Security

Big Crackdown in Store for Military Nets?

There may be proponents of soldier blogging in the top brass. But, unfortunately, they appear to be losing the argument. The info security absolutists are beating the sensible like a goat-skin conga. Federal Computer Week recently reported that the Pentagon was leaning towards white-listing — " policy that would banish all traffic not proven to […]

Banned_list_2
There may be proponents of soldier blogging in the top brass. But, unfortunately, they appear to be losing the argument. The info security absolutists are beating the sensible like a goat-skin conga. Federal Computer Week recently reported that the Pentagon was leaning towards white-listing -- " policy that would banish all traffic not proven to be purely official DOD business from its networks," -- as a way to shore up its computer security. (Never mind that such site blocks, arbitrary or poorly placed, keep people ignorant.)

There is a happy medium to be found between sound information security and the successful information operations we need to compete with global guerrillas. It requires granular control of your networks, and the fact that many DOD networks lack such control (apparently you need a whole cyber command to make it happen) is indicative of how vulnerable they actually are. If you don't know what you have you can't protect it from outsiders or enforce policy on insiders. This is especially important in deployed environments where slap-dash engineering is the order of the day and the fixes that will be taken care of 'when things calm down' never are.

So what should be allowed on the DOD nets? Answers, after the jump...

  • ESPN, sadly, is not mission-related.

  • You might not like the New York Times, you might not like the Washington Times, but legit news organizations deserve to be observed.

  • The same goes for vetted (e.g. provide value added) blogs.

  • Training: 'This is what you can say, this is what you can't say.' Lather, rinse, repeat quarterly.

  • Block wide: There are 194 countries in the world, not all of their IP blocks need access to .mil.

  • Block smart: Not every site with "Victoria" in the name is about underwear. Don't let the machine tell you what you need to know.

Info-fiends need to appreciate that GIs are not .com-ers and accept prudent restrictions for the sake of safety. Security needs to enable operations, otherwise it just ends up hindering it. This can be done, just not easily or cheaply.

-- Michael Tanji, cross-posted at Half of the Spear