We’ve seen some discussion in this forum concerning the press reports of banning social networking (towards the end of the transcript) and Web 2.0 sites from DoD systems and I want to reiterate a couple of points.
There are ongoing efforts across DoD to use social networking sites and Web 2.0 capabilities in an effort to inform interested communities of people about operations of the Department of Defense and the Uniformed Services. These have become integral tools in some day to day operations and have become commonplace to many people changing the way they communicate not only with friends and families, but with organizations and businesses. These tools have also facilitated a change in the way people inform themselves and gather news.
As with any new technology, there are vulnerabilities that arise as they are adopted and threats that emerge as they are adapted to operations. We have a responsibility to find the balance between the value and the vulnerabilities and to train for the threats we perceive. This blog is part of a larger effort to inform the policies and processes to ensure the responsible and effective use of emerging Internet-based capabilities.
Please share with us here your thoughts, experiences, research, and links as we work to find a responsible way to keep people informed and safe.
There are some interesting comments regarding a ban on social media in the DoD in response to FCWs recent articles on the subject. Here’s their latest:
http://fcw.com/blogs/insider/2009/08/fcw-insider-dod-social-media-ban.aspx?s=fcwdaily_060809
As your post mentions it’s a pity to lose all the advantages that we can get from social network sites because of all the abuses and security issues that we have seen so far. I personally have been very reluctant to post any personal information on the web as much as I love to be able to stay in contact with my family which is dispersed pretty much all over the globe. Posting a picture of my daughter or son and having their innocence at the reach of any pervert on the web has made me cringe and I can’t bring myself to do it.
I then came across http://www.weourfamily.com through some friends and I really like their concept. They seem to tackle the whole social networking concept a lot more the way I want it handled: putting Privacy and Security first. They reinvent social networking keeping the qualities like ease of sharing diverse content and get rid of the flaws like lack of privacy and security. Any content I upload is private and always protected by a login and I have to specifically share it with individuals rather than the opposite which is the common thing with most popular social networking sites. I have even used it for my business to share files with customers rather than using less secure ftp which requires the client to know how to use an ftp client.
I realize this is a big plug for the said site, but I think its exciting to finally be able to take advantage of what the technology has to offer without having sleepless nights because of how exposed it leaves you.
Hi, I find this new forum ridiculous!!!! I understand we need to protect important information from who ever it may be…its a security issue or whatever.I think our soldiers know to keep their mouths shut about certain things and not to relay any information to friends and family.How am I suppose to keep in touch with my husband? Its hard enough that I don’t see his face everyday or even talk to him…and on top of that I have separation anxiety! I have been doing well with this deployment knowing that I have some way to communicate to my husband and to find out that this is to take into place soon!!! Why now?
Hi Amanda, just to be clear, this forum is intended to allow folks like yourself communicate your concerns into this process. Also, just to be clear, as Jack states in the post above there is an analysis process under way. No decisions have been made to block access.
As a follow-up, you are exactly the type of person we are hoping to respond to the “Use of Web 2.0 Capabilities by Military Families” blog entry. We would very much appreciate your responses to the questions just posed in that blog entry.
As a military librarian, we serve both the military member and his/her family, and are constantly exploring how we can utilize new technologies within the constaints established by squadrons, bases, services, and the DoD itself to better serve our customers. Web 2.0 tools, while imperfect in many ways, offer possibilities for communication that help sustain these families during deployments. We need to work hard to find a balance, or these potential users will find a way to circumvent restrictions.
Also, how was this forum marketed to the military comminity? I just happened to read a newsfeed from a professional organization (SLA) through my non-DOD email account. Otherwise, I have read nothing about this.
There are many benefits I believe that outweigh the risks of these “new” communication tools such as Twitter and Facebook, perhaps the most important being morale – especially for our brave troops in harm’s way, who, thanks to technology, now have access to communicate with their families and friends unheard of in past conflicts.
