News

Hamre Orders DoD Web Security Review 

 


 American Forces Press Service




 WASHINGTON -- Deputy Defense Secretary John Hamre directed a 

 security review Sept. 24 to ensure information on publicly 

 accessible DoD Internet sites does not compromise national 

 security or place personnel at risk.

 

 "The Internet World Wide Web provides the department with a 

 powerful tool to convey information quickly and efficiently on a 

 broad range of topics," Hamre said in a memorandum sent 

 departmentwide. "At the same time, … " he added, "such 

 information, especially when combined with information from 

 other sources, increases the vulnerability of DoD systems and 

 may endanger DoD personnel and their families."

 

 Hamre said he was concerned about the possibility of personal 

 and private information being posted to publicly accessible Web 

 sites, such as service members' Social Security numbers or home 

 addresses.

 

 The department uses the Internet in a variety of ways, including 

 contract administration, finance, electronic commerce and news 

 reporting. The activities won't change, he said, but more 

 attention will be given to the security implications of Web 

 technology. "Security and efficiency can be achieved at the same 

 time," he said.

 

 Hamre's order for the review includes the creation of a task 

 force to develop policy and procedures addressing operational, 

 public affairs, acquisition, technology, privacy, legal and 

 security issues associated with the use of DoD Web sites. The 

 group's preliminary guidance should be issued to the field by 

 late November, he said.

 

 Pending the task force guidance, and provided that essential 

 missions are unaffected, all DoD organizations have 60 days to 

 remove from their public Web sites: plans or lessons learned 

 that would reveal sensitive military operations, exercises or 

 vulnerabilities; information on sensitive troop movements; 

 personal data such as Social Security numbers, birth dates, home 

 addresses and home phone numbers; and any other identifying 

 information about family members of DoD employees and military 

 personnel.

 

 The Hamre order directs all DoD components to conduct a 

 comprehensive security assessment of all their Web sites within 

 three months of receiving the task force guidance, and conduct 

 annual reassessments thereafter. It orders a plan be implemented 

 by March 1999 that uses reserve component assets to conduct 

 operational security and threat assessments of DoD Web sites. It 

 also orders the development of a Web information security 

 training program by March 1999.

 

 "I believe that these steps will help us to better manage Web 

 information services to strike the appropriate balance between 

 openness and sound security," Hamre said. For more information 

 and discussion about department Web security issues, visit DoD's 

 home page at www.defenselink.mil and its special, Web security 

 pages at http://websecurity.afis.osd.mil.

 

 

 -END-