Changing the Organizational Culture

[jonSlack]

First we need to get DOIM to stop blocking Youtube.

The G6 Nazis in Doha were absolute control freaks. I could access CNN, but when I clicked CNN business news (which also impacts on the way the world works) I got the screen of death saying that Doha had determined I didn't need that info.

As long as I got Al Jezzera I figured I had access to all the fair and balanced reporting I needed.

The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks, said Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, last week at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington.

...

Unofficial early estimates, however, are that 70 percent of the traffic on DOD networks today is unofficial and would be banned, said sources close to the department.

Federal Computer Week - DOD considers prohibiting personal use of networks

[Rob Thornton]

The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks, said Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, last week at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington.
..
Unofficial early estimates, however, are that 70 percent of the traffic on DOD networks today is unofficial and would be banned, said sources close to the department.

I can't help but have that image of the insular cocoon show up in my head -

Are we so worried about our networks being compromised that we are willing to give up significant capability to inter-act with the rest of the world in the environment we're going to operate in? Are we going to limit our research and collection to officially approved sources? Are we going to quietly talk amongst ourselves behind the curtain - where no one can hear us disagree or tell us that anything we don't want to hear? How about the opportunity to draw on a broader segment of knowledge then available inside a room (however large we claim the room to be)? Are we going to create an insular culture that is afraid of engagement?

I know the pressure to protect our information (particularly our soldier's personal information) must be immense, but the idea of shutting the door and barring it is one I hope gets cut off at the ankles. The sad thing about it is you could show up for work one day, and bam! - you get the "cannot connect" or "unauthorized" diagnosis, with nothing else. My advice - there are some risks worth taking - this in no time (if there ever was one) to wrap ourselves in layers to avoid a risk, particularly when we have so much to gain, and so much to lose by doing so - ignoring the world will not change it, or make it go away.

We have good policies, and we have mature folks capable of making good decisions. We don't need a cyber Maginot Line.

Best, Rob

[Rob Thornton]

Quote:
The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks, said Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, last week at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington.

..
Unofficial early estimates, however, are that 70 percent of the traffic on DOD networks today is unofficial and would be banned, said sources close to the department.
I can't help but have that image of the insular cocoon show up in my head -

Are we so worried about our networks being compromised that we are willing to give up significant capability to inter-act with the rest of the world in the environment we're going to operate in? Are we going to limit our research and collection to officially approved sources? Are we going to quietly talk amongst ourselves behind the curtain - where no one can hear us disagree or tell us that anything we don't want to hear? How about the opportunity to draw on a broader segment of knowledge then available inside a room (however large we claim the room to be)? Are we going to create an insular culture that is afraid of engagement?

I know the pressure to protect our information (particularly our soldier's personal information) must be immense, but the idea of shutting the door and barring it is one I hope gets cut off at the ankles. The sad thing about it is you could show up for work one day, and bam! - you get the "cannot connect" or "unauthorized" diagnosis, with nothing else. My advice - there are some risks worth taking - this in no time (if there ever was one) to wrap ourselves in layers to avoid a risk, particularly when we have so much to gain, and so much to lose by doing so - ignoring the world will not change it, or make it go away.

We have good policies, and we have mature folks capable of making good decisions. We don't need a cyber Maginot Line.

Best, Rob

I wanted to add that this is one of those things where consequences of pursuing what appears to be the "low hanging" solution of insulating ourselves has a host of adverse consequences. One of the real indicators of the quality of our military that has emerged has been the superior discourse that has emerged on the questions and issues we face - by those who face them, and those who want to understand them. What's more is it has been able to involve non-military types - this creates involvment by the broader public and brings to light the issues surrounding the military and the use military force to achieve political objectives- its healthy for our democratic republic. I'd also add that is very healthy for our military (the republic's sword and shield) - we now have discussions which foster culture change and make us stronger and more capable of meeting our enemies. Who'd have thought we'd create conditions where the lowest soldier can interact with the most senior leaders in a tactful way, while at the same time including a broad segment of the civilian population. We've created real strength here - in ways I don't think we fully appreciate. To take that away in my opinion is the equivalent of a self inflicted gun shot wound.

Best, Rob

[Old Eagle]

The Info Assurance team here has concluded that in order to prevent inadvertent compromise of information, we should disconnect all our computers from the web (NIPR) and work as stand-alones. Then, in the unlikely event we needed to communicate with anyone outside the office, cleared couriers would be the appropriate transmission medium LOL.

