FCW Forum: Should DOD ban personal use of its nets?
As recently reported by FCW, Defense Department officials are considering a policy that would banish all traffic not proven to be purely official DOD business from its networks.
The proposal to ban non-official traffic from the network is intended to increase the network’s security and stability by reducing the number of times malicious software code enters DOD networks, said Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, speaking at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington.
Does this policy make sense?
Based on the letters FCW received, readers generally understand the intent, but wonder about the potential ramifications. Check out the excerpts below from some of those letters and let us know what you think. You can either post a comment on this blog (registration required) or send an e-mail to [email protected] and we will post it for you.
"[DOD] better make sure that civilian web sites used/hosted by first responders, other government agencies, defense contractors, Web 2.0 collaboration sites, etc. are not blocked also."
"What percent of the problem would be solved if we banned Microsoft Explorer and made Firefox mandatory for all .mil computers? More than the IT community would like to admit, I suspect."
"DOD probably has a better case than most enterprises for banning non-necessary network traffic. But it's a truism of InfoSec that any type of ban inevitably results in the spawning of workarounds by those who need or want access to the resources they are being denied."
"It is nearly always impossible for a policy-maker in any organization to be able to specify exactly what network traffic is "legitimate" and what is not because the work environment is rarely simple enough to submit to high-level heuristics."
"Is visiting online retailers non-official or official? What if it is for obtaining price estimates on items that the individual intends to buy to support his organization's mission?"
"Your article left out any information about the feasibility of preventing non-official traffic without stripping DOD employee's of the ability to leverage the network and the internet to do their jobs as efficiently as the private sector."
"Innovation and creativity begins when government personnel can see what industry and other government agencies are doing to improve processes."
"As much as I understand DOD's need for security, I hope they keep in mind that the service Web mail sites can be an important means of communication between family members and deployed or otherwise absent service members."
"At a time when companies throughout the corporate sphere are realizing that the line between work and life is increasingly blurry, DOD/DISA seems to be considering a step backward in time."
"DOD and the federal workforce is facing an unprecedented wave of retirements and the next-gen workforce, facing a more restrictive work environment, will either enter government service and then proceed to fight the system from the inside (lower percentage chance of happening) or more likely, will simply bypass government service all together."
"While the idea is sincere, the implemented policy as stated would severely impact morale, recreation, and productivity for deployed ground and fleet forces who readily depend on the Internet for news, independent study, entertainment, and personal email communications."
"Who will determine what is official business? Think of the Red Tape of getting sites approved for access. This will stop research, training, support and impact business processes."
Posted on Jan 31, 2008 at 12:12 PM