FCW Insider: Buzzing about DOD and malware

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By John Stein Monroe,
Senior Events Editor

By John Stein Monroe

|

Questions abound about the malware attack against the Defense Department, but answers are not forthcoming.

In recent weeks, we have heard bits and pieces of information about a malware attack against Defense Department systems. Security experts have a lot of questions, but DOD, so far, has not been forthcoming with the answers.

So for the Buzz of the Week, appearing in the Dec. 8 issue of FCW, I decided to focus on the questions. Here is what I wrote:

Questions about DOD, thumb drives and malware

Here is what we do know: A malicious bit of software known as Agent.btz has found its way into some Defense Department systems.

We also know that DOD officials have prohibited the use of most types of portable data-storage media on government computers — that includes USB-based thumb or flash drives, memory sticks, and camera flash memory cards. Such devices are widely used to move data or programs from one system to another. But they are also effective carriers of computer viruses and other malware.

According to a report by the Los Angeles Times, Agent.btz infected U.S. Central Command systems in Iraq and Afghanistan and even worked its way into highly secure networks. Senior DOD leaders have briefed President George W. Bush on the situation, the Times reports.

DOD officials have confirmed some of the basic facts, but they are leaving many questions unanswered. Security experts say one question immediately comes to mind: What made this piece of malware so effective against DOD defenses?

Other questions quickly follow, even if we assume that DOD’s cyber experts are able to track down the problem. For example, what other vulnerabilities exist that have yet to be exploited? And to what extent could such a cyberattack undermine military operations?
Here’s a question the feds might be asking: How long before my thumb drive is taken away? It is not likely to come to that, but look for stricter policies on when and how those devices might be used.

For example, NASA Chief Information Officer Jonathan Pettus recently issued a memo that instructed employees not to use their personal USB drives or other removable media on government computer systems. Likewise, the memo directed employees not to use government-owned removable devices on personal machines or machines that do not belong to the agency, department or organization.

Security concerns about removable media are nothing new, especially at DOD. But this time don’t hold your breath hoping that officials will quickly forget the matter and return things to normal.

NEXT STORY: Experts spell out privacy platform for next Congress