http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=223100879&cid=RSSfeed_IWK_Newshttp://www.msnbc.msn.com/id/35611063/ns/technology_and_science-security/The new directive means that YouTube, MySpace and more than a dozen sites blocked by the Pentagon in May 2007 will be unblocked, he said. The Pentagon said at the time that the use of video sites in particular was straining its network and using too much of its bandwidth. But Wennergren said Friday that the move failed to stem the use of bandwidth because people just went to alternate sites.
I saw this in the SANS news bites feed some days after the news was released and I'm surprised nobody has commented on it.
Being a DoD employee I got the word a little preemptively in the form of a message saying something to the effect of "even though this is being released to the AP, the changes are not immediate so don't call the helpdesk if you can't get to facebook..."
Some units already don't block all of these sites and some block more than what was required by overarching policy so I still doubt that DoD will have a uniform policy (pardon the pun). What I fear this will lead to is additional required annual training in acceptable use of IT resources. While some IT education is a necessity you always have to deal with the bottom 2% of employees who either don't understand or don't care. The top 10% or so of employees simply proxy around blocked sites. The folks in the middle go somewhere else (smaller sites probably == lower security, although admittedly a smaller target).
The move to re-open access to YouTube is particularly concerning since software updates happen at the speed of molasses on government computers. I can already feel the coming wave of flash delivered malware coming to a NIPRNet machine near me.
Anyway, I'll stop rambling. I have mixed feelings about the move only because I've been dealing with the DoD IT folks since 1995 (heck, I was one until until 2004). Ultimately I think that until you are willing to back policy violations with "teeth", policy is meaningless. Reminds me of something I heard a Navy officer opine a couple of years ago:
If I'm at the helm of a ship and brush the ground or another ship, even with no damage or injuries to anyone, my career is over. If I bring in trojan software from home, install it on my work computer and DoD loses sensitive information I have to go to a refresher class. Until we correct this disparity of consequences DoD IT security is a joke.
/root : Fashion Advice Anyone Can Follow And Look Great
