[ISN] Pentagon Orders New Net Rules

From: mea culpa (jerichot_private)
Date: Sun Oct 04 1998 - 22:41:18 PDT

  • Next message: mea culpa: "[ISN] Wiretaps Authorized By Secret Federal Court"

    Pentagon Orders New Net Rules
    By Courtney Macavinta, courtmt_private
    The Pentagon may be a bastion of security, but the Defense Department's
    approximately 1,000 affiliated Web sites may have been giving up sensitive
    information to global computer users. 
    So Deputy Defense Secretary John Hamre announced a new policy Friday to
    keep off the Net the location of military operations, officials'
    itineraries, and sensitive personal information about employees, for
    "The Internet World Wide Web provides the department with a powerful tool
    to convey information quickly and efficiently on a broad range of topics," 
    Hamre said in a memorandum sent to the department. 
    "At the same time, such information, especially when combined with
    information from other sources, increases the vulnerability of [Defense
    Department] systems and may endanger [Defense Department] personnel and
    their families," he added. 
    The order comes in the wake of a General Accounting Office report released
    last week that found that 24 of the largest U.S. agencies, including the
    Defense Department, put critical government operations and data at "great
    risk of fraud, misuse, and disruption." 
    For now, all of the Defense Department 's organizations have 60 days to
    remove from their Web sites the following material: "plans that could
    reveal sensitive military operations, exercises or vulnerabilities; 
    information on sensitive troop movements; personal data such as Social
    Security numbers, birth dates, home addresses and home phone numbers; and
    any other identifying information about family members of DOD employees
    and military personnel." 
    The department also has created a task force to develop security policies
    for its various Web sites by late November and the plans are to be
    implemented by March. 
    The department began making plans for the Web site reviews earlier this
    month. Recently, national security officials were given a demonstration by
    staff that showed how easy it was to find out where, for instance, a top
    military official lived by "data mining" or taking certain information
    from a Department of Defense site and combining it with other details
    found on the Net. 
    "There has been particular concern about information that may lead to
    divulging too much about the privacy of individuals, such as posting a
    biography or a promotion list--we don't want any Social Security number or
    home phone inadvertently revealed," Susan Hansen, spokeswoman for the
    Defense Department, said today. 
    The FBI has had similar concerns about the Environmental Protection
    Agency's plans to post online chemical manufacturers' "worst-case"
    accident scenarios, which could include an estimate of how many people
    would die if toxic gases were released, if an explosion took place, or if
    dangerous liquids were spilled. The FBI worries these plants will become
    terrorist targets. 
    But the recent terrorist bombings in Africa, national security assertions
    that the U.S. is the target of cyberterrorism attacks, the computer
    break-in at the Pentagon last April, and "low-visibility" attacks on U.S. 
    Navy network security were not cited as reason for the Defense
    Department's new policy. 
    "Privacy issues on the Web have been of growing concern; I can't tie to
    any one event," Hansen said. "We don't want to deny information under the
    Freedom of Information Act, but on the Internet it's all aggregated and
    provides a bigger picture than if we provided the information locally or
    through a piece of paper." 
    Still, the Defense Department could have anticipated the General
    Accounting Office's report, which was commissioned by Congress and which
    the GAO had been working on for some time. The report called for immediate
    action: "The need for improved federal information security has received
    increased visibility and attention, but more effective actions are needed
    both at the individual agency level and the government-wide level," it
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:13 PDT