As we told you this morning over on the INSIDER, there's a new U.S. Strategic Command message out there suspending the use of "flash media" devices -- "memory sticks, thumb drives and camera flash memory cards" -- because of some significant security concerns.
That directive -- stamped "for official use only" -- contains some pretty dire language.
2. (FOUO) IT IS APPARENT THAT OVER TIME, OUR POSTURE TO PROTECT NETWORKS AND ASSOCIATED INFORMATION INFRASTRUCTURE HAS NOT KEPT PACE WITH ADVERSARY EFFORTS TO PENETRATE, DISRUPT, INTERRUPT, EXPLOIT OR DESTROY CRITICAL ELEMENTS OF THE GIG. THE DECISION TO TERMINATE USE OF REMOVABLE REWRITABLE MEDIA IS A KEY COMPONENT IN THE STRATEGY TO DEFEND AGAINST ATTACKS AND ESTABLISH A BASELINE FOR INFORMATION SYSTEM PROTECTION. MEMORY STICKS, THUMB DRIVES AND CAMERA FLASH MEMORY CARDS HAVE GIVEN THE ADVERSARY THE CAPABILITY TO EXPLOIT OUR POOR PERSONAL PRACTICES AND HAVE PROVIDED AN AVENUE OF ATTACK.
MALICIOUS SOFTWARE (MALWARE) PROGRAMMED TO EMBED ITSELF IN MEMORY DEVICES HAS ENTERED OUR SYSTEMS. ONLY THROUGH A LAYERED DEFENSE OF TRAINING, TECHNOLOGY, PROCEDURES AND PERSONAL RECOGNIZANCE, CAN WE REGAIN THE HIGH GROUND.
You should know Wired.com's Danger Room blog broke this story last night.
You should also know that the defense IT community is very, very exercised about the whole thing.
More to come.
-- Dan Dupont