US Military -v- Internal blogging & Access to WWW

[Rob Thornton]

You know there is another aspect to this that ties in with the discussion on where we are, where we are going and where we need to go . Often the people who author a reg, or issue a command do so in ignorance of the secondary and tertiary effects.

What I mean is, consider the author of the reg was issued guidance to issue a policy which safeguards information that might be harmful - and he did so with gusto- but he did so from the perspective of his branch solely. The review was also performed in branch or institution bias and so it was published.

I'm not buying too much into the conspiracy piece - although I have seen people take advantage of regs to support their lethargy, or cover their fear of risk. Its a concern that so important of a reg seems to have escaped a thorugh review of its impacts in any other area except for how well it "protects" information and operations. With any decisions there are pros and cons, and things to be gained and things that will be lost - nothing is free.

From T.X. Hammes recent MILREVIEW article on 4GW/5GW

Strategic shift. Strategically, insurgent campaigns have shifted from military campaigns supported by information operations to strategic communications campaigns supported by guerrilla and terrorist operations. (italics added) While there is no generally agreed upon definition of 4GW, according to the definition I wrote in 2003, “Fourth generation warfare uses all available networks—political, economic, social, and military—to convince the enemy’s political decision makers that their strategic goals are either unachievable or too costly for the perceived benefit. It is an evolved form of insurgency.”

Our current regulation writters and reviewers may not be versed in how 4GW/5GW are evolving, and thus may not be considering all the aspects of decisions to truncate access, positive and negative side effects, etc. LTC Yingling speaks to this quite well in his argument.

[Cori]

Whether that's because the Army walked it back when they saw the response or because Wired got it wrong is hard to know.

In any event, the milblogger's conference was this weekend, and it started with a videotaped greeting from -- the President.

http://gatewaypundit.blogspot.com/20...onference.html

Kind of hard to shut people down, or proceed with shutting them down, after you've got the Prez on record commending them for what they've been doing.

For a "liveblog" of the conference, including some discussion of these regs (and the participation of the author of the Wired article) go here:

http://redstate.com/stories/technolo...ers_conference

I'm sure there will be multiple posts up tomorrow reviewing what was said in more detail. The best central locale to find those links would be www.mudvillegazette.com, which is a great "clearinghouse" for all the milblogs of all categories (active duty, veterans, family members, etc.)

[marct]

It also gets interesting when we take this press release into consideration.

No. 537-07
May 04, 2007
New DoD Strategy Outlined For Information Sharing

Assistant Secretary of Defense for Networks and Information Integration and DoD Chief Information Officer John G. Grimes signed the “DoD Information Sharing Strategy” today and established a new information sharing vision for the Department of Defense: “Delivering the power of information to ensure mission success through an agile enterprise with freedom of maneuverability across the information environment.”
....

According to the DoD Information Sharing Strategy, the vision describes a future state where “transparent, open, agile, timely, and relevant information sharing occurs to promote freedom of maneuverability across a trusted information environment.” To achieve this vision, the strategy describes four goals that form the necessary environment across the department. These include: (1) promote, encourage, and incentivize sharing; (2) achieve an extended enterprise; (3) strengthen agility in order to accommodate unanticipated partners and events; and (4) ensure trust across organizations.

Developed through the combined efforts of the Office of the Secretary of Defense and the Joint Chiefs of Staff, the strategy was published in response to the President’s information sharing imperatives and as outlined in the most recent Quadrennial Defense Review. It seeks to guide the Department’s exchange of information within the DoD and with domestic and international partners; for example, federal, state, local, tribal, the private sector, non-governmental organizations, foreign nations, and international organizations. It provides an approach to information sharing activities and operations for the Office of the Secretary of the chairman of the Joint Chiefs of Staff, the combatant commands, the military departments, the Office of the Inspector General of the DoD, the defense agencies, the DoD field activities, and all other organizational entities in the DoD.

“To realize these objectives, the strategy addresses necessary changes to information mobility and associated alignment of incentives, policies, processes and systems, while identifying the critical cultural shift required to support collaboration and improved knowledge sharing,” said Grimes.

