nanos, and cell phones, all devices that are not approved to be used on the network."

Beginning March 14, the 28th CS is confiscating unapproved devices and "sanitizing" them. Since there currently is no approved software designed to overwrite or sanitize any devices containing flash memory - USB thumb drives, digital cameras, solid-state hard drives, MP3 players, digital audio recorders, etc. - they must be destroyed.

"The bottom line is that the only USB devices allowed on the network are Blackberry devices provided by the government, CAC reader sleds provided by the 28th Communications Squadron, and USB removable hard drives approved by the wing information assurance office," Major Kelly said. "No other USB devices are allowed."

While the monitoring tool - a script running continuously on the network - is fairly new, the guidelines for what can and cannot be used on the network were released in 2008, and have been readily available. The guidelines shouldn't be a surprise to Airmen on base.

"The rules have always been in place," Major Kelly said. "Now that we have an effective means to enforce them, some users are feeling the pain of things they have always done."
Once the network detects either an unauthorized device or that a computer has been unplugged and reconnected to the network, an event log is generated that IA specialists like Staff Sgt. Julius Perry, 28th CS NCO in charge of IA, check routinely.

"We notify violators and make sure they understand the guidelines and the potential repercussions for non-compliance," Sergeant Perry said. "Starting March 14, all unauthorized devices are being confiscated. The violator's unit commander and first sergeant will collect the unauthorized devices and deliver them to the wing IA office."

Sergeant Perry added that offenders are automatically locked out of the network, and their accounts isolated until they complete recertification training. Violators are required to accomplish IA recertification training. Once this recertification is completed, users are required to notify their squadron commander that they have completed their training.

"Anytime a user accesses a government system, they need to be fully aware of their responsibilities and the consequences of their actions, from the time they log on to the time they log off," Sergeant Perry said.

While some may feel that plugging something as seemingly harmless as an iPod or thumb drive into the network is no big deal, the reality is that they could contain information that has the potential to cripple an installation.

"Malicious logic, such as a virus, can be embedded on any of those devices, even if an Airman uses it right out of the package," Major Kelly said. "Those malicious logic codes implement vulnerabilities on the network that make us susceptible to hacking, and subsequently give hackers free reign to do damage."

He added that this has happened in the past at other Air Force bases. Installations have been completely disconnected from the entire Department of Defense network due to vulnerabilities introduced into their networks through USB thumb drives and other devices.

"Users need to understand that network security isn't just a 'comm thing' anymore," Sergeant Perry said. "With more base functions going paperless, a network outage could mean a work stoppage for a majority of the base."

Individuals or offices with questions about current policies governing the use of all systems on the Ellsworth network, controlling and safeguarding classified and unclassified information, or the process for getting devices approved for use on the network, should call the base IA office at (605) 385-6367.