Due to the government shutdown, this website is not being updated.

USB policy emphasized at Kirtland

  • Published
  • By Danny Monahan
  • 377th Air Base Wing Public Affairs
Kirtland Air Force Base --  The 377th Mission Support Group reminds everyone that unauthorized universal serial bus devices are prohibited from being plugged into computers connected to the Kirtland Air
Force Base local area network.

"Air Force policy prohibits the use of unauthorized USB devices due to increased threats to Department of Defense information and data that is introduced to the network via these devices," said Juanita Gomez, 377 MSG, Installation Communications and Information Systems, Network Operations. To detect unauthorized USB devices, the 377 MSG periodically scans computers on the LAN. Recently, it detected several unauthorized devices.

"One of the biggest issues we have is people recharging electronic items via a USB port," said Ms.
Gomez. "It has increased our number of non-malicious incidents related to USB devices. A though they are non-malicious incidents, all it takes is one successful attempt to attack network resources to place the entire global information grid in jeopardy."

Violators detected connecting unauthorized USB devices can be subject to various punishments, such as network privileges being revoked or charged with Article 92, failure to obey an order or regulation, of the Uniform Code of Military Justice.

With the exception of mice, keyboards and common access card readers, users of USB devices connected to a computer must obtain a waiver from the 377 MSG. Authorized devices must meet encryption standards outlined in Federal Information Processing Standards Publication 140-2, Security Requirements for Crypto graphic
Modules, and must be justified with a mission impact statement, said Ms. Gomez.

"Security is not designed to be convenient," said Ms. Gomez. "It is necessary to ensure critical mission-data is safe and secure at all times. Restricting the use of USB ports to authorized devices lessens the chance that protected information is removed from the network. By using devices that meet encryption standards, we are ensuring data stored on these portable devices is secure."

USB devices were banned throughout the DOD in November 2008, after several computer systems were maliciously infected with viruses as a result of their use.