More...

Has anyone got a copy of this "Strategy"? I can only find a couple of pdf brochures for presentations and one PowerPoint slides set that is pretty useless. Of course, I suppose that it could be FOUO and, hence, my asking about it now makes me an "enemy".

Marc

[SWJED]

D. J. Elliott at The Fourth Rail Blog - OPSEC, the OOBs and the Myopic Mis-Focus of Security Personnel.

Most people do not realize that Chris and I were bouncing Order of Battle [OOB] data between each other for a year before the OOBs were finally published. I started my collection of data as a hobby to see just what the real status of the Iraqi Security Forces was since the published press reports were far off base and contradictory in their own stories. My principle motivations for my involvement in publishing these OOBs are somewhat contradictory. First, I wanted to get the principle operational security [OPSEC] violators to tighten their OPSEC. Second, I want to further an understanding of the development of the Iraqi Security Forces and the Baghdad Security Plan. As a retired intelligence analyst, I could not believe that the Public Affairs Officers [PAOs] and Commanders were releasing this much operational data in a time of war...

[Cannoneer No. 4]

between the AF MSgt Combat Camera Videographer and IS1 (SW), Elliott, USN (Ret).

Now maybe I'm not seeing the big picture, but it looks to me like the OPSEC-side of the IO house's attempt to shut down the only effective counter propaganda the domestic target audience gets has turned into a major exercise in small ruminant breeding, calling into question the whole idea of lumping the disparate components of IO together in the first place.

[Culpeper]

Most employers won't put up with employees writing negative anything on the Internet about the company. Also, people get fired everyday for violating company Internet usage as well. In the civilian world people get fired at the drop of the hat for either violating company policy concerning Internet usage on the job, revealing company secrets on such things as blogs and message boards, criticizing the boss on a blog or message board, and so forth. I read today that the Pentagon was going to starting blocking access to youtube and so forth. I was like, "We've been blocked from such sites for years in the workplace". Its just the military catching up with corporate America concerning usage of the Internet and the workplace. Whether it be in an office or on the front lines in some hostile land. Now, if military personnel want to write a blog on their own time using their own equipment than that is a different story. But so is the UCMJ. Welcome to the real world, your job, and the Internet. User beware.

[milesce]

True, but at the same, a lot of smart companies (Microsoft is a good example) are encouraging their employees to blog and do it openly. In the case of MS its made a 180 turnaround in attitudes of developers and other folks who have to implement their products. I'm sure they've got guidelines in place -- i.e. no bashing the company. On the other hand, I recently read a long justification from one of their programmers explaining why he'd switched to mac, and as far as I can tell he's still employed.

The question is, can you keep enough of that information flow to provide the genuine positive PR impact back home, and prevent leaks of information that can hurt people?

I mostly manage websites now to pay the bills, and I've seen at least one major nonprofit which had a very wide open forum for its members try to clamp down on controlling the message. Traffic dropped, followed by donations, because people no longer felt invested in the mission. I realize the case isn't necessarily analogous, but there's a strong argument for the internet as a real positive tool in communicating with the audience back at home which is rapidly losing patience with the unending stream of bad news from Iraq.

[Culpeper]

The question is, can you keep enough of that information flow to provide the genuine positive PR impact back home, and prevent leaks of information that can hurt people?

I don't know the answer to that. The Internet has grown so much in the last ten years. Once upon a time the Internet was just a group of universities connected together. I agree that I would prefer the military allow blogging like what you described with Microsoft. Frankly, the only reason I can see the military blocking this sort of medium is because of a few that abuse the privilege. One person screws up and everyone has to suffer. Or on a larger scale maybe it is more about security than freedom of expression. Or maybe it is just the military putting a lid on it because they can and they don't know the answer anymore than I do. What I can't stand are headlines like, "Al Queda tells U.S. to stop looking for missing soldiers". With that in mind, its seems ridiculous to stop a tool like blogging to counter the media acting as a conduit for the enemy.

