DOD unveils new employee phone monitoring policy

Defense Department officials have released new guidelines that govern the monitoring of employees’ phone calls and the mock penetration of military network defenses to identify potential security risks to DOD information.

DOD Chief Information Officer John Grimes on Oct. 9 signed Instruction 8560.01, titled “Communications Security Monitoring and Information Assurance Readiness Testing.” The document replaces language from 1981 that regulated the circumstances under which DOD officials could listen in on employees’ telephone conversations for security reasons.

Donald Jones, a senior policy analyst in Grimes’ office who helped craft the document, said the new instruction changes little in the way of telephone monitoring policies. However, the document does spell out for the first time ground rules for network attacks by DOD officials to test how secure the military’s defenses are, he said.

Air Force officials have spoken recently of new plans to protect that service’s portion of DOD’s networks. The effort includes introducing what Air Force officials have dubbed “cyber sidearms” – computer applications to help airmen alert others to potential security breaches – and staged network intrusions by managers to test the usage of the software.

Jones said these efforts, called "information assurance readiness testing" in DOD jargon, will have to comply with the new policy.

Although the instruction puts the CIO in charge of overseeing the implementation of the new policy, DOD intelligence functions and the National Security Agency also play crucial roles. According to the document, the NSA director reports to the undersecretary of Defense for intelligence in executing communications monitoring missions across DOD.

The new policy – and the one from 1981 – states that information gathered through monitoring DOD phone calls and probing network defenses generally cannot be used for criminal investigations. However, the new instruction redefines an exception to that rule: Intercepted information “directly relating to a significant crime” should be referred to senior officials for further action. The previous policy stated that senior commanders and law enforcement agencies could only get involved when information inadvertently unearthed during a monitoring operation could help prevent “serious bodily harm or significant loss of property.”

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.