Army shuts 996 Web sites for security check

The Army late last month took a dramatic step to remove sensitive information from its
Web sites: It shut down all 996 sites as part of a servicewide security review.


Lt. Gen. William Campbell, the Army’s director of information systems for command,
control, communications and computers, ordered commanders on Sept. 25 to immediately
remove from the Internet all publicly accessible Web sites under their control. As
organizations clear their sites of sensitive data, they are restoring public access.


“This Army Web site is not currently available,” read a Sept. 25 message on
the Army home page at http://www.army.mil.  
“This Web site will be available again after maintenance.”


The Army home page, created in February 1995 and maintained for the Army Office of
Public Affairs by Campbell’s office, is a gateway to other Army Web sites. The site
was back online last week.


Some critics of the Army’s approach labeled it extreme, but Army officials called
it the most comprehensive and efficient way to fulfill the order from deputy Defense
secretary John Hamre to scrub Defense Department Web sites of information that might
compromise national security.


“You don’t fix a car while it’s still running,” one Army official
said.


The Army was the only service to pull the plug on Internet access to its Web sites.


It accomplished the servicewide Web site shutdown by physically disconnecting Web
servers from the Internet and powering them down. Army offices then moved all site files
to nonpublic servers and instituted control mechanisms such as user identifications and
passwords to gain access to the sites.


Before the Army offices could repost their sites, Army commanders had to review the
information on the sites, remove sensitive information and ensure that security procedures
were in place to minimize the risks of revealing sensitive information such as troop
movements, lessons learned and personnel data.


Campbell’s directive applied to all Army Web sites, including sites at the
company, platoon and even section levels. All organizations running sites also had to
notify the Army’s home page webmaster via e-mail of their compliance with the
directive and to reregister sites through an online registration form.


“Our intent is to balance the Army’s security needs with our requirement to
release appropriate information to our citizens and to leverage the advantages of Internet
technology,” Campbell said. “At present, we are out of balance and must take the
actions described above as prudent force protection measures.” 


—Gregory Slabodkin

inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above