Home : News : News
JBSA News

Information assurance office continues to detect flash media usage

By Robert Goetz | 502nd Air Base Wing OL-B Public Affairs | July 19, 2010

RANDOLPH AIR FORCE BASE, Texas — Each day when they log onto their computers at Randolph, active-duty and Department of Defense civilian personnel as well as contractors are greeted with a network notification they quickly acknowledge, often without looking at it.

The message informs them that removable flash media - specifically memory sticks, thumb drives and camera flash memory cards - are not authorized on all DoD information systems.

"You cannot utilize a USB device that has flash memory, such as thumb drives, phones, cameras, MP3 players and iPods," said Michael Wentworth, 902nd Communications Squadron information assurance office representative. "The only USB devices allowed are external hard drives if they do not utilize flash memory."

Though the policy has been effective since November 2008, Randolph's information assurance office, which has oversight of all computers on base, has identified 134 individuals who have plugged flash media into the Universal Serial Bus, or USB, ports of their computers. Flash media - portable devices that provide digital memory storage - can spread viruses and other forms of malicious logic throughout a network.

"We want our customer base to understand that any form of USB flash media, such as thumb drives, iPods, MP3 players and smart phones, is not authorized for use on the network," said Joe Harris, 902nd CS wing information assurance chief. "They are not authorized in any capacity."

Furthermore, anyone who plugs a flash media device into a USB port at work will be caught, thanks to a USB port scanning system provided by the Defense Information Systems Agency.

"It scans the entire network," Mr. Wentworth said. "It identifies any USB device connected to the Randolph network. We run it on a daily basis and use the information it collects to do an analysis for connections that take place when the scan is not active. It sees everything that's plugged in."

That also means the system will detect any flash device that is plugged into a laptop authorized for the Randolph network even when it is connected outside the network, he said. While in use at home or on temporary duty, at no time will USB flash devices of any type be connected to government-furnished equipment.

Mr. Wentworth said once the IA office detects an unauthorized device plugged into the network, an e-mail is sent to the information assurance officer of the unit where the connection occurred. The IA officer then disconnects or collects the device.

Devices such as MP3 players and iPods are returned to the user, but thumb drives are surrendered to the base information assurance office, never to be seen by the user again.

The IA office will contact the unit IAO when an individual using unauthorized flash media is identified. The IAO will inform the commander and the user's network access will be suspended until the user reaccomplishes AF 4394 (user agreement) and DoD IA training. Upon receipt of proof of completion, network access will be granted, Mr. Wentworth said. In addition, the computers are scanned for malicious logic.

He said the IA office provides briefings on a monthly basis, but Randolph personnel are still plugging flash media into their USB ports, as evidenced by 24 detections last month.

"You can't plug something in and expect that we won't find it," Mr. Wentworth said. "It's government equipment and we will see it. The security of the network is what we do every day. It's best if people follow the rules that are provided."