The biggest threat to national security may be the thumb drive–both for leaking and/or stealing data AND for importing viruses.
How did we destroy Iranian nuclear facilities? With a thumb drive–a thumb drive loaded with the Stuxnet virus dropped on a desk with other computer paraphernalia, unwittingly picked up and inserted by an engineer with nothing more in mind than copying data. Simple.
Read more about Stuxnet and its impact on Iran’s nuclear program in my book Sparrow Hawk, a Kiko and Maggie Perez Mystery (by Karen Hopkins on Kindle.) Read it and you’ll not only find out more about Stuxnet, you’ll enjoy a great story, with characters you might consider inviting home, if only they could step off the page!
But, back to Iran: Unfortunately the word “destroyed” in reference to Iran’s nuclear program is a gross exaggeration. Stuxnet did nothing more than slow the program down. Still it was an elegant insertion and a beautiful example of cyber warfare. Some nuclear components were destroyed, the cascades where damaged, and it set the program back months or more.
With Stuxnet, unless a country actually came forward and took credit for the virus, or unless someone else downloaded files with information about the virus and where it was constructed onto their own thumb drive there was no way to know for sure who designed the information on that thumb drive sitting on the desktop.
Which takes us to the next national security issue–how did Snowden smuggle out the blueprints to the NSA? With a thumb drive. It wasn’t by some ultra secretive means of super-complex cyber code writing and cloud encryption that Snowden breached America’s security in arguably the most secure compound on the planet — no — he simply walked in with a thumb drive, downloaded the NSA, and walked out.
The U.S. Department of Homeland Security ran a test in which staffers dropped flash drives in the parking lot of government and contractor buildings. Sixty percent of folks who picked them up simply plugged them into networked computers. That percentage jumped to 90 percent if the drive had an official logo.
That’s downright scary. In fact it seems incredible. And some of you wonder why an Iranian engineer would pick up and use an unfamiliar thumb drive? It looked just like all the others in the room.
The Washington Times breaks down the threat further by reminding everyone that a “number of commercially available programs can switch off the USB port of every computer on the network.” Pretty easy, huh? NSA officials “were laying down on their job if they didn’t disable the USB port,” an unnamed government IT specialist told the Washington Times.
Organizations, whether they’re public or private, have had difficulty enforcing Bring Your Own Device security measures now for a number of years. There are places in government buildings where there are NO recording devices or storage devices allowed under ANY circumstances. Doesn’t that seem like simple common sense? At least if the government building is supposed to be the repository of top secret Secrets?
Regardless, Snowden managed to get one in and get one out. A thumb drive is pretty small and it doesn’t set off a metal detector after all. If it’s got an official logo on it, even security might not give it a second look. It didn’t take a brain trust to bring one in. I keep three flash drives in my purse all the time, mostly because I haven’t bothered to take them out. They’re there no matter what building I’m in and I usually don’t even remember I’m carrying them.
So, if the difference between having an international incident of grave consequences to national security and not having one is buying some simple software … then shouldn’t we just get the software?
There may be a cheaper and simpler way to keep the thumb drives out of the computer, as the IT professional who talked to the Washington Times pointed out, “I have seen places where they used a hot glue gun to block USB ports.” Just so you never need to use the USB port, right?