However, the biggest obstacle in whether or not to allow access is the fact that nothing’s uniform at this time among the services. Will this analysis result in a policy that is consistent across the DoD? We have the Chairman of the Joint Chiefs of Staff on Twitter, yet Corporal Someone can’t access the site at work do to a Marine Corps specific ban. We have leadership from all directions arguing the pros and cons of these tools without many even understanding their actual value. It’s frustrating for troops whom are supposed to follow orders when it’s unclear who to listen within the chain-of-command.
Regardless of what the policy ends up on official government computers, I think it’s important we acknowledge what is proper etiquette on these sites in relevant ancillary training requirements such as public affairs and operational security. There’s no denying that no matter what the policy is at work, our troops can and do use these sites off-duty and on their personal devices such as iPhones.
Rather than focus on the negativity of these sites, we need to continue to familiarize our leadership with these tools and focus on the advantages they can and do bring to the organization as a whole while maintaining operational security. After all, we train our troops how to fight in war, why can’t we train them on social software and national security? I think it’s only fair if we trust them with a loaded weapon, we can trust them with a keyboard.
I would very much like to see soldiers be able to communicate via social networking sites. My husband is currently serving in Iraq and we very often have a difficult time talking on the phone because of the frequent sand storms.
I think it is important to give soldiers access to the various internet tools available to them provided they are thoroughly educated regarding the rules of communication around those sites. These social sites have become the world’s tools for communication. Giving families the ability to connect whenever possible is critical to the well being of both the soldier and his family members. I do however respect the concerns of potential information leaks via these sites. The post boards where everyone can see each others messages should probably be restricted in some fashion.
Sense the decision on “if” DoD should ban the use of social networking tools or not misses the real challenge on “how” we should effectively employ or guide others in their use while mitigating or reducing any associated risk. The train has left the station, our society will increasingly use social media technologies to communicate regardless of any official desires. If you ban Facebook or like capability on Government computers then users will simply find other upstart media tools and use one until recognized and/or banned, thus the vicious circle will begin.
Rather than discussing access or no access, how do we eliminate or reduce the risk? From a technology perspective perhaps we should engage social media technology leaders, like Facebook, to work cooperatively to address information assurance concerns or assist them in creating a more secure version, etc. Banning access to Facebook accomplishes little more than burying your head in the sand waiting for a problem to disappear.
What I sense is the larger issue on the responsible way ahead is how we use such technologies safely. Much like we teach our children how to steer clear of cyber predators, what education and/or training are we offering to military members, including senior leaders, and their families? Sense this is more than just a policy on what you can or can’t do, but also advice on best practices, lessons learned etc
The dot com community is already sharing similar advice of potential risk based on the overlap of personal and professional lives through social media. Yves Accad posted earlier on the concern for security and privacy in sharing pictures of family and seems to have found a way to both share and mitigate the risk of a picture falling into the wrong hands, however, most likely had to discover the solution without much official support.
Believe the responsible way ahead would include the same level of input from the Department of Defense on the unique experiences and associated hazards of sharing through social media while serving or associated with someone who serves in the military.
I’m glad that the need families have to communicate is being addressed. Family communications make up only one of the many “communities of interest” that a web 2.0 policy has to take into account.
At a high level, a coherent Web 2.0 policy must address three communication segments: (1) internal to internal communications (e.g., DOD people communicating among themselves), (2) internal to external communications (e.g., communication between DoD people and their families, government-to-vendor communications, etc.), and (3) communication among external groups about DoD related events and activities (e.g., families communicating among themselves). Issues such as security, transparency, culture, control, privacy, intellectual property, law, and technology will differ across these three segments.
So far the most publicized controversies appear to have arisen around the second segment, internal to external communications. But all three segments raise challenging policy questions. Hopefully, emerging web 2.0 policies will address the different communications occurring among different groups and not just approach policy from the perspective of managing technology, which is only one part of the puzzle.
Dennis D. McDonald, Ph.D.
Alexandria, Virginia USA
Web site: http://www.ddmcd.com
We cannot completely ban any form of technology as that puts us at a serious disadvantage both in our own communications efforts and in understanding the communications of our adversaries. Instead, we should use them, but only after careful thought and with a specific purpose in mind. Sites like these should not be used or created “just because”.
