Navy tightens tech use

New policies aim to increase security, stop abuse

The Navy has issued new policies on acceptable uses of service-owned cellular phones and information technology. Earlier this month, the service released guidelines for using cell phones, personal digital assistants and calling cards. In July, it released rules for the appropriate use of hardware, software and IT services.

The policies state that the Navy's military, civilian and contractor employees can use cell phones and IT only for official and authorized purposes unless they get approval for other uses. Leaders at Navy and Marine Corps commands are responsible for enforcing the policies and ensuring that personnel get security training.

Rob Carey, the Navy Department's deputy chief information officer for policy and integration, said service leaders thought the new policies were necessary because of recent attacks on Defense Department networks.

"This is about security," Carey said. "The ability for us to more effectively secure our IT systems is paramount."

The policies focus special attention on the dangers of peer-to-peer (P2P) applications, which let users share music, pictures and other files without centralized security controls or oversight.

"Unauthorized use of P2P file sharing can result in significant vulnerabilities to Department of the Navy information systems, including unauthorized access to information, compromise of network configurations and denial-of-service" attacks, according to one of the policies, "Effective Use of Department of Navy IT Resources," issued July 5.

Carey said the policies are not an Orwellian attempt by the Navy to prevent personnel from using cell phones and IT for personal use. Navy officials simply want service members to use them responsibly.

DOD ethics regulations allow Navy personnel to use cell phones and IT networks to communicate with friends and family, he said. A few personal phone calls and e-mail messages a day is fine, he said, but not 25.

But Carey said the policy forbids service members from accessing personal e-mail accounts, including Yahoo Mail and Microsoft Hotmail, from the Navy's networks without approval. The Marine Corps has started blocking access to personal e-mail accounts, and the Navy will take similar action, he added.

Some Navy employees said they did not know they should no longer access personal e-mail at work, although The Periscope, a publication of the Navy's submarine base at Kings Bay, Ga., published a story earlier this month about the service's new policy.

Carey said many Navy workers have inquired about the new policies, which were distributed to all Navy and Marine Corps commands.

Lewis Maltbie, president of the National Workrights Institute, a nonprofit employee rights group in Princeton, N.J., said the Navy can reasonably issue such policies with security and abuse in mind. But he cautioned that the Navy must administer them appropriately.

"This is a classic situation where the rules are not inherently unreasonable, but they could be enforced in a way that is completely unfair to the people in uniform," he said.

Dave Wennergren, the department's CIO, said the policies also aim to improve accountability and management. In a Sept. 2 memorandum, "Department of the Navy Policy for Issuance, Use and Management of Government-Provided Mobile (Cellular) Phone, Data Equipment and Services and Calling Cards," Wennergren wrote that the service must "move away from suboptimized independent management of telecommunications to a centralized enterprisewide approach."

Wennergren states in the memo that Navy personnel must reimburse the government for unauthorized use or charges for their cell phones. They are responsible for safeguarding their cell phone use, reporting stolen or missing phones, and turning them in on termination or transfer.

"The employment of Department of the Navy-wide management strategies for cell phones and calling cards across the Navy and the Marine Corps will provide an opportunity for significant savings and the establishment of improved management controls," Wennergren said.

He added that the Navy has made achieving those goals a high priority and that the service's personnel need access to appropriate telecommunications technologies to do their jobs.

"In all, this is about good hygiene and the appropriate and effective use of IT," Carey said.

New rules for using Navy IT

The Navy issued a policy in July that limits how personnel can use service-owned information technology.

That policy contains six rules prohibiting service members from:

  • Automatically forwarding official Navy e-mail to a commercial account or using a commercial account for official government business without approval.
  • Installing or modifying hardware or software without approval.
  • Circumventing or disabling security measures, countermeasures or safeguards, such as firewalls, content filters and antivirus programs.
  • Participating in or contributing to activity that causes a disruption or denial-of-service attack.
  • Writing, compiling, storing, transmitting, transferring or introducing malicious software, programs or code.
  • Using peer-to-peer file-sharing applications, such as Kazaa, Shareaza and OpenP2P, without approval.

-- Frank Tiboni

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above