September 4th, 2009

If a flash drive infects a network, who's to blame?

Posted by Zack Whittaker @ 3:47 am

Categories: Productivity, Research, Security, Skills development, University, Workplaces

Tags: Education, Network, Council, USB Flash Drive, Virus, Networking, Zack Whittaker

Ealing Council, the local authority for a number of London boroughs, was infected by a virus which crippled the vast majority of the council’s network.

The damage knocked out the housing department, the library service, telephone network and others, according to the BBC, as a result of plugging in an infected flash drive on a networked computer. But this raises a question of those who are still not yet fully IT literate.

If you plug in a flash memory drive and it infects a network, who is to blame - the user who doesn’t know any better, or the IT staff responsible for the network?

Bruce Hughes from CNET seems to think it is those responsible for the network and the company. I’m inclined to agree.

In British (and I suspect in American) law, ignorance is not a defence. You cannot get away with ploughing someone in your car, reversing and going over them again because, “you didn’t realise murder was a crime”. If the judge said, “you’d forget your head if it wasn’t screwed on, you little scamp. Go on, go free!”, I would seriously wonder about the state of the justice system.

But in cases such as these, a legal aspect could easily be thrown into the equation. A bill reaching over £500,000 ($817k) needs to be pinned somewhere, and whether or not legal action could be taken is yet to be decided. At the end of the day, it will be the taxpayer who pays the brunt of the cost.

Even though the Conficker virus never “really” activated or caused damage per se, the proof of how powerful a virus can be in this day and age still exists. It infected as far wide as the French Navy, the German Bundeswehr, the UK Ministry of Defence, the UK Houses of Parliament and more universities than you could shake a stick at.

It is my professional opinion and belief that standard university network security is greater than the average security of businesses and corporate networks. As public machines on campus are all or often in buildings where the doors are opened with your university smart card, access is still limited to those within the establishment.

Not only that, in comparison to a local council or district governance, universities are themselves councils and governors of the campus. Students live and breathe on the campuses and the work that goes on within the network keeps the world ticking over - literally. For the fact they are all inter-connected in one way or another, in the UK at least, to limit spread of malware they have to be secure.

But ultimately it comes down to education, education and education: the do’s and don’ts of computing security. You may not get booted out of university for accidentally offloading a payload of electronic sewage, but you can bet your arse in the real world - you could easily get fired.

So, if a user’s flash drive infects a network, who is to blame?

Zack Whittaker, the youngest in the ZDNet network, is a British student at the University of Kent, Canterbury, where he studies BA (Hons) Criminology and Social Policy. His insight into the next-generation is unique and first-hand, sharing his knowledge of the here and now but more so what's next and how to get there.

You can read his public biography and his work disclosures of his current and past industry affiliations.

Fire off an email if you feel like sharing a story or insight, or leave a voicemail. You can also follow him on Twitter to keep up to date with his ramblings.

Subscribe to iGeneration via Email alerts or RSS.