I definitely support the use of social network sites for deployed Service Members and Civilians. It will help relieve stress. I also support such use by PAOs, Recruiters, and others who need to reach the youth population. DOD has to be careful to NOT extend such use to the non-deployed DOD members. It is not appropriate activity for government workers and Service Members to use such sites during the duty day, when they should be productive for the government. Time goes by fast when you are on the Internet – shopping, using social network sites, watching videos, blogging – the time spent on the activity grows and the work does not get done. It is happening already, despite our best efforts.
That would be a pity to give up such a cool system because we can’t find a way around its disadvantages. Hopefully they’ll work harder at coming up with a better balance, as you suggested. Best of luck.
The Department of Defense is not alone in its concerns regarding social networking. According to Deloitte’s “6th Annual Global Security Survey,” 53% of its respondent businesses (i.e. global banks, insurance companies, and financial institutions) ban the use of social networking technologies. Their anxiety appears to be based squarely on data protection concerns, highlighted by unintentional disclosure as well as social engineering, spear phishing, and web application security vulnerabilities. Given that 86% of respondents also feel human error is their organization’s primary security weakness, it should be no surprise that these businesses are choosing to ban technologies that facilitate attack vectors aimed directly at their employees.
While DoD should make better use of social networking technology’s potential, it must do so with great care. DoD requires new use policies and training for DoD civilians, soldiers, and contractors. It also requires revised social networking technology vendor oversight, including code inspection (whether by DoD or a third party) and DoD hosted dedicated servers with unique instances.
But the challenge then arises: How to ensure social networking sites meet DoD security and privacy guidelines without national mandates when so many vendor platforms operate free of cost to users (including the DoD). One option would be to a certification process, which would require: 1) Creating a rigorous set of public guidelines; 2) Fostering the development of a 3rd party certification for these standards; 3) Rewarding social networking vendors who elect to undergo (and pass) testing with a recognized, branded certification that they can then use in consumer and B2B marketing; 4) Fast-tracking certified cloud-based services to be listed under social media applications on Apps.gov.
The downside: A new certification process requires an up-front investment on the part of DoD.
The upside: The new certification process would encourage the widespread adoption of social networking technologies by DoD, other government entities, and private businesses without undermining further innovation.
Recommendation: DoD should weigh the relative costs and benefits of a new certification process as part of future DoD policies on social media and social networking technologies.
Interesting forum on the DoD’s way ahead on Web 2.0. As a military member and spouse of a military member, I enjoy the benefits of Web 2.0 as much as the next person, but I am involved in DoD network security and am shocked at the near complete lack of acknowledgment by DoD leadership of the very real and technological risks of 2.0. My fellow warfighters – the security argument is not an attempt to prevent the use of 2.0 apps or a discussion about OPSEC, but a serious warning about HOW those connections are currently being made.
I am also shocked at the complete lack of acknowledgment of the well documented business (Sophos report – half of all businesses partially block or ban SNS access) and government (NIST) best practices such as those taken from the CDC regarding the use of Web 2.0 application on the Internet: bottom line – do not use your unclass enterprise networks (such as NIPR in DoD) to access 2.0 apps on the Internet. Period. If you have to access them for public affairs or morale reasons, do so from stand alone unclass machines or networks designed to do just that…not the same machine you use to do your DoD job!
http://www.sophos.com/
http://csrc.nist.gov/groups/SMA/fasp/
From an operational (G/N/A/J-3) perspective, I have yet to see an unclassified reason to access such applications and that is the reason the networks were built in the first place…to help us fight and win! Not to talk to my kids; not to chat up possible recruits; not to project a good image with the press; and not to share thoughts with my subordinates about the new uniform policy. These are all nice, but the DoD used to be called the Department of War for a reason.
We do not let soldiers take their rifles home to go hunting or their assault vehicles to pick up their kids from school. Why? Because that is not what they were designed or intended to be used for. Just because its technically possible to access Facebook from my work computer does not mean I should. And if DoD puts out a policy to allow such nonsense without properly mitigating known threats, I can only assume it is due to ignorance, apathy, or they are just too cheap to pay to do it right.