Pentagon unblocks social networking sites

Viewing 4 reply threads
  • Author
    Posts
    • #4736
      former33t
      Participant

      http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=223100879&cid=RSSfeed_IWK_News

      http://www.msnbc.msn.com/id/35611063/ns/technology_and_science-security/

      The new directive means that YouTube, MySpace and more than a dozen sites blocked by the Pentagon in May 2007 will be unblocked, he said. The Pentagon said at the time that the use of video sites in particular was straining its network and using too much of its bandwidth. But Wennergren said Friday that the move failed to stem the use of bandwidth because people just went to alternate sites.

      I saw this in the SANS news bites feed some days after the news was released and I’m surprised nobody has commented on it. 

      Being a DoD employee I got the word a little preemptively in the form of a message saying something to the effect of “even though this is being released to the AP, the changes are not immediate so don’t call the helpdesk if you can’t get to facebook…”

      Some units already don’t block all of these sites and some block more than what was required by overarching policy so I still doubt that DoD will have a uniform policy (pardon the pun).  What I fear this will lead to is additional required annual training in acceptable use of IT resources.  While some IT education is a necessity you always have to deal with the bottom 2% of employees who either don’t understand or don’t care.  The top 10% or so of employees simply proxy around blocked sites.  The folks in the middle go somewhere else (smaller sites probably == lower security, although admittedly a smaller target).

      The move to re-open access to YouTube is particularly concerning since software updates happen at the speed of molasses on government computers.  I can already feel the coming wave of flash delivered malware coming to a NIPRNet machine near me.

      Anyway, I’ll stop rambling.  I have mixed feelings about the move only because I’ve been dealing with the DoD IT folks since 1995 (heck, I was one until until 2004).  Ultimately I think that until you are willing to back policy violations with “teeth”, policy is meaningless.  Reminds me of something I heard a Navy officer opine a couple of years ago:

      If I’m at the helm of a ship and brush the ground or another ship, even with no damage or injuries to anyone, my career is over.  If I bring in trojan software from home, install it on my work computer and DoD loses sensitive information I have to go to a refresher class.  Until we correct this disparity of consequences DoD IT security is a joke.

    • #29565
      CadillacGolfer
      Participant

      wonder how the pentagon will feel after this

      http://thelede.blogs.nytimes.com/2010/03/03/israeli-raid-canceled-after-facebook-leak/

      Unfortuantely no manner of training will help people like this

    • #29566
      former33t
      Participant

      That is very true.  The big difference here that bodes even worse for the pentagon is that the Israeli’s actual know who their enemy is and are much more savvy when it comes to OPSEC.

      If a U.S. soldier posted that on his facebook page, how many of his civilian friends would contact the authorities?

    • #29567
      nightmare44
      Participant

      Time for the koobface crew to step up their game….

      Such a bad idea to allow twitter/facebook for reasons other than opsec.

    • #29568
      former33t
      Participant

      Well, there are some sound OPSEC arguments to open up these sites.  The first would be that DoD personnel are simply going to “alternative” sites that are not being blocked.  These lower density sites, while being less attractive targets for hackers, are likely to have a lower security posture.  OPSEC may actually be increased by soldiers visiting these sites.  Of course, the ideal would be not to use any of the sites for non-mission reasons.  However, that involves actually enforcing policy with punitive measures for violators.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?