DOD issues a memo to address longstanding uncertainties about the use of social media and networks within defense agencies and military branches.
Defense Department officials finally released a long-awaited set of policy directives for the use of social networking and other Internet-based technologies. The DOD sought to balance utility with security, and the final result puts military leaders on notice that they must take responsibility for the cybersecurity of their operations.
The memorandum formalizes the military’s recognition that the ability to work effectively depends on Internet-based capabilities, which have become “integral to operations across the Department of Defense,” wrote Deputy Secretary of Defense William J. Lynn III, who issued the directive. "This directive recognizes the importance of balancing appropriate security measures while maximizing the capabilities afforded by 21st century Internet tools."
The new directive requires military and defense agency leaders to make Internet capabilities via the military’s unclassified but sensitive network available across all of DOD. Until now, some leaders have prevented or severely limited such access.
It also states that commanders at all levels and the heads of DOD components shall continue to defend against malicious intrusions and attacks, such distributed denial-of-service attacks, and take immediate and commensurate actions to safeguard missions. That would permit the discretion to limit access to the Internet to preserve operations security or address bandwidth if necessary.
The directive preserves the practice of prohibiting users from accessing Internet sites, or engaging in activity via social media sites, involving pornography, gambling, hate-crime and other prohibited activities. And it reiterates that members of military, defense and related agencies must continue to follow existing ethics and privacy guidelines.
“The real importance of this memo,” said David Wennergren, DOD deputy chief information officer, “is helping people understand how important it is to share information in a contested environment—in a consistent way. And it’s about being thoughtful about security.”
The memo's primary importance, Wennergren said, is in addressing the inevitable tensions between two groups: those in the military who want to accelerate the sharing of information and those responsible for keeping DOD networks secure.
The purpose of this memo was to help people think about both together, he said. “When you think about security, you tend to think about individual access. And when you think about sharing, you don’t think about security. This memo was issued to enforce consistency around the use of technologies that are really powerful in helping people get their jobs done better," he said.
But it's also intended to lay a broader foundation for secured computing in an unfriendly environment, he said. “If what you really want to do is secure information sharing, you need to think about technology that allows you to do trusted computing from untrusted computers,” he said. “It’s sort of like the national park model — take nothing with you, leave nothing behind."
Wennergren also said that desktop virtualization and server virtualization will play a larger role in the secure use of social media in the future. “Imagine having a trusted desktop in the cloud,” he said. “If apps and data are up in the cloud and you understand the perimeter, you can raise the boundaries of security overall. Virtualization can allow you to be protect your environment from the PC you’re booting into,” he said.
That will especially important as people access more and more data on secure networks through mobile clients, he said.
The road to releasing the policy memo relied on the kind of social media and collaboration tools the memo advocates, Wennergren noted. “We practiced what we preached,” he said, explaining that DOD leaders used a wiki-based approach to gain feedback from stakeholders and the public.
Elizabeth McGrath, DOD's assistant deputy chief management officer and performance improvement officer, said it's increasingly necessary for DOD to figure out how to work with social media tools, rather than barring them.
“As a way to communicate I think social media is terrific," she said. "With the younger generation coming, they expect social media. And I think you need to put those tools on the desktop to enable collaboration.
Agencies will grow more comfortable with the tools as they use them, she said.
Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, invited followers on his Facebook page to view the new social media policy, demonstrating the value of the technology.