TO:               Agency Chief Information Officers

FROM:         William Hadesty

                      Associate Chief Information Officer

                      Office of Cyber Security

SUBJECT:    Interim Guidance on Peer-to-Peer Software and Copyright

                        Protection, CS-010

The Office of Cyber Security is in an evolutionary process of improving USDA's Intrusion Detection sensors and firewalls around the country.   In this regard, we have been intensely scanning our systems to detect virus programs, worms or intrusions in our IT systems.  During this process, we have been detecting increased activity in areas that
all users should know are inappropriate.

USDA agency Internet Protocol (IP) addresses, particularly in the Washington DC area, have been identified engaging in the illegal download of software, music, graphics, or videos that are protected by copyright laws or in some instances, pornography.   These addresses are using a number of "Peer to Peer" software & "file sharing" products that are available for download from the Internet.  Some of the products that we have detected are:  gnutella, LimeWire, SwapNut, KaZaA, MORPHEUS and all similar P2P software.

These “evasive” programs are used for illegal activity, such as pornography and software piracy, and have the ability to send inbound and outbound traffic to regular Internet ports for transport, thus disguising their purpose.  They have no recognized business need and should not be loaded on workstations/equipment used to conduct USDA Official Business. 

Efforts to remove these programs can involve days of effort rebuilding the device causing undue departmental expense.  Repeated and continuous use of this type software can impact network resources and inhibit USDA’s ability to properly perform our mission.  In addition, if USDA does not control copyright violations of video, software, music and graphics, we may be subject to prosecution in lieu of the actual offender.

USDA has a long established policy that it does not condone or support employees who use Government computers and networks in an inappropriate manner.  The Limited Personal Use Policy cannot be used as a justification for illegal or inappropriate use and practices.  All USDA contractors need to be advised that they are subject to compliance with all Federal laws and USDA regulations when they and/or their company is receiving USDA funds for services they are performing on behalf of USDA.  Use of non-USDA, non-Federal computers, including laptops, does not exempt the contractor from USDA and Federal laws. 

The Office of Cyber Security will continue to take aggressive measures to combat this unacceptable practice to include: forwarding all instances of pornography to OIG, any child pornography detected in our scans will be referred to the appropriate U. S. Attorney's office and to recommend appropriate administrative action be taken

against employees/contractors violating this policy. All agencies and staff offices will enforce their responsibilities to protect USDA Information Technology Resources from misuse, inappropriate and illegal activity.   Your users should be advised that they are personally responsible for all costs related to trafficking in music, software or videos if a complaint is filed  against them and the copyright owner seeks restitution of funds lost due to pirating copyright protected material.  The cost for each occurrence, plus recovery costs, are assessed to the offending party.  Further, each agency will monitor their employees and contractors to ensure that they adhere to the requirements of this policy in conducting Official USDA business. 

The Office of Cyber Security is actively pursuing legal remedies to stop these activities and will be publishing further guidance in these areas in the coming months.  Please review this draft Interim Guidance and provide your comments to Sharon Hughes within 30 days from issuance of this memorandum.  If you have questions or concerns, please contact me directly on (202) 690-0048or by E-mail at bill.hadesty@usda.gov .

CS Staff Members

Agency ISSPMs