All eyes are on DOD's social-media policies as review nears completion

Experts warn agains too much restriction

A review that considers the benefits and risks of using social networking technology at the Defense Department is expected to conclude this month and could lead to new policy decisions on the use of such tools in DOD agencies.

Meanwhile, a DOD spokesman said recently he expects the review to recommend a balanced approach to using social networking tools such as Facebook and Twitter. A policy that permits the use of the technology with some restrictions is the likely outcome, he said. DOD has not had a department-wide policy, leading to a range of rules among various organizations. Some have essentially banned social-media use on military computers, while others have adopted less restrictive measures.

A balanced policy is wise, because an outright ban wouldn’t work, according to several experts.

Attempting to completely block the technology in the DOD would be futile, said Amit Yoran, the chief executive officer of NetWitness and the former director of the US Computer Emergency Readiness Team and National Cyber Security Division of the Homeland Security Department.

“What experience has taught us in this industry is that users will bypass over-draconian and overly restrictive policies that you may impose on them,” Yoran said. “It may be the users actively doing it, it may be the social media sites getting creative and finding ways to encapsulate and tunnel and do all these things that allow folks to bypass the protective measures and policies that we put in place.”

If people try to get around restrictive policies, that could put agencies in a more vulnerable position than simply allowing some degree of access would have, Yoran said.

“When you force these sites to work against you, and your users to work against you, then your ability to monitor and protect and defend yourself is significantly reduced,” he said.

The balanced approach DOD is expected to take is the right move, Yoran said.

Because outright bans rarely work, DOD and other agencies should identify specifically what security problems they have with social networking, said Jeremy Mishkin, an attorney with Montgomery McCracken with expertise in e-commerce and Web-based businesses.

“Teach your people about what security is, why it’s essential and how the entire team has to be smart since the weakest link will fail,” he said. “In general, if you explain respectfully what you’re trying to accomplish and why, and treat them as responsible adults, your team’s much more likely to comply.”

Besides being ineffectual, under a ban DOD would miss the functionality social networking can provide. The ability to rapidly share information is a function DOD is constantly seeking, he said, Yoran said.

The next step for DOD, and other federal agencies, should be to identify exactly how the emerging technology should be used, said Grant McLaughlin, principal at Booz Allen Hamilton.

“We need to collectively move the new technologies from being viewed as a toy – and move them more to a useful tool,” McLaughlin said. “I think we’ve reached a critical mass of people who believe in the potential of these technologies, but we now have to determine how to turn that potential into actual results that help these agencies better achieve their missions.”

A review weighing the benefits and risks of using social networking technology at the Defense Department is expected to conclude this month and could lead to new policy decisions on the use of such tools withing DOD agencies. A DOD spokesman said he expects the review to recommend a balanced approach to using social networking tools such as Facebook and Twitter. A policy that permits the use of the technology with some restrictions is the likely outcome, he said.

 

Reader comments

Fri, Oct 2, 2009 Wash DC

Social networking sites do provide a way to connect with other agencies and with people throughout the world. But does the average worker need it at their desktop to do their job? I certainly don't. Should the websites be available to an agency at the agency/public affairs level? Absolutely. But not at the average Joe's desktop.

Fri, Oct 2, 2009 oracle2world

Just so people know this stuff isn't without risk. I hope the policy includes guidance on that.

Fri, Oct 2, 2009 IOWA

I work for the DOD and in my opinion the problem is not if social networking should be banned or not, by the DOD. No matter which way the decision goes, the problem is accountability. DOD or a local entity has banned the use of zip drives for our use because of the chance of introducuing viruses etc. into the system. If don't have a problen with that. I you violate the policy then you should expect to suffer the consequences of your action. In my opinion if the social networking is causing a security problem, then ban it. If the ban is violated, then prosicut to the full extent of the law. Hold the folks accountable for their trangressions, no matter who they are. It shouldn't make a difference if the violator is a high ranking official, a GS1-1 or a recruit; all of them should be held accountable to the same standard.

Fri, Oct 2, 2009 Chris Ballenger Mclean

I applaud the DoD for taking the steps to evaluate these new technologies and look forward. Utilization of these types of technology will only enhance the capabilities of the DoD to fulfill its mission. Ignoring them is impossible. Chris Ballenger, VP Government Attensity.

Fri, Oct 2, 2009 Thoughts.com

We at thoughts.com believe social media is important to everyone. It is important to stay connected. DOD has the right to protect confidential information and that seems to be their only concern.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above