Rationale
Instituting and maintaining a comprehensive media control program, including protecting media according to the classification of the information it stores, can help agencies mitigate the risk of disclosing classified or sensitive information. Best practice media security can help protect against not only current exploits, but also exploits that could emerge in the future.
There are a number of security risks agencies should be aware of when using media. For instance, some operating systems provide the functionality to automatically run certain types of
programs that reside on media. While this was designed for a legitimate purpose, it can also be used for malicious purposes or lead to inadvertent compromise.
If this functionality remains enabled, malware can execute as soon as media is connected to a system. Coupled with the ability to insert media of a higher classification into a system of lower classification, sensitive or classified information could be disclosed. Known vulnerabilities have also been demonstrated where malicious actors can connect a device to a locked workstation and still gain access to encryption keys. Furthermore, devices that have direct access to the system memory can allow a malicious actor to read or write any content to memory that they desire.
The best defence against this vulnerability is to disable access to relevant ports, using either software controls or by physically damaging the ports so that devices cannot be connected.
Implementing technical measures to ensure certain types of media need to be explicitly approved for use in a classified environment provides an additional layer of user awareness and security, in case users are unaware of, or choose to ignore, media security requirements.
Following sound security practices when connecting, storing, transferring, sanitising,
destroying or disposing of media plays a major role in preventing classified and sensitive data spills and avoiding malicious attacks.
Documenting such policies and procedures will ensure they are carried out in accordance with agency expectations.
Scope
This chapter describes the value of implementing appropriate media handling, usage, sanitisation, destruction and disposal practices.15
In a research experiment, the Sophos Australia office discovered that 66% of the 50 USB drives they purchased from a public transport provider were infected with malicious software. They were able to uncover information about many of the former owners of the devices, as well as their family, friends and colleages.16
DID YOU KNOW? In a research experiment, the Sophos Australia office discovered that 66% of the 50 USB drives they purchased from a public transport provider were infected with malicious software. They were able to uncover information about many of the former owners of the devices, as well as their family, friends and colleages.16
DID YOU KNOW?
PRIN CIPLES : M EDI A S ECURITY
Principles 1. Media Handling
Establish a removable media policy to provide oversight and accountability for agency information transported or transferred between systems on removable media. Maintain confidentiality by accurately classifying, reclassifying
(following appropriate sanitisation or destruction procedures or changes to data classification), labelling and registering media in accordance with the information it stores.
Accurately classifying media provides appropriate protections for the information it stores.
Media that is not correctly classified carries a greater risk of being mishandled and accessed by unauthorised persons. Labelling helps personnel to identify the classification and ensure the media is afforded the appropriate level of security. A sound process for registering and accounting for media helps minimise the likelihood of unauthorised disclosure of
classified information.
2. Media Usage
Maintain the confidentiality of stored information by implementing and
documenting appropriate standards for connecting, storing and transferring media.
Implementing controlled and accountable processes for using media can minimise the risk of unauthorised access and disclosure by preventing classified media from being connected to systems of a lesser classification, as well as protecting information which is being stored or transferred within a media device.
3. Media Sanitisation
Reduce the likelihood of a data spill by implementing proper processes for sanitising—that is, securely overwriting information on—media that is either no longer required or before reuse.
Approved sanitisation methods provide a high level of assurance that no remnant data is on the media. Sanitising media before reuse ensures that information is not inadvertently accessed by an unauthorised individual or protected by insufficient security measures.
Independent verification provides assurance that the process was conducted correctly. It is important to note that some media is not able to be sanitised because of the way information is stored, for example microform and printer ribbons.
4. Media Destruction
Prevent unauthorised access to stored classified or sensitive information by destroying media that cannot be sanitised—under proper supervision and using documented procedures, appropriate equipment and waste management and transportation processes.
Media destruction methods are designed to ensure that recovery of data is impossible or impractical. There are some types of, and specific circumstances under which, media cannot be sanitised and therefore, if no longer required, must be destroyed.
P RINCIP LES: M EDIA S EC URITY
5. Media Disposal
Minimise the likelihood of a data spill when media is released into the public domain by declassification and a formal administrative decision to approve its disposal—by an appropriate authority and according to an agency’s documented procedures.
Appropriate media disposal practices are essential in ensuring that classified information is not accidentally disclosed. Media can be disposed of only after it has been sanitised or destroyed to a point where it no longer contains sensitive or classified information. A formal administrative decision needs to be made to complete the declassification process and to allow media to be released into the public domain.
References Nil.
PRIN CIPLES : S OF TWARE S E CURITY