Military command purges sensitive data from Web sites after security evaluation
- By Gregory Slabodkin
- Dec 14, 1998
HONOLULUU.S. Forces in Korea as well as the United Nations and Combined Forces
commands are scrubbing their Web sites of any sensitive information that might prove
useful to an enemy.
Our home page apparently was a wonderful source of intelligence for anybody that
wanted to surf the Internet, said Air Force Maj. Gen. Michael Hayden, deputy chief
of staff for the United Nations Command, Combined Forces Command and U.S. Forces Korea.
Weve got to have a little more discipline in what we put out there free for
the taking, Hayden said last month at the Armed Forces Communications and
Electronics Associations TechNet Asia-Pacific 98 Conference.
A recent evaluation of U.S. Forces Koreas unclassified systems not only found
that its systems were vulnerable to attack but also concluded that its Web sites provided
a wealth of potentially damaging information to its adversaries, Hayden said.
We would kill for the e-mail addresses of officers in the Ministry of the
Peoples Armed Forces in North Korea, Hayden said. Those kinds of
addresses were available on our home page. Maps of our installations are also probably not
a good thing to have on our home page.
The commands Web security review called for a more vigorously implemented
password and training policy to prevent security breaches, Hayden said. The vulnerability
assessment also recommended that the commands bolster the use of intrusion detection and
firewalls to protect its unclassified systems, he said.
Weve got technical problems that can be solved by technology, but
weve also got real cultural problems that are tougher to solve, Hayden said.
For instance, the word password is not a good password, nor is the
In addition, a significant number of PCs and workstations used by U.S. Forces Korea
personnel have no passwords at all, Hayden said.
The decision to conduct a security scrub of Web sites predated deputy Defense secretary
John Hamres September directive ordering the services and Defense Department
agencies to review their Web sites, Hayden said.
Hamre instructed department webmasters to remove potentially sensitive information such
as military plans, R&D data and personal information about Defense personnel.
The United Nations Command, Combined Forces Command and U.S. Forces Korea Web sites are
not yet back online, Hayden said, and he did not say when they might be accessible again.
But Hayden insisted that the commands will resume their Web operations.
We are not getting out of the home page business because we need the agility that
the Internet gives us, he said. We just need to manage it