March 2, 2010 at 9:24 pm #4736
The new directive means that YouTube, MySpace and more than a dozen sites blocked by the Pentagon in May 2007 will be unblocked, he said. The Pentagon said at the time that the use of video sites in particular was straining its network and using too much of its bandwidth. But Wennergren said Friday that the move failed to stem the use of bandwidth because people just went to alternate sites.
I saw this in the SANS news bites feed some days after the news was released and I’m surprised nobody has commented on it.
Being a DoD employee I got the word a little preemptively in the form of a message saying something to the effect of “even though this is being released to the AP, the changes are not immediate so don’t call the helpdesk if you can’t get to facebook…”
Some units already don’t block all of these sites and some block more than what was required by overarching policy so I still doubt that DoD will have a uniform policy (pardon the pun). What I fear this will lead to is additional required annual training in acceptable use of IT resources. While some IT education is a necessity you always have to deal with the bottom 2% of employees who either don’t understand or don’t care. The top 10% or so of employees simply proxy around blocked sites. The folks in the middle go somewhere else (smaller sites probably == lower security, although admittedly a smaller target).
The move to re-open access to YouTube is particularly concerning since software updates happen at the speed of molasses on government computers. I can already feel the coming wave of flash delivered malware coming to a NIPRNet machine near me.
Anyway, I’ll stop rambling. I have mixed feelings about the move only because I’ve been dealing with the DoD IT folks since 1995 (heck, I was one until until 2004). Ultimately I think that until you are willing to back policy violations with “teeth”, policy is meaningless. Reminds me of something I heard a Navy officer opine a couple of years ago:
If I’m at the helm of a ship and brush the ground or another ship, even with no damage or injuries to anyone, my career is over. If I bring in trojan software from home, install it on my work computer and DoD loses sensitive information I have to go to a refresher class. Until we correct this disparity of consequences DoD IT security is a joke.
March 3, 2010 at 8:36 pm #29565CadillacGolferParticipant
wonder how the pentagon will feel after this
Unfortuantely no manner of training will help people like this
March 3, 2010 at 9:59 pm #29566
That is very true. The big difference here that bodes even worse for the pentagon is that the Israeli’s actual know who their enemy is and are much more savvy when it comes to OPSEC.
If a U.S. soldier posted that on his facebook page, how many of his civilian friends would contact the authorities?
March 4, 2010 at 1:19 pm #29567nightmare44Participant
Time for the koobface crew to step up their game….
Such a bad idea to allow twitter/facebook for reasons other than opsec.
March 5, 2010 at 12:42 am #29568
Well, there are some sound OPSEC arguments to open up these sites. The first would be that DoD personnel are simply going to “alternative” sites that are not being blocked. These lower density sites, while being less attractive targets for hackers, are likely to have a lower security posture. OPSEC may actually be increased by soldiers visiting these sites. Of course, the ideal would be not to use any of the sites for non-mission reasons. However, that involves actually enforcing policy with punitive measures for violators.
- You must be logged in to reply to this topic.