Pentagon to update rules for using commercial social media sites

CORRECTION: This story originally said that the Pentagon planned to ban the use of .mil e-mail addresses on commercial social media sites, which was incorrect. Military officials say they will soon update their social media policy with privacy and security rules, but do not plan to ban .mil addresses from social media.

In the wake of a dating site hack that exposed personal information on military subscribers, the Defense Department is planning to put new restrictions on how personnel use commercial social media sites.

DOD will soon issue a new policy directing military personnel to use non-mission related contact information, such as phone numbers and e-mail addresses, when establishing personal accounts, Aliya Sternstein reports in NextGov.

Dot-mil e-mail addresses will still be allowed on sites such as Army Knowledge Online, Sternstein writes, but not for commercial sites.

Related coverage:

Analysis of a social site hack: Are risks too great for gov workers?

Is Facebook the next cybersecurity nightmare?

DOD has gone back and forth over social media in recent years, trying to balance the benefits of social networking with security concerns. The new policy comes on the heels of a hack that showed the vulnerabilities in some social media sites and raised questions about whether government employees should connect to them from work computers.

In March, the hacker group LulzSec attacked, a commercial website catering to military members, stealing and later posting user names and passwords of 170,937 subscribers, many of whom had .mil addresses.

A subsequent analysis of the attack by data security company Imperva showed the potential weaknesses in sites that allow users to upload content — in this case, photos. Hackers bypassed the site’s filters to insert malicious code and then were able to crack poorly protected passwords.

Not every social media site shares the same vulnerabilities — in offering recommendations on how to better improve protection for users of social sites, Imperva cited several Facebook practices — but the report states that sites that allow user-generated content are going to face risks, which could be compounded if the users also work with sensitive information.

“Imperva calls into question if military and government employees should be held to a higher standard when it comes to social networking,” the report states. It also concluded that “social networking and the public sector don’t mix.”

With its pending policy of keeping .mil addresses and other mission-related information out of the social fray, DOD seems to have agreed.

It’s the latest turn in DOD’s social media policy, which has seen the department ban sites such as Facebook, Twitter, Flickr and YouTube, then in February 2010 issue a policy allowing use of unclassified .mil computers to access the sites.

At that time, department officials talked about the need for better information sharing, and for accommodating younger users who had come to expect social media access, while making military leaders responsible for cybersecurity.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Tue, Jun 5, 2012

As a Director of IT at my installation I have been blocking Social Media from the get go. It is not something people should be doing while "at work". It's got more holes than swiss cheese. Not to mention the Bandwidth it sucks up. Sometimes someone has to say NO! Remember Ibsen - Might does not make right....Trust me I catch a lot of flak for it but common sense rules the day.

Wed, May 30, 2012 Walter Washington, DC

Home address, cell phone number, and yahoo or gmail account. It should be obvious. Unfortunately, it may be too late. The information is already out there.

Wed, May 30, 2012 Johnnie Johnson WashDC

Duh!!! Unless it is needed for professional reasons, a mil address should never be used for unofficial business.

Wed, May 30, 2012 Mel

This is a new policy? We were always told Government e-mail was NOT to be used for personal business, to include dating or social networking sites. How about enforcing existing policy rather than adding "new restrictions."

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group