Some visitors at this year's AUSA exhibit last month may have walked away from the contractor booths with USB memory sticks filled with digitized promotional material. For their size, these tiny things hold an awful lot of data, and with the warfighting gear advertisements purged from them, they come in handy for, say, a quick file transport between computers that aren't directly connected. And they are handed out like candy at some military trade shows.
As we reported yesterday, though, a recent STRATCOM message prohibits the use of all such removable media on unclassified networks for security reasons. A closer look at the message seems to confirm DOD's fears that attackers are successfully targeting low-level functions of electronic devices to emplace code capable of doing anything from stealing data to spying out passwords.
“Malicious software (malware) programmed to embed itself in memory devices has entered our systems,” the STRATCOM message reads, announcing further direction for sanitizing and “recertifying” the military's networks.
Malware happened to be one of the topics at the Army Combined Arms Center's Information and Cyberspace Symposium in September. In one of the presentations, titled “Advanced Malware Trends,” a Sandia National Labs expert predicted that the focus of attackers is “moving from ((operating systems)) and system software to application logic, software below the OS (virtual machine manager and firmware), and hardware.” In response, the official's presentation reads, military information assurance professionals must pick up additional skills -- in the areas of VMM programming, firmware programming, and hardware architecture and design -- to keep Defense Department networks safe.
-- Sebastian Sprenger