Pentagon Orders New Net Rules
http://www.news.com/News/Item/0,4,26881,00.html
By Courtney Macavinta, courtm@cnet.com
The Pentagon may be a bastion of security, but the Defense Department's
approximately 1,000 affiliated Web sites may have been giving up sensitive
information to global computer users.
So Deputy Defense Secretary John Hamre announced a new policy Friday to
keep off the Net the location of military operations, officials'
itineraries, and sensitive personal information about employees, for
example.
"The Internet World Wide Web provides the department with a powerful tool
to convey information quickly and efficiently on a broad range of topics,"
Hamre said in a memorandum sent to the department.
"At the same time, such information, especially when combined with
information from other sources, increases the vulnerability of [Defense
Department] systems and may endanger [Defense Department] personnel and
their families," he added.
The order comes in the wake of a General Accounting Office report released
last week that found that 24 of the largest U.S. agencies, including the
Defense Department, put critical government operations and data at "great
risk of fraud, misuse, and disruption."
For now, all of the Defense Department 's organizations have 60 days to
remove from their Web sites the following material: "plans that could
reveal sensitive military operations, exercises or vulnerabilities;
information on sensitive troop movements; personal data such as Social
Security numbers, birth dates, home addresses and home phone numbers; and
any other identifying information about family members of DOD employees
and military personnel."
The department also has created a task force to develop security policies
for its various Web sites by late November and the plans are to be
implemented by March.
The department began making plans for the Web site reviews earlier this
month. Recently, national security officials were given a demonstration by
staff that showed how easy it was to find out where, for instance, a top
military official lived by "data mining" or taking certain information
from a Department of Defense site and combining it with other details
found on the Net.
"There has been particular concern about information that may lead to
divulging too much about the privacy of individuals, such as posting a
biography or a promotion list--we don't want any Social Security number or
home phone inadvertently revealed," Susan Hansen, spokeswoman for the
Defense Department, said today.
The FBI has had similar concerns about the Environmental Protection
Agency's plans to post online chemical manufacturers' "worst-case"
accident scenarios, which could include an estimate of how many people
would die if toxic gases were released, if an explosion took place, or if
dangerous liquids were spilled. The FBI worries these plants will become
terrorist targets.
But the recent terrorist bombings in Africa, national security assertions
that the U.S. is the target of cyberterrorism attacks, the computer
break-in at the Pentagon last April, and "low-visibility" attacks on U.S.
Navy network security were not cited as reason for the Defense
Department's new policy.
"Privacy issues on the Web have been of growing concern; I can't tie to
any one event," Hansen said. "We don't want to deny information under the
Freedom of Information Act, but on the Internet it's all aggregated and
provides a bigger picture than if we provided the information locally or
through a piece of paper."
Still, the Defense Department could have anticipated the General
Accounting Office's report, which was commissioned by Congress and which
the GAO had been working on for some time. The report called for immediate
action: "The need for improved federal information security has received
increased visibility and attention, but more effective actions are needed
both at the individual agency level and the government-wide level," it
says.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Oct 5 08:51:46 1998