[Team Infidel]

I don't thing blogging is a bad thing. I think that it is the commands responsibility to educate members of the military on what and what not to post.

There was a lot of news around the recent MAJ that died in Iraq who was noted for posting his blogs.

We can't stop blogging from happening, but we can educate.

[Germ]

Where does one go for a good discussion on blogging, millenials, and military culture?
Thanks!

[Tom Odom]

The Info Assurance team here has concluded that in order to prevent inadvertent compromise of information, we should disconnect all our computers from the web (NIPR) and work as stand-alones. Then, in the unlikely event we needed to communicate with anyone outside the office, cleared couriers would be the appropriate transmission medium LOL.

Nooooo not couriers. They might talk to someone along the way...

Carrier pigeons are the answer!

Semaphore flags and mirrors as back up.

Maybe we could just set bonfires as in Lord of the Rings

[marct]

Hi Rob,

Are we so worried about our networks being compromised that we are willing to give up significant capability to inter-act with the rest of the world in the environment we're going to operate in? Are we going to limit are research and collection to officially approved sources? Are we going to quietly talk amongst ourselves behind the curtain - where no one can hear us disagree or tell us that anything we don't want to hear? How about the opportunity to draw on a broader segment of knowledge then available inside a room (however large we claim the room to be)? Are we going to create an insular culture that is afraid of engagement?

Well, let's just take a bird's eye view of the new policies...

[Rob Thornton]

This is one of those things that show the complex operational environment we operate in. One aspect of the environment - the security of electronic information gets focused on to the point where its importance becomes exclusive to the rest of the operating environment. Actions taken to address that one aspect of the environment then ripple across others with disrupting, albeit unintended consequences.

This is where we get into the stove pipe thinking - and wind up constraining ourselves. Its kind of like focusing all efforts on maintaining the MSRs while allowing the enemy uncontested access to the population. Not only do we have to worry about the enemy's IO and communication capability, we enable him by our castrating actions taken against ourselves. As that really smart guy said - "we've got to do a better job of considering those things which can't be counted, but often count the most."

Best, Rob

[Tom Odom]

Its kind of like focusing all efforts on maintaining the MSRs while allowing the enemy uncontested access to the population.

You are a smart guy, Rob. That is exactly right.

Tom

[Ron Humphrey]

You are a smart guy, Rob. That is exactly right.

Tom

One thing I was talking to someone about a while back keeps coming to me in this regard. Information is like light in that too much or too little will often result in the same thing. Blindness.

By limiting the access points in any given information point we may accomplish some security but when you look at it how much?
Criminals or bad guys tend to look for the valuables behind locked doors because thats usually where they are kept. This means that Mr or Mrs evil person are going to have an easier time finding what they are looking for because we have done them the favor of marking it do not enter.

If there are few or no locked doors then whoever is searching for the " good stuff " will have to open each and every door in order to find what they are looking for. This in turn heightens the likelihood that they are confronted by that helpful greeter who asks, May I Help You, hence being more likely that they are identified before accomplishing their evil deed.

I realize that there are counters to this which are very important and must be considered but it just seem that the more that is in the open the greater the chance that we see what we need to and they have a harder time finding it without getting caught.

[Hacksaw]

I have watched this thread evolve with great interest. I work at Mother Leavenworth and have had several occassions to engage/brief/listen with/to Frontier 6. His actions and words reinforce this perspective each time he meets with students, Soldiers and subordinate leaders. For the most part, the discussion on this topic moved towards the nazi DOIM thugs who think we can actually control info, a perspective that has been unanimously debunked by all. It is ironic that we build this entire framework of commo/C2 capabilities so as to enable network enabled command, and then we hobble that same system with overly restrictive precautions. That said, as important a thought in the original piece is the need to engage in the public forum/debate. We have to tell our own narrative, once upon a time we might have thought that the PAO Corps would handle this "distasteful" task, but they have evolved into little more than agents for the media. This is purely anecdotal, but in every instance I have found that COL-level PAO sees their mission as facilitating access as opposed to having (in my case) the Army story told effectively/accurately. We can be open and yet still "shape" media coverage by exposing those writers to a well-balanced collection of Soldiers. This might take persuassion, but it seems PAO as an organizational culture have removed themselves from the "fight". How sad, especially if you buy into the idea that this is long war of ideas. I hate depressing myself with reality on a Friday. Live well and row