http://www.news.navy.mil/search/display.asp?story_id=20684 By Chief Journalist (SW/AW) Joseph Gunder Naval Network Warfare Command Public Affairs Story Number: NNS051020-17 Release Date: 10/20/2005 NORFOLK, Va. (NNS) -- The Navy has begun enforcing policies set forth in its Information Technology User Acknowledgement Form by blocking access to Web-based commercial e-mail sites (webmail) from Department of the Navy-funded networks. That means it's no longer possible for anyone using Navy information technology to access commercial webmail from providers such as Yahoo, Hotmail, AOL and others. The new policy enforcement has taken effect throughout the Navy and applies to computer systems on ships and ashore, both in the United States and overseas. ONE-NET (OCONUS Navy Enterprise Network) started blocking webmail access Oct. 18 for overseas users. Both NMCI (Navy/Marine Corps Intranet) for U.S.-based users and IT-21 for afloat users have been blocking since Oct. 12. "Navy Networks are a weapon system and must be defended with the same rigorous standards as other weapon systems," explained Vice Adm. James P. McArthur, commander, Naval Network Warfare Command (NETWARCOM). "People and mission are at risk without access to assured, secure, complete, accurate and timely information." The restrictions on commercial webmail are necessary to protect the Navy's networks from multiple threats while maintaining operational security on all of its systems that are connected to the Department of Defense's Global Information Grid. According to Chief Warrant Officer Karen Williams, an Information Assurance implementation policy writer for NETWARCOM, webmail could provide a window for malicious software to enter a government computer system. "Any pop-up ad that appears in a webmail message could potentially contain a virus when it opens," she said. "An attachment that comes in from a webmail message could possibly bypass all the safeguards all the way to the user's computer." In addition, just opening a Web browser window to these commercial webmail sites can leave a computer open to outside attack. The policy was put into effect July 16 through a message from the Department of the Navy's Chief Information Office about "Effective use of Department of Navy Information Technology Resources." A Navy Telecommunication Directive issued July 25 directed that every Navy network user must fill out, sign and date a Navy Enterprise Information Technology User Acknowledgement Form prior to receiving access to government-provided IT services and systems (i.e., being granted a network account with e-mail). This User Acknowledgement form was to be completed for all Network users by Oct. 1. An educated user base is an essential part of Navy's defense-in-depth strategy. "Everybody was supposed to have had Information Assurance (IA) training by Oct. 1 to ensure we have smart users," Cathy Baber, branch head for policy and procedures at NETWARCOM said, "and no one else will be allowed access to the network until they have gone through a minimum level of training." "As for popular commercial Web sites and search engines, the only part of those sites that are being blocked are the commercial Web-based e-mail elements," explained Neal Miller, deputy director of the Enterprise Management Directorate at NETWARCOM. "And it's only from government-provided official business networks. It's exclusively about securing our shared asset, the government enterprise network." "You can still go to a search engine to look on the web and surf," said Baber. "This won't prevent any of that." Ships have had various levels of protection in place since 1999, but they were largely based on managing bandwidth and were set at the discretion of commanding officers. Some ships have been blocking webmail for years for bandwidth and operational security reasons. The Marine Corps has been prohibiting access to commercial webmail since December 1999 on the Marine Corps Enterprise Network. Sailors will still be able to send e-mail from their military accounts to a commercial account. But Baber stressed that users should never have their military e-mail set up to autoforward messages to their personal account. Autoforwarding to a personal account is a major operational security risk. Baber said the policy prohibiting autoforwarding was put in the User Acknowledgement Form to ensure all users were aware of their responsibilities. Network users are the first line of network cyber defense. Though many commercial webmail providers claim to use the latest up-to-date anti-virus protection, Baber said that there's no assurance that everything is safe or meets the Navy's security standards. There are options to help minimize the impact of not having access to commercial webmail, according to Baber. "Sailors on some large-deck ships may have access to certain computers in the ship's library that aren't connected to the Navy backbone that will allow commercial e-mail to be viewed," Baber said. "This lessens risk to our official business networks. Baber said that any legacy networks are required to comply with the Navy's new policy. "If there is a legacy network that has its own DNS (domain name system) server, it is required to implement blocking of these addresses, as well." For more information, please contact your local Information Assurance Manager (IAM), or go to https://infosec.navy.mil. For related news, visit the Naval Network Warfare Command Navy NewsStand page at www.news.navy.mil/local/nnwc/ _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 24 2005 - 06:36:05 PDT