[120mm]

Most employers won't put up with employees writing negative anything on the Internet about the company. Also, people get fired everyday for violating company Internet usage as well. In the civilian world people get fired at the drop of the hat for either violating company policy concerning Internet usage on the job, revealing company secrets on such things as blogs and message boards, criticizing the boss on a blog or message board, and so forth. I read today that the Pentagon was going to starting blocking access to youtube and so forth. I was like, "We've been blocked from such sites for years in the workplace". Its just the military catching up with corporate America concerning usage of the Internet and the workplace. Whether it be in an office or on the front lines in some hostile land. Now, if military personnel want to write a blog on their own time using their own equipment than that is a different story. But so is the UCMJ. Welcome to the real world, your job, and the Internet. User beware.

Yeah, but most employers don't routinely send their employees to God-forsaken places to die.

[Culpeper]

I agree. But what does that have to do with Internet usage? Really. BTW, there has been plenty of U.S. citizens killed in this war.

[120mm]

Actually, it has everything to do with it. When the Army sends Joe Schmoe to Iraq, they effectively remove his/her communication network. It's not like he can plug his laptop into his personally purchased T1 cable.

Us old-timers need to realize that if we want quality soldiers in an all-volunteer army, we need to realize that things aren't the same as they used to be. As my old Gunny used to say: "There are three things you can't f*ck with; Pay, Chow and Mail." Well, the US Army is f*cking with the soldiers' "mail". OPSEC, I get. Treating the internet like it's a luxury, I do not.

And your point about businesses restricting internet access is good, up to a point. Your business doesn't tell you that you can't go home and surf on your own computer; effectively, that's what the Army is doing to deployed soldiers.

I have doubts as to how much effort the Army is really putting into internet service to deployed areas. Four years into the war, and umpteen Trillion dollars later, we shouldn't be having bandwidth problems, imo.

[Jedburgh]

Military Review, Sep-Oct 07 (1st Place CAC IO Writing Contest):

Muddy Boots IO: The Rise of Soldier Blogs

Military web logs, known as blogs or milblogs, are small websites that Soldiers maintain as informal journals for personal comments, images, and links to other websites. Blogs emerged concurrently with the War on Terrorism and have become an increasingly influential and controversial phenomenon. This form of communication gives a Soldier the potential to reach a global audience.

In fall 2005, in recognition of the potential effects of blogs on information operations (IO), the Army began educating deploying units about this aspect of the evolving information domain. This article explores the milblog phenomenon, its benefits to the Army, current challenges, and the way ahead. It concludes that qualified support of Soldier blogs is good policy when coupled with clearly defined boundaries and aggressive Soldier education.

[SWJED]

Air Force Blocks Access to Many Blogs by Noah Shachtman, Wired Magazine's Danger Room blog.

The Air Force is tightening restrictions on which blogs its troops can read, cutting off access to just about any independent site with the word "blog" in its web address. It's the latest move in a larger struggle within the military over the value -- and hazards -- of the sites. At least one senior Air Force official calls the squeeze so "utterly stupid, it makes me want to scream."...

Not sure what to say, hopefully this is not exactly true. In the meantime, would not mind knowing if those from an US Air Force cotrolled netwrk can reach our SWJ Blog. The url contains the word "blog".

[Cliff]

Let's just say there have been some serious OPSEC issues of late involving blogs, and the AF is responding to that. Might be an overreaction, but if you saw some of the stuff some folks had posted, you might agree (pretty blatant attempts to elicit information). Anyone who looks at the SWC members list can see some folks that are probably reading everything we say here, and while this is an international forum, are probably not friends of NATO/the west in general and the US specifically. That is what they are worried about.

The key I think is to be extremely careful to keep things to strategy/operational art and avoid discussing systems/tactics specifics, for that exact reason. Kinda is a bummer because you can learn a lot from sites like SWJ.

Is there a push in the US Army/NAVY/USMC to put up FOUO or SIPR level discussion boards? Just wondering...

Anyway that's the background.

V/R,

Cliff

Air Force Blocks Access to Many Blogs by Noah Shachtman, Wired Magazine's Danger Room blog.



