C'mon...we only piss on the floor on the odd occasion when we feel compelled to mark territory.And, while I'm at it, I need to point out that I was really tempted to look into adopting a Marine as mentioned in another post in here. But then someone told me they're really hard to house break.
In that case, I guess I could just hit him on the nose with a rolled up copy of the Gazette.Originally Posted by jcustis
C'mon...we only piss on the floor on the odd occasion when we feel compelled to mark territory.
I'm doing some serious ranting today. I feel like SWJ's answer to Lewis Black.
Oil at $103 a Barrel?
With the price of oil this AM, we should all be ranting...
Higher Education is going through some of these same issues.
What you described by having to log in many times is called a denial of service attack against the user.
Highly punitive information technology policies have a tendency to cause users to circumvent the technology, stifle creativity, support dietism of the admins, and actually create substantial insecurity in the network systems.
I'm going to say something and you all are going to say "NO FREAKING WAY!", but give me a chance.... Information assurance and security is a solved issue.
The support:
1) There is no such thing as a totally secure network you only have levels and must accept some risk at whatever mitigation/price you're willing to accept/pay.
2) True security requires education of the user, good administrative practices, but most importantly agreement by the users. Hostile or punitive policies create fear and loathing in the users and support insecurity of the network.
3) A communications network is only as secure as the weakest link and should be considered as such. The user is an integral part of the network, is highly mobile, go's home at night, has access through other networks, and as such degrades through the "sneaker net" any and all other security factors.
4) Security that is obvious and blatant is a form of force and can be used against the network (think Judo analogy). The harsher the security mechanism the more information provided to violate the network perimeter.
In essence most security of networks is the equivalent of "CYA". To date most enterprises have single factor authentication, they publish the userid as the email address (the first factor) and the second factor (password) is defined as a symbol, 7 characters, etc.. (thereby giving pattern recognition password breakers a better chance). To date most enterprises use the "block it all" method versus contextual analysis which causes users to circumvent the security either through tools at work or when they get home (thus removing them from their role and creating other issues).
Totalitarian network administration never works. There are always break ins, violations, and in general firings of administrators. The reality is that you have to manage, assist, and support users if you want assistance in securing the network. Anything else is guaranteed to fail. The kicker is if you take the totalitarian approach the users will be to afraid to tell you and you won't know when it fails.
Information assurance and security is solved. The fact is that it will never be perfect and it must be sized/priced/created in such a way that it supports rather than degrades the network. Until the information technology professionals accept that the user is integral to the network, security will always be less than is possible.
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
Cavguy, FOUO....that's southern for "for you" but they want let me in.Who do I need to splain this to bout how 2 talk rite?
I hear you, I was born outside of Auburn, and my family hails from Monroe county. However, I was transplanted to Virginia at a young age to escape the vicious cycles of LA .... Lower Alabama that is ......
I'll have to add that to the appendix to Doctrinal Terms and Symbols.
FOUO and WHUFFO
He's right,,FOO YOO is related to WHUFFO a term in the parachuting and skydiving circles for spectators with origins in George and Alabama..comes from "WHUH FOA YOU jump outta dem planes?"I hear you, I was born outside of Auburn, and my family hails from Monroe county. However, I was transplanted to Virginia at a young age to escape the vicious cycles of LA .... Lower Alabama that is ......
I'll have to add that to the appendix to Doctrinal Terms and Symbols.
Sam,
I completely agree and the remarkable thing is I know influential guys who also agree and cannot get the rational points across.
The IT community inside the military has become very much like the old stove-piped Army Security Agency; reason and rationale thought does not necessarily apply. In fact attempting rational and reasoning thought tends to prompt a knee-jerk, irrational reaction with no thought applied.
Best
Tom
What I find both amusing and idiotic is that when you ask who has the authority to fix a specific item of stupidity, the answer is "Huachucua." In other words, there is no human decision-maker, just this mysterious and all powerful entity known as Huachucua. Case in point--the American Enterprise Institute and the Stanley Foundation are blocked. We've tried for years to fix that, but can't identify the actual organic unit who made the decision or can overrule it.
I am the great and powerful Oz...
Pay no attention to the man behind the curtain...
I hear you, I was born outside of Auburn, and my family hails from Monroe county. However, I was transplanted to Virginia at a young age to escape the vicious cycles of LA .... Lower Alabama that is ......
I'll have to add that to the appendix to Doctrinal Terms and Symbols.
Cavguy, I can understand that, if I lived outside Auburn I would move to.
OPSEC isn't just threatened by blogging...
