According to recent reports, the U.S. Army has banned the use of USB sticks, CDs, flash media cards, and other types of removable data storage devices. According to an article in Wired, all service members will be required to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware.”

The order was given in response to a worm that has been spreading throughout the Army’s networks. The problem arose from the Agent.btz virus, a variation of the SillyFDC worm, which spreads by copying itself to removable data storage. When the storage device is plugged into another computer, the worm replicates itself directly on the PC, and then downloads code from another location.

A lot of the chatter about this issue calls the response “overkill,” but it’s just common sense, and the Army techies are taking an appropriate response that would be recommended by almost any security expert. Besides Defense and civilian government agencies, private companies may also want to reconsider their policies regarding removable storage. People don’t like to admit it, but espionage–government or industrial–is a big reality, and internal staff take home proprietary data all the time. If you have any sort of sensitive data, controls have to be set. Have you ever worked for a company that had controls on the copy machine? I have. You have to put in a code before making copies, and sometimes even enter what you copied into a log book. I, and probably everybody else that has had to do this, see it as a nuisance, but it’s a necessary nuisance. It’s too easy to take a photocopy of a sensitive document and sneak it out in your pocket. There have been several high-profile cases of corporate and state secrets being stolen via photocopy, and that’s why companies implement those annoying rules. Policies on removable storage are necessary for the same reasons, and I’m surprised the Army hadn’t created a policy about this before.