As security step, DOD to limit Web postings
- By Gregory Slabodkin
- Sep 28, 1998
To reduce the chances of terrorists gaining access to information that could threaten
national security, the Defense Department plans to set limits on what can be posted on DOD
Deputy Defense secretary John Hamre is expected soon to issue a memorandum to the
services and Defense agencies that lays out strict guidelines on what kinds of information
DOD offices can post.
Hamre and members of the Joint Chiefs of Staff are concerned about the content of some
DOD Web sites, said Kenneth Bacon, assistant secretary of Defense for public affairs. For
instance, DOD sites now include information such as building diagrams at military
installations, lessons learned from military operations, R&D program goals and
The challenge is to balance two goals, he said. One is to have Web
sites that provide useful information to the users of those Web sites but dont go
too far in providing information that could be dangerous if misused by malefactors of
The plan comes less than seven months after two California teens broke into 11
unclassified Defense computers via the Internet in what Hamre called the most
organized and systematic attack against DOD systems ever. But Defense officials said
the latest analysis of Web site security is preventative and not a reaction to a specific
Certain information might compromise personal and institutional security, Bacon said.
Personal information posted on the Web, such as Social Security numbers, home addresses
and home telephone numbers, could be used to track down personnel and harm or abduct them,
he said. The information could also be used to falsify identification cards and documents,
Data on the capabilities of weapon systems in development, including technical
requirements, are posted on Web sites during the contract process, Bacon said.
Were trying to act before real problems develop, Bacon said.
The best problems are ones you head off before they become bad problems. Thats
what were attempting to do. Were attempting to make people more conscious of
Web site security issues.
DOD has about 1,000 Web sites, Bacon said, but because there is no central registry of
Defense sites, the department doesnt know exactly how many it has.
DefenseLink, DODs main Web site at http://www.defenselink.mil,
is the gateway to Web sites for each of the services, specific commands, bases and, in the
case of the Navy, specific ships, he said.
So theres this sort of multiplication effect where you go into the Navy Web
site and from there you can go into many other Web sites down to carrier battle groups or
ships, Bacon said. You can even go into Web sites for particular units or
wings within the Marine Corps, Army and Air Force.
DOD is a continual target of hackers. Defense last year reported more than 250,000
break-in attempts on its computers.
In June 1997, the Joint Chiefs sponsored Eligible Receiver, a cyberwarfare game in
which more than 50 National Security Agency workers broke into military systems using
software downloaded from the Internet. If an adversary or terrorist group had broken into
those systems, the results could have been catastrophic, Bacon said.