Firewall Wizards mailing list archives
FW: Military purge
From: "Waszak, Tom" <Tom.Waszak () connect xerox com>
Date: Wed, 17 Feb 1999 11:06:43 -0500
Pentagon explains its Web purge Many pages 'potentially tactically useful' to enemy, brass felt WASHINGTON, Feb. 16 A Pentagon purge of information it had placed on the Web has touched off a debate and placed military leaders on the defense, trying to justify what they did as a national security precaution. THE PURGE, instituted last November, has led the Federation of American Scientists to file a Freedom of Information Act request for the deleted pages to be returned to the public domain. In response, defense and national security officials have become more willing to discuss, most on condition of not being identified by name, the nature of the risk that their detailed review of military Web sites revealed. TOP OFFICIALS BRIEFED They start with the classified briefings of top military leaders - among them the chairman of the Joint Chiefs of Staff, Army Gen. Henry Shelton - that one national security official called "eye-openers" that startled commanders. Shelton looked on as Pentagon cyber-warriors clicked away at their laptops and showed how would-be terrorists could find his son's home address. He then got a demonstration of how a skilled adversary might combine publicly available biographies and contractor information on military Web sites with a few well-placed phone calls to pin down the dates of highly classified nuclear exercises. Similar briefings were given to other generals and admirals as well as senior civilians, generating a momentum that has led the military to order a massive scrub of its vast network of Web sites. Deputy Defense Secretary John Hamre said in a memo last year that military Web sites offered adversaries "a potent instrument to obtain, correlate and evaluate an unprecedented volume of aggregated information" that could, when combined with other sources of information, "endanger Department of Defense personnel and their families." One senior defense official claimed that "there was information that was potentially tactically useful to an adversary, the kind of thing where if someone really wanted to do harm to your personnel, it could facilitate them in undertaking an attack." And the Pentagon says it has solid electronic evidence that foreign countries, including some adversaries, are regular visitors to U.S. military Web sites. WAR GAMES VIA WEB The briefings stemmed from work done in 1997 and 1998 by Pentagon "red teams," a term associated with a fictional enemy force in war games. Team members tried to learn how much mischief they could do by skillfully scanning military Web sites, without any sophisticated hacking. They showed Shelton, himself a former special operations specialist, how his own biography posted on a military Web site combined with non-military databases could quickly lead a terrorist to the home address of one of his sons living in Florida. The red teams found detailed maps and aerial photographs of military installations that would help anyone planning a strike or a terrorist action. These were the kinds of pictures, one senior official noted ruefully, that the United States spent billions to get during the Cold War through its spy satellite network. Now the United States was giving such imagery away for free on the Internet. Senior officers were particularly concerned when one of the red teams was able to combine a variety of data and make highly accurate estimates about the timing of nuclear weapons drills, exercises and readiness checks, according to two senior national security officials familiar with the briefings. Biographies of individual commanders of units likely to be involved in such operations combined with phone calls to those commanders' bases yielded information about temporary duty assignments in Nevada at installations involved in nuclear weapons handling. Military Web sites containing contractor information, particularly formal requests for bids to supply particular security equipment, helped further hone this detective work, according to the officials. Cleaning the military Web sites of potentially dangerous information has proved a monumental task. Bill Leonard, a top Pentagon information security official, said the military was unsure initially how many Web sites it had, and even today can only provide an estimate. For a time, the Army completely closed off access to its 1,000 Web sites. Now back on line, the Army's Web sites have been substantially trimmed, as have those of the other services. Entire Internet addresses have been put off limits, with the terse message on the computer screen that information previously available has been removed for security reasons. ACTIVISTS ON OFFENSIVE But "right-to-known" activists think the scrub of military Web sites has gone too far. "This is a wartime information policy," John Pike of the Federation of American Scientists, a research group that follows military and intelligence matters, said [Linked item(s) not available on mobile device.] in the most recent FAS newsletter. "All kinds of program information is being withdrawn. Almost anything that discloses what an agency actually does, beyond a brief mission statement, is going away." The FAS is pursuing release of some of the deleted information under the Freedom of Information Act. In its filing with the Pentagon's security review office, the FAS said anything released as a result of the complaint should come in electronic form so it can then post the information on its Web site. The FAS emphasized that it is not in favor of placing classified military documents on the Web. But the pages taken off the Web were unclassified or non-classified and thus should remain in the public domain, it contends. Activists also note that, to date at least, the Pentagon cannot point to a specific incident where information posted on a military Web site resulted in harm to U.S. national security. "The menacing scenarios have remained just that -only scenarios," according to George Smith, editor of The Crypt Newsletter, an online publication dealing with computer security. And activists fear the Pentagon purge was just the start of a government-wide move to restrict what's on the Web. The House Commerce Committee last week held a hearing to see how data about chemical facilities could be disbursed to residents around those sites without also putting it on the Web, where the FBI and others fear it could make it easier for terrorists to plan attacks. The Pentagon's new Web policy is available at [Linked item(s) not available on mobile device.] www.defenselink.mil/admin/about.html#WebPolicies <http://www.defenselink.mil/admin/about.html#WebPolicies>
Current thread:
- FW: Military purge Waszak, Tom (Feb 17)