Remain vigilant with new USB policy Published Sept. 29, 2011 By 86th Communications Squadron 86th Airlift Wing Public Affairs Ramstein Air Base, Germany -- In the 21st Century, transferring information from one computer to another has been made simple with the growing popularity of "thumb drives" and external hard drives. With the increasing use of hand held smart phones, iPods and cameras -- the possibilities are endless. With the growth of information transfer, there is a requirement for enhanced security policies governing daily use of government computer systems. "The USB devices create an inherent vulnerability on our network enterprise," said Lt. Col. Bradley W. Barnhart, 86th Communications Squadron. "The Department of Defense has found malicious software resident on many thumb drives handed out at conferences and purchased commercially." According to the 86th Airlift Wing's "Policy on Use of External USB Memory Devices," the use of devices containing flash media is prohibited on any government system. Simply put, it's unauthorized to introduce any flash media storage device to any government platform. "A general rule of thumb, if it contains a spinning disk, it can be authorized," said Barnhart. "If it contains a chip (solid-state), it's an illegal device. Portable USB hard drives are authorized but require approval from the 86th CS Information Assurance Office before connecting to a DOD system. CDs and DVDs are still authorized for use on the NIPRnet." Flash media storage includes, but is not limited to, cell phones, thumb drives, mp3 players, iPods, cameras, and solid state hard drives (hard drives that contain flash media). These devices, when used on government systems, can allow rogue executable programs such as viruses, spyware, and other malware to be installed. "To protect the Ramstein Enterprise Network, we need every user to be aware of the restrictions and remain vigilant for unusual activity," said Barnhart. "Just one user circumventing the network defense could create a catastrophic failure of network services." The 86th CS conducts daily network scans to identify flash media use and policy offenders on the network. Once identified, the offender's logon, device serial number, device description, and date and time stamp will be logged by the scanning application. The user's account will be locked and the offenders will be forced to re-accomplish annual Information Assurance training. Additionally, unit commanders and Information Assurance Officers will be notified with the final determination on re-enabling the account resting with the 86th Airlift Wing commander. "I truly appreciate our customers supporting the enterprise network defense-in-depth approach by fulfilling their responsibility as a Cyber Warrior." It's important that all users are vigilant, providing physical security to both their external media devices and government platforms at all times. Compiled by Airman First Class Ciara M. Travis