Maybe the Air Force might want to pay attention to more than just blogs. From the the UK's Telegraph:
A tourist information website promoting a small Suffolk town has had to shut down after it received a barrage of thousands of classified US military emails.
Sensitive information including future flight paths for US Presidential aircraft Air Force One, military strategy and passwords swamped Gary Sinnott's email inbox after he established www.mildenhall.com, a site promoting the tiny town of Mildenhall where he lives, the Anglia Press Agency reports.
As well as Mr Sinnott and his neighbours, Mildenhall is home to a huge US Air Force base and its 2,500 servicemen and women, and the similarity in domain names has led to thousands of misdirected emails from Air Force personnel. Any mail sent to addresses ending @mildenhall.com would have ended up in Mr Sinnott's mailbox.
Now military bosses have blocked all military email to the address, and persuaded him to close down his site to end the confusion. He is giving up ownership of the address next month.
Mr Sinnott said: "You wouldn't believe some of the stuff that I have been receiving - I wonder if they ever had any security training. When I told the Americans they went mental.
I got mis-sent e-mails right from the start in 2000 but even after I warned the base they just kept on coming. At one stage I was getting thousands of spam messages a week. I was getting jokes and videos and some of the material was not very nice - people were sending stuff without checking the address.
"But then I began to receive military communications from all over the world - a lot containing very sensitive information."
A few months ago I sent an E-mail to Carlisle asking them to take down a FOUO document released to them by a friendly foreign government that the War College had in turn posted on one of its public sites; it still took them about 2 months to finally install a login for access to that document. This sort of thing is a persistent problem; the IT Security types need to ensure they have a solid handle on all classified stuff before they even think about about restricting access to documents specifically cleared for public access - especially when that access is required by other Services.
As for blogs, I have to at least partially side with Selil here, though there is certainly a place for regulation. That said, maybe each unit should possess its own censor with whom each unit member should register their blog(s), and allow the unit censor to monitor each for OPSEC. This notion is probably repugnant to many, but if the troops themselves do a good job of self-policing, then the censor amounts to nothing more than a safeguard, "just in case."
That story smells fishy. I don't think you can send classified email to an unclassified network.
I hope that wasn't *us*. Our webmaster is right around the corner so I can usually get stuff changed on our web site in a matter of minutes.
We had to get presidential approval and provide the broomstick of the Wicked Witch of the West before we were allowed to put the phone numbers for our subject matter experts on our page.
No Steve, it was PKSOI.
This might help with information seepage. You say the sky is blue, I say the sky is cloudy, soldier x mentions the wind is blowing, and somebody with ill intent figures out we're going operational in three hours. That kind of strange linkage and seepage of information (like k-anonymity) is almost impossible for an individual to realize and rarely covered by IO experts. A "censor" might see the pattern.
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
We had a very good discussion on BCKS about this very issue, until the web-nazis shut it down. (Insert heavy irony, here.)
There is a blog by a Navy-type who shows how the military is "alarmed" by relatively minor OPSEC violations, while PAO officers and O-6 and above types publicly "sell out the farm" in their idiotic press releases and public statements.
1AD's Division Commander advertised a public call in show that talked about specifics regarding the 5 Ws of their deployment. He revealed IN THE ADVERTISEMENTS the When and Where portions of DIV HQs and HHC's deployment. He also discussed what I would consider sensitive information during the call-in show.
PAO routinely releases photographs and articles which include units, locations, individual names and home towns of soldiers in combat zones, to include the names of operations, etc..
I'm thinking maybe the military needs to "heal themselves" prior to coming down hard on individual servicemembers.
Agreed. Some folks still don't understand the difference between "classified" and "sensitive." There's a lot of stuff floating around out there that the average Joe might think should be classified (and maybe some of it should be), but it's only sensitive.
You can get more with a kind word and a gun than you can with a kind word alone
Oh I don't know. I have not held a security clearance since 1986. Nor do I want one it would hamper my creativity. I in the last ten years have though had things that I write or have created stamped secret. Or, in other words, stuff that I created I shouldn't know. Which is a bit strange, but has at one job resulted in my computer being confiscated (understanding that all materials used came from inside my head)... I'd have asked if they were going to confiscate my brain but I'm afraid of an answer I don't know.
I like all the classifying agencies and authorities all duking it out. I really think all the Bell-Lapadula scheming and scoping of information is hillarious. It makes me feel much better about the peer review process in science. I can always say that at least science isn't that screwed up.
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
Deja Iraq
An example of a blog that does a good job of capturing the feel of Iraq.
Biggie Smalls: “Why are they all fat-bodies?”
