Last week Noah Shachtman of Wired reported that a new cyber-control order has been issued by Maj. Gen. Richard Webber to prevent the us of removable media under threat of Court-Martial. The order demands that airmen:
immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET
Further in the order adds:
Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media
Of course, blocking the use of removable media is not new – earlier this year a total ban of USB Stick use was in place following a massive worm infection introduced from a rogue usb stick. Operational Buckshot Yankee as it was termed then.
Noah closes with the comment that any remediation technology “Won’t be ready to deploy for years” – I hope he’s going to be surprised, because the technology is ready to deploy right now.
With the current news fracas regarding the latest WikiLeaks disclosures, which have reached a pretty interesting juncture with Congressman Peter King asking for WikiLeaks and it’s founder Julian Assange to be declared “Terrorists and spies”, I thought I’d add my fire to the flame and say quite bluntly –
McAfee can help you protect your information!
Yes, you would not believe it but monitoring for inappropriate disclosure of sensitive information is bread-and-butter stuff to us. Read more…
One common question I get asked when I speak on Data Protection, is “what do I do first” – it’s interesting topic because although my presentation is exactly about what most people should do, and in what order, everyone and every organization is different and one size, absolutely does not fit all.
In my presentation I talk about “5 Steps to Data Protection Nirvana”: Read more…
This week, datalossdb.org reported the first major suspected PII breach of the year, reported by George Russel, Superintendant of the Eugene School District of Oregon. You can find the full story on the KVAL news site.
Apparently some suspicious activity was noticed on one of their internal servers, which was subsequently shut down and isolated before being analyzed. The server in question had PII related to around 2,500 individuals, but was connected to other servers containing records of 13,000 former employees of the school district, and around 13,000 vendors. Total possible exploit of around 26,000 records.