Re: What's the betting...
DoD instituted encryption of data at rest after the cyberattack debacle of 2008. By late 2009, encryption was ordered and instituted for all portable systems and media.
That said, it's easier to get the data from a running system, after an idiot downloads something cool in the e-mail or goes to a compromised watering hole.
The 2008 cyberattack was initiated by a few USB flash drives scattered in a parking lot, the idiots who configured the systems didn't follow the DoD baseline that disabled autorun and didn't bother with antivirus scan on insert.
But, my installation didn't have that problem, as I had fought major battles to get onto the authorized DoD baseline configuration and I configured antivirus to be paranoid about what got plugged in. We still had detections from one unit coming back from an infected AOR, but detection and deletion occurred and we had the machine wiped and baselined on principle.
The idiots were lauded as heroes for working thousands of hours of contract overtime, whereas I was the villein for not being an idiot like them.
What can one say other than, idiots prevail only in government. Businesses taking that kind of loss sack the idiots.
Retaining the idiots in management.
Oh, after the DoD emptied out every US and European system administrator, plus the NSA of system administrators to clean up the mess to a tune of one billion dollars, within a month, the infection returned via the same vector - the infected drives that the idiots never scanned and cleaned.
The second wave cleanup costs remain classified.
But, the contracting vendor made a fortune cleaning up the mess that its workers created - twice.