With social media, should DOD go to the people, or should the people go to DOD?

 

Connecting state and local government leaders

Paul A. Strassman's recent column—arguing that DOD's social media policy doesn't do enough to address security—sparked a lively debate among readers, many of whom question whether DOD, or government in general, is suited to hosting social media sites.

Should the Defense Department be making use of public social media sites such as Facebook, or should DOD, for security reasons, build its own?

Paul A. Strassman’s recent column arguing that that DOD’s social media policy doesn’t do enough to address security sparked a lively debate among readers, many of whom question whether DOD – or government in general – is suited for hosting a social media environment.

Strassmann, former director of Defense information for the Office of the Secretary of Defense and now a professor at George Mason University’s Center for Secure Systems, cited the large number of DOD networks – and the fact that they are inconsistently managed and secured -- in arguing that DOD could not secure its unclassified but sensitive IP network (NIPRNet ).

He recommended, among other things, that DOD reduce its large “attack surface” through desktop and server virtualization and offer its own collaboration services so that people don’t have to resort to potentially non-secure social media sites such as Facebook, YouTube and Twitter. He lamented that Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, has to use Facebook to reach out to military, civilian and reserve personnel because DOD doesn’t have an alternative.

But would an in-house alternative solve the problem?


Related stories:

Original column: DOD social media policy fails to answer security questions

DOD issues long-awaited social media policy


“I think you miss a key point here that is often missed by DOD,” writes Dave Fliesen of Virginia Beach. “Adm. Mullen is using Facebook because that's where the people are. If DOD builds its own network, it just won't bring the people. I agree that DOD needs better computing systems and security measures in place, but making a DOD system to replace Facebook won't have the same reach as Facebook. Sometimes instead of ‘If we build it, they were come’ we need to think ‘where should we build it.’”

Other readers expanded on the idea. “As others mentioned, Paul's comments assume that Mullen's audience is WITHIN the firewall,” writes subbob in Kansas. “Security issues aside, that represents a fundamental misunderstanding as to one of the main reasons behind this policy -- public engagement.”

“The intent is to communicate with the public, on their 'platforms,’” writes Susan. “The public will not go to our Web sites or our social networking sites 'inside the firewall.' The use of Facebook and Twitter and the rest is to communicate with the public -- those that just so happen to support us (or in other words, whose support we need in more ways than I can mention here) in their 'spaces' .. where they communicate and congregate. And yes, the DTM does not address security, but I challenge you that there are already in existence plenty of documents that do address the security requirements and the security 'skills' of those that manage and administer our NIPRnet that there was no need, other than to list some of those documents in the reference portion of the DTM. … More attacks are caused by people getting fooled by phishing or other social engineering attacks that infiltrate our networks than anything else.

“And read the reports ... most of the time the network is compromised because someone failed to patch when they were supposed to. ...[N]o more policies will fix this ... only enforcement of existing polices, additional training and punishment to those that cannot seem to get it, will solve this problem.”

“Mr. Strassmann's comments may appear technically valid, but they are borne of a different era,” adds another reader. “Adm. Mullen's role is a public one as well as an internal one. In fact, such is the USA's military reach that he has to extend his communications to a global audience. Building virtual walls between the military and the public is Cold War thinking. As Iraq has proven, winning the war is more than just winning the battles. The issue for the military is to separate secure from insecure communications and so allow, and in fact encourage, its military and non-miltary personnel to communicate with the outside world. Hats off to Mullen for leading this cultural change. It’s time for the techies to catch up.”

“I have to agree with the government’s policy of social engagement,” writes Socialite. “The aggregation of updates into the FaceBook framework is very powerful. More flexible than industry newsletters and simpler than RSS. Suggesting that NO security incidents are the acceptable level is poor risk management.”

Nevertheless, other writers note that security is a real issue.

“Mr. Strassmann makes some very valid points as to why allowing social media sites on the NIPRnet raises more concern about network security” writes Kris Joseph. “I'm sure it was a heated debate at the Pentagon when our senior leaders were trying to develop this policy. What is clear to me in this policy is that the DOD sees more overall benefit in allowing social media rather than blocking it. And they have at the same time accepted the security risks that go along with it. Social media sites have been allowed in a large portion of U.S bases since the summer of 2009 and I haven't heard of any security issues as of yet. Time will tell.”

“It is interesting to note the history of DOD networks and systems when it comes to cybersecurity,” adds another writer. “Not to mention that DOD has servers located in other countries, often in challenging, hostile environments. In terms of the private DOD cloud argument, how is this model any more secure? Is this based on past performance, perception or entrenched business interest? For instance, OSD's SBU email system, a traditional DoD behind the firewall system, was hacked with user IDs and passwords that unlocked the entire network stolen. As a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder. Defense officials are still concerned about data lost in 2007 network attack.”

On the question of virtualization, Noel Dickover writes: “While I definitely agree that solutions for reducing the attack surfaces through desktop and server utilization is a great idea worth pursuing, this shouldn’t be embedded in the policy itself. The policy should list the component who is responsible for fulfilling that task, and others like it. In fact this is what was done – CDR USSTRATCOM has the responsibility to ‘assess risks associated with the use of Internet-based capabilities, identify operational vulnerabilities, and work with the ASD(NII)/DoD CIO to mitigate risks to the GIG.’ (Page 9, 6.b.). Respectfully, if we put the level of detail Mr. Strassmann advocates in the policy itself, we would need to rewrite the policy every time a new emerging technology created additional risks.”

And on a side note of sorts, reader subbob took the opportunity to suggest a different approach to computing. “Recently I started reading Nicholas Carr's ‘The Big Switch,’ where he makes an analogy to distribution of electrical power and computing, or informational, power. The government does not produce its own electricity, it buys it. Does not lay down its down telephone lines and services, it buys it. … Perhaps we should move to treating computing power as a utility, something that is a provided service, rather than continuing to try and manage it (badly & costly) in house.”

“Subbob has it correct,” added Chuck in Georgia. “It is well past time that DOD could be purchasing more IT and network power at a much lower cost that what we pay for the existing systems. Almost everything we need is available from NETWORX. The product would be much less expensive and much more secure. The big issue is that IT in DOD is the biggest jobs protection program on the planet; both for government workers and contractors. It is a huge feeding trough. That has to change before we can move forward.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.