Air Force pinged on Web data
DOD inspector general's report found inappropriate information on many of service's sites
The Air Force is posting potentially inappropriate information on many of its Web sites because it is not reviewing or maintaining those sites as it should, according to a Defense Department inspector general's report released last month.
The Air Force had 140 publicly accessible Web sites that contained "potentially inappropriate" information, the IG found. These sites contained warnings such as "For Official Use Only" and "Secret," yet were still accessible by the general public.
"The Air Force had not developed adequate plans to annually review its Web sites," the IG report said. "In addition, the listing of Air Force publicly accessible Web sites recorded in Air Force Link did not match the data reported in [the] Government Information Locator Service." The Air Force Link registration database feeds information to GILS, which helps citizens identify, locate, and retrieve information about the government.
The IG also found that the process to remove sensitive data "was not reliable."
Among its recommendations, the IG suggested that the Air Force conduct annual multi-disciplinary reviews of its Web sites and report the results to the service's chief information officer.
In written response to the report, John Gilligan, Air Force CIO, agreed with the recommendations and said that a review process would be in place by August. Specifically, the service's Office of Public Affairs would screen information before posting and Webmasters would review sites for unauthorized information.
Gilligan also said that the Air Force would ensure that Air Force Link and GILS data are consistent, and that it would work "to ensure public Air Force Web sites do not divulge inappropriate data."
Meanwhile, the Air Force has developed a training program for personnel working on Websites, and oversight of Air Force Web sites has improved with the establishment of the Air Force Web Risk Assessment Cell, the IG said. This group is responsible for vulnerability analyses and threat assessments of the service's Web site content.