As security step, DOD to limit Web postings

To reduce the chances of terrorists gaining access to information that could threaten
national security, the Defense Department plans to set limits on what can be posted on DOD
Web sites.


Deputy Defense secretary John Hamre is expected soon to issue a memorandum to the
services and Defense agencies that lays out strict guidelines on what kinds of information
DOD offices can post.


Hamre and members of the Joint Chiefs of Staff are concerned about the content of some
DOD Web sites, said Kenneth Bacon, assistant secretary of Defense for public affairs. For
instance, DOD sites now include information such as building diagrams at military
installations, lessons learned from military operations, R&D program goals and
personnel details.


“The challenge is to balance two goals,” he said. “One is to have Web
sites that provide useful information to the users of those Web sites but don’t go
too far in providing information that could be dangerous if misused by malefactors of
various sorts.”


The plan comes less than seven months after two California teens broke into 11
unclassified Defense computers via the Internet in what Hamre called “the most
organized and systematic attack” against DOD systems ever. But Defense officials said
the latest analysis of Web site security is preventative and not a reaction to a specific
incident.


Certain information might compromise personal and institutional security, Bacon said.
Personal information posted on the Web, such as Social Security numbers, home addresses
and home telephone numbers, could be used to track down personnel and harm or abduct them,
he said. The information could also be used to falsify identification cards and documents,
he said.


Data on the capabilities of weapon systems in development, including technical
requirements, are posted on Web sites during the contract process, Bacon said.


“We’re trying to act before real problems develop,” Bacon said.
“The best problems are ones you head off before they become bad problems. That’s
what we’re attempting to do. We’re attempting to make people more conscious of
Web site security issues.”


DOD has about 1,000 Web sites, Bacon said, but because there is no central registry of
Defense sites, the department doesn’t know exactly how many it has.


DefenseLink, DOD’s main Web site at http://www.defenselink.mil,
is the gateway to Web sites for each of the services, specific commands, bases and, in the
case of the Navy, specific ships, he said.


“So there’s this sort of multiplication effect where you go into the Navy Web
site and from there you can go into many other Web sites down to carrier battle groups or
ships,” Bacon said. “You can even go into Web sites for particular units or
wings within the Marine Corps, Army and Air Force.”


DOD is a continual target of hackers. Defense last year reported more than 250,000
break-in attempts on its computers.


In June 1997, the Joint Chiefs sponsored Eligible Receiver, a cyberwarfare game in
which more than 50 National Security Agency workers broke into military systems using
software downloaded from the Internet. If an adversary or terrorist group had broken into
those systems, the results could have been catastrophic, Bacon said.  

inside gcn

  • machine learning

    Mitigating the risks of military AI

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above