(My crew breaks out into hysterics.)
SGT Cheech: “Too much FOB food, Biggie. They don’t sweat out the pounds all day and night like we do.”
PFC Boomhauer: “Yeah, and I bet even in the rear, they never did PT (physical training.) It sure don’t look like it.”
Biggie Smalls: “That is not fair! They must work hard like us and become slim like us!”
LT G: “Biggie, where did you learn the word ‘fat-body?’
Biggie Smalls: “One of the Big Sergeant’s (SFC Big Country) tough talks with platoon. He say ‘don’t be a fat-body!’ He is very good at yelling.”The landowning Captain’s plan wasn’t bad. More complex than mine, certainly, but it had more moving parts, and was involving units that had never worked together before. Whereas my plan was like crashing lightning, in and out of there just long enough to nab JAM-Master Flex, this was like rolling thunder, a methodical cordon steeped more in book tactics than situational intelligence. His brief was better than mine, though. Very fluid, no crutch words. And his maps were in color, and had all kinds of cool demographical breakdowns. Shiny is fun, and keeps those of us with the attention span of gerbils entertained.One of those infinitely delicate and ever-malleable terms in combat is “close call.” For a phrase that is sure to be used in every Iraq War yarn spun in bars across America, it certainly leaves a lot to be desired in terms of exactitude. The Gravediggers certainly have had our fair share of close calls – some of which I’ve written about, some not – and our definition of that elusive axiom obviously carries more legitimacy than some pogues’ close calls with an unexploded mortar round that landed on the other side of the FOB. Conversely however, the killing experts in the Other Units operate on levels of precision and death-defiance that I can barely comprehend, let alone compete with. In the Army, there's always someone else more high speed and more badass. We’ve seen more than most, but some have seen more. Like I said. It’s all relative.
Last edited by Surferbeetle; 05-24-2008 at 11:34 PM.
Sapere Aude
It's an interesting argument and also (unfortunately) one that leaves me so frustrated that I want to punch something (or more often someone).
OPSEC is a measure to protect EEFI from enemy ISR (in simple generic terms). The correct application of OPSEC means taking measures to protect those EEFI from enemy ISR knowing the various forms of collection they will/are likely to/or possibly could undertake (stay with me here I know I'm probably preaching to the converted).
Yet how much time do we put into actually developing our EEFIs? Everyone has seen a published and approved EEFI along the lines of "weapons systems employed by XXX" ... how in the hell are you meant to protect an EEFI that has been dreamed up by some 2 shop guy on a sugar and caffeine hit that is so generic that simply walking outside the armoury breaches it.
EEFIs must be specific ... generic just don't cut it as it leaves too much open to interpretation (although I will admit it makes the staff work a hell of a lot easier). The 2 guys need to provide the threat, the IO/PA guys need to provide the info IPB as to just what is out there officially and what isn't and the 3 guys and the commander need to make a call about what they want to protect (and the associated impacts of applying that EEFI). More importantly the EEFIs need to be reviewed and not just staffed at the beginning of a operations and 6 years later soldiers are still trying to use the same info.
Of course this doesn't just apply to weapons, personal ID is another great one. If we want to protect the identities of our soldiers for OPSEC reasons why do we all wear name tags, unit identifiers and rank on our uniforms when deployed? And then we complain when PA guys use that detail? (Admittedly I've seen so many examples of the PA guys going above and beyond in working out the names of a soldier's first born there is some issues on their behalf as well.) Good OPSEC is more than just what appears in the papers and on the web … it’s a completely cultural thing.
We've been through the mill on this and in reality unless an OPINST has an extremely comprehensive EEFI list (that is based on reality i.e. what can be easily found on official/authorative sites in the public domain already) that is signed by the operational commander it can't hold water. Importantly though to be comprehensive the EEFI list must be highly classified as it essentially details all of those specifics you are trying to protect. In our case the PA guys actually have something to work to in support of the operation and actively seek to be part of the EEFI development process. I would go so far as to say make the PA guys responsible for the staff work to develop the EEFIs (with the J3 as the immediate approving authority). Nothing makes you apply a policy like having some ownership over it.
However my greatest frustration stems from the belief of some of our Coalition partners that our EEFIs are perishable (usually after an operation concludes and everyone wants to pat themselves on the back). If it is an EEFI it remains an EEFI until such point that a commander deems that information no longer requires protection! Thankfully I don't operate in an environment where "the first amendment" seems to be the trump card over good information environment policy.
Posting Permissions
"A Sherman can give you a very nice... edge."- Oddball,
Bookmarks