Marines solidify ban on Facebook, Twitter
While military uses social networks, security concerns keep soldiers offline
Computerworld - The U.S. Marine Corps made it official this week: Social networking sites such as Facebook and Twitter are banned from military networks.
The new administrative directive issued Monday, doesn't change much. Marines have not been allowed to access sites like Facebook, MySpace or Twitter from military networks. The Marines have simply put an official stamp on the ban, while also laying out the steps to take for any Marine who wants to access a site as part of his or her job.
"These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries," the directive noted. "The very nature of [social networking sites] creates a larger attack and exploitation window, exposes unnecessary information to adversaries and provides an easy conduit for information leakage ..."
The ban, however, is only for people using Marines' equipment and networks while they are working. Marines may still Twitter or post to Facebook on their own time and on their own computers.
The military isn't against using sites like Facebook and Twitter, said 1st Lt. Craig Thomas, a Pentagon-based spokesman for the Marine Corps.
The U.S. Central Command has a Facebook page, a channel on YouTube and a Twitter account to get out information regarding operations news. The Army is using MySpace to recruit new soldiers and the U.S. Forces Afghanistan page on Facebook has more than 24,000 fans.
"The Marine Corps has got to find a balance between security and letting Marines capitalize on the technology," Thomas said in an interview with Computerworld. "We don't want information leaks and we want to keep Marines focused on the mission at work and we wanted to save bandwidth. We're trying to find the fine line."
Thomas noted that 30 years ago, soldiers were warned about revealing too much information in letters home. Then 10 years ago, they were warned about how they used e-mail. Today, the focus is on social networks.
"You can't have someone posting, 'Hey, we're leaving on this date and at this time,'" he added. "Believe me, the enemy is checking out what you guys are reporting and what service men and women are saying online. The Marine Corps instills operational security. They need to be cognizant of what they're saying, whether verbally or what they're saying on social networking sites."
Ken van Wyk, principal consultant at KRvW Associates, said the Marines have several avenues of concern with social network use and they're probably right on track with most of them.
"If they're concerned about the platform -- whether Facebook itself is secure -- then their concerns should go far beyond just Facebook," van Wyk said. "Any site that permits active content into the user's browser runs the same risk. Facebook is just one of many."
But for the military to be concerned about soldiers posting mission critical information on Facebook or MySpace, then they're not thinking broadly enough, van Wyk said.
"If they're concerned about the content, like soldiers posting, 'Wow, having breakfast just outside of Fallujah today,' then Facebook is purely just a scapegoat," he added. "Information can be shared in many different ways. SMS texts, for example. E-mails to friends. Facebook and its ilk make that particularly easy, as well as tough for the Marines to control or even monitor, but someone who wants to share information is going to find a way."
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts