Military command purges sensitive data from Web sites after security evaluation

HONOLULU—U.S. Forces in Korea as well as the United Nations and Combined Forces
commands are scrubbing their Web sites of any sensitive information that might prove
useful to an enemy.


“Our home page apparently was a wonderful source of intelligence for anybody that
wanted to surf the Internet,” said Air Force Maj. Gen. Michael Hayden, deputy chief
of staff for the United Nations Command, Combined Forces Command and U.S. Forces Korea.


“We’ve got to have a little more discipline in what we put out there free for
the taking,” Hayden said last month at the Armed Forces Communications and
Electronics Association’s TechNet Asia-Pacific ’98 Conference.


A recent evaluation of U.S. Forces Korea’s unclassified systems not only found
that its systems were vulnerable to attack but also concluded that its Web sites provided
a wealth of potentially damaging information to its adversaries, Hayden said.


“We would kill for the e-mail addresses of officers in the Ministry of the
People’s Armed Forces in North Korea,” Hayden said. “Those kinds of
addresses were available on our home page. Maps of our installations are also probably not
a good thing to have on our home page.”


The commands’ Web security review called for a more vigorously implemented
password and training policy to prevent security breaches, Hayden said. The vulnerability
assessment also recommended that the commands bolster the use of intrusion detection and
firewalls to protect its unclassified systems, he said.


“We’ve got technical problems that can be solved by technology, but
we’ve also got real cultural problems that are tougher to solve,” Hayden said.
“For instance, the word ‘password’ is not a good password, nor is the
return key.”


In addition, a significant number of PCs and workstations used by U.S. Forces Korea
personnel have no passwords at all, Hayden said.


The decision to conduct a security scrub of Web sites predated deputy Defense secretary
John Hamre’s September directive ordering the services and Defense Department
agencies to review their Web sites, Hayden said.


Hamre instructed department webmasters to remove potentially sensitive information such
as military plans, R&D data and personal information about Defense personnel.


The United Nations Command, Combined Forces Command and U.S. Forces Korea Web sites are
not yet back online, Hayden said, and he did not say when they might be accessible again.
But Hayden insisted that the commands will resume their Web operations.


“We are not getting out of the home page business because we need the agility that
the Internet gives us,” he said. “We just need to manage it
correctly.” 

inside gcn

  • high performance computing (Gorodenkoff/Shutterstock.com)

    Does AI require high-end infrastructure?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above