DOD unveils new employee phone monitoring policy

Defense Department officials have released new guidelines that govern the monitoring of employees’ phone calls and the mock penetration of military network defenses to identify potential security risks to DOD information.

DOD Chief Information Officer John Grimes on Oct. 9 signed Instruction 8560.01, titled “Communications Security Monitoring and Information Assurance Readiness Testing.” The document replaces language from 1981 that regulated the circumstances under which DOD officials could listen in on employees’ telephone conversations for security reasons.

Donald Jones, a senior policy analyst in Grimes’ office who helped craft the document, said the new instruction changes little in the way of telephone monitoring policies. However, the document does spell out for the first time ground rules for network attacks by DOD officials to test how secure the military’s defenses are, he said.

Air Force officials have spoken recently of new plans to protect that service’s portion of DOD’s networks. The effort includes introducing what Air Force officials have dubbed “cyber sidearms” – computer applications to help airmen alert others to potential security breaches – and staged network intrusions by managers to test the usage of the software.

Jones said these efforts, called "information assurance readiness testing" in DOD jargon, will have to comply with the new policy.

Although the instruction puts the CIO in charge of overseeing the implementation of the new policy, DOD intelligence functions and the National Security Agency also play crucial roles. According to the document, the NSA director reports to the undersecretary of Defense for intelligence in executing communications monitoring missions across DOD.

The new policy – and the one from 1981 – states that information gathered through monitoring DOD phone calls and probing network defenses generally cannot be used for criminal investigations. However, the new instruction redefines an exception to that rule: Intercepted information “directly relating to a significant crime” should be referred to senior officials for further action. The previous policy stated that senior commanders and law enforcement agencies could only get involved when information inadvertently unearthed during a monitoring operation could help prevent “serious bodily harm or significant loss of property.”

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.