DOD unveils new employee phone monitoring policy

Defense Department officials have released new guidelines that govern the monitoring of employees’ phone calls and the mock penetration of military network defenses to identify potential security risks to DOD information.

DOD Chief Information Officer John Grimes on Oct. 9 signed Instruction 8560.01, titled “Communications Security Monitoring and Information Assurance Readiness Testing.” The document replaces language from 1981 that regulated the circumstances under which DOD officials could listen in on employees’ telephone conversations for security reasons.

Donald Jones, a senior policy analyst in Grimes’ office who helped craft the document, said the new instruction changes little in the way of telephone monitoring policies. However, the document does spell out for the first time ground rules for network attacks by DOD officials to test how secure the military’s defenses are, he said.

Air Force officials have spoken recently of new plans to protect that service’s portion of DOD’s networks. The effort includes introducing what Air Force officials have dubbed “cyber sidearms” – computer applications to help airmen alert others to potential security breaches – and staged network intrusions by managers to test the usage of the software.

Jones said these efforts, called "information assurance readiness testing" in DOD jargon, will have to comply with the new policy.

Although the instruction puts the CIO in charge of overseeing the implementation of the new policy, DOD intelligence functions and the National Security Agency also play crucial roles. According to the document, the NSA director reports to the undersecretary of Defense for intelligence in executing communications monitoring missions across DOD.

The new policy – and the one from 1981 – states that information gathered through monitoring DOD phone calls and probing network defenses generally cannot be used for criminal investigations. However, the new instruction redefines an exception to that rule: Intercepted information “directly relating to a significant crime” should be referred to senior officials for further action. The previous policy stated that senior commanders and law enforcement agencies could only get involved when information inadvertently unearthed during a monitoring operation could help prevent “serious bodily harm or significant loss of property.”

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.