Expert: Only deploy trusted USB drives
On the heels of the recent news that some Defense Department offices are forbidding the use of external computer flash drives due to a virus threat, we spoke to John Jefferies, vice president of marketing at Los Altos, Calif.-based IronKey, a maker of secure flash drives, about network security solutions and thumb drives.
GovPro.com: Do IronKey executives have any advice for military and government IT and network administrators? Should they confiscate USB drives of government workers until safer drives are available?
JJ: Only deploy trusted drives – those that are secure, intelligent and of domestic origin. The drives should be both designed and manufactured in the U.S. We would recommend that any organization in the U.S. only use hardware-encrypted USB drives. We recommend that governments rely on only FIPS-certified drives using the NIST recommended mode of bulk encryption. Any devices that don’t match these criteria should be banned from all organizations.
GovPro.com: Can you name some government agencies that use IronKey USB flash drives? JJ: Most all government agencies – civilian and DOD – use IronKey hardware-encrypted flash drives today. GovPro.com: Is it likely other government agencies (besides DOD) will be affected by this worm, and ban USB drives?
JJ: This worm serves as a reminder that viruses used to spread over floppy drives. All organizations are rethinking their certification strategy for secure USB drives. We would recommend that any organization in the U.S. only use trusted hardware-encrypted USB drives, and only those that are both designed and manufactured in the U.S. Any devices that don’t match these criteria should be banned from all organizations because they could potentially compromise data and networks.