South Korean military bans USB flash drives

Citing recent hacking attempts, military plans to develop new data sharing system

In response to recent hacking attempts, the South Korean military plans to ban the use of USB flash drives, according to a report today on the China View Web site.

The South Korean military plans builds a new system to transfer data, which could be available by early next year, according to the report. Once the new system is in operation, flash drives will be banned.

Related story: U.S. reconsiders security standards for flash drives

About $2.5 million will fund development of an system to transfer data, replacing the use of portable storage devices, according to Seoul's Yonhap News Agency.

South Korea is scheduled to launch a military cyber command this week in response to recent cyberattacks, according to a Yonhap News report last week.

Last November, a contingency war plan designed by South Korea and the United States was potentially comprised via a portable storage device used by a military officer, Yonhap News reported.

In November 2008, the Defense Department banned the use of removable media such as USB thumb drives and CDs because of malware attacks.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

inside gcn

  • Get ready for IoT-enabled threats

    Mirai creators helping FBI crack cybercrime cases

Reader Comments

Fri, Feb 26, 2010 Dakota Denise Marquette USN

The BAN on flash drives have instituted a plethera of new off network scanning solutions. The IT/IR departments of every DOD command are taking extra measures to ensure that the portable devices are in fact not being used and physical personnel monitoring is established to spot anyone who is trying to break these rules (yes, strict consequesces are given for violators). This BAN is not supposed to make your jobs harder but to make your information, systems, networks and operations safer. The work arounds employed in order to complete your jobs are neither unofficial nor involve the use of personal unsecured equipment (if your company is employing these tactics your IR/IT department will need to train on IA policies). Flash drives are built a little more secure now with data/drive encryption and security. But this is not the issue that the drives pose. It is hard for personnel to be more cautious when using these devices since the sites, information and programs downloaded seem to have all kinds of attachments and hidden files. It is hard to train personnel on the do's and don'ts for computer systems when they do not know the threats and vulnerabilities of the equipment themselves.

Wed, Jan 13, 2010

A"ban" only establishes the basis for some type of action, legal or organizational, if the device is used. However,"bans" are useless if there is no means to detect or monitor use and to enforce compliance. At a minimum perhaps all USB ports in all devices could be identified and "alarmed" or have some type of electronic lockout installed on all devices. Or all USB ports could be removed or inactivated. In a word, the ban should also be implemented at the device and not simply stated on paper or by order.

Wed, Jan 13, 2010 Stephen Wolfe 6 MDG, MacDill AFB

Definitely a management problem where a combination of technology and supervision would have sufficed instead of forcing users to engage 'creative' work arounds. I think an off network scanning solution should have been employed with designated approved vendors through authorized logistics channels. The thumb drives should be easily identifiable as approved devices that have been prescanned at different MAJCOM depot levels and then treated like all other removable media according to the multitude of IA regs we have - i.e., more scanning at the user level and proper media labeling. My .02

Wed, Jan 13, 2010 BigGoofyGuy New Jersey

How will they ban all flash drives when so many are so small and/or do not look like traditional flash drives. They do have flash drives with encryption so that not just any one can see the data.

Tue, Jan 12, 2010

A technological solution to a (lack of)management problem, just like when DOD issued their ban. The 'unofficial' work-arounds people came up with in order to get their jobs done (like taking data cards home to use personal machines to create CDs, or mailing official files through AKO or commercial ISPs) were more of a risk than an errant thumb drive ever was. Truly sensitive data should never be outside the perimeter anyway. See, we 'fixed' the problem. Nothing more.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group