Not sure what to say, hopefully this is not exactly true. In the meantime, would not mind knowing if those from an US Air Force cotrolled netwrk can reach our SWJ Blog. The url contains the word "blog".

[Cavguy]

The key I think is to be extremely careful to keep things to strategy/operational art and avoid discussing systems/tactics specifics, for that exact reason. Kinda is a bummer because you can learn a lot from sites like SWJ.

Is there a push in the US Army/NAVY/USMC to put up FOUO or SIPR level discussion boards? Just wondering...

The Army has BCKS, where discussions up to FOUO happen. Sites like companycommand.mil are the examples of the best of that community where TTP's and the like happen. But you lose what SWJ brings to the table, the non military community of academics, government officials, and those just interested in the topic.

I've never seen anything in SWJ that isn't already available, and the admins (and the self policing community) quickly remove or caution any discussion that risks OPSEC problems, like the recent topic on running sources at the

The need for OPSEC is balanced by the need to communicate what is happening to the world, which is LTG Caldwell's point, and recent order to his subordinate leaders to participate in blogs as well as traditional media, with the same ROE.

[Cliff]

training for your folks is the answer (what is the threat, what is appropriate and what isn't). To paraphrase LTG Caldwell, if every soldier is a sensor, why can't every soldier be a reporter too? 'Course this multiplies "the strategic corporal" effect too...

I don't think SWJ is at all what the AF is worried about, luckily!

I am currently doing some PME by correspondence (no seminar available where I'm at!), and so SWJ is one of the few ways I can discuss the readings with anyone, so I would for sure loose if I weren't allowed to read here.

Thanks for the answers, Cavguy!

V/R,

Cliff

The Army has BCKS, where discussions up to FOUO happen. Sites like companycommand.mil are the examples of the best of that community where TTP's and the like happen. But you lose what SWJ brings to the table, the non military community of academics, government officials, and those just interested in the topic.

I've never seen anything in SWJ that isn't already available, and the admins (and the self policing community) quickly remove or caution any discussion that risks OPSEC problems, like the recent topic on running sources at the

The need for OPSEC is balanced by the need to communicate what is happening to the world, which is LTG Caldwell's point, and recent order to his subordinate leaders to participate in blogs as well as traditional media, with the same ROE.

[SteveMetz]

As I may have mentioned here, the Army blocks blogger and blogspot. In an act of monumental idiocy, Army PAO promotes sites on them while Army IT blocks them. It is possible, though, to use pkblogs.com, a mirror site designed to get around government censorship in Iran and China, to access blogs I need for professional use.

Have no trouble with SWJ, though.

Of course, I've contended for years that the Air Force is not a service, it's a cult. And, while I'm at it, I need to point out that I was really tempted to look into adopting a Marine as mentioned in another post in here. But then someone told me they're really hard to house break.

[selil]

It sounds like Airforce IT is trying to be a policing entity rather than a customer service entity. Never a good situation. If OPsec was broken by somebody on a BLOG than that is betweeen the commander and the individual IT is the "telephone" not the police.

[slapout9]

Cavguy, FOUO....that's southern for "for you" but they want let me in. Who do I need to splain this to bout how 2 talk rite?

[SteveMetz]

It sounds like Airforce IT is trying to be a policing entity rather than a customer service entity. Never a good situation. If OPsec was broken by somebody on a BLOG than that is betweeen the commander and the individual IT is the "telephone" not the police.

That's not the way "they" see it. We had a CIO here (LTC) who defined his mission as keeping the network running and uncompromised. He used to come right and say that if all of us poor stiffs out here would just stop using the network, he'd have 100% mission success.

The way I see IT security is that no one in a position of authority is ever willing to say that we're secure enough. It can tube someone's career if something bad happens, but it doesn't harm them if they simply erode the effectiveness of hundreds or thousands of people by adding ridiculous security requirements (like having to log back on after 5 minutes of inactivity, even if I'm sitting at the keyboard thinking. I average 10-20 logons a day. Multiply that by the hundreds of thousands of people who are in the same boat). This situation contrasts with the private sector where people in authority actually weigh security against mission effectiveness.