FW: Military purge

["Waszak, Tom" <Tom.Waszak () connect xerox com>]

Pentagon explains its Web purge
Many pages 'potentially tactically useful' to enemy,
brass felt
WASHINGTON, Feb. 16 A Pentagon purge
of
information it had placed on the Web
has
touched off a debate and placed
military
leaders on the defense, trying to
justify what
they did as a national security
precaution.
THE PURGE, instituted last November, has led the Federation of American
Scientists to file a Freedom of Information Act request for the deleted
pages to be returned to the public domain.
In response, defense and national security officials have become more
willing to discuss, most on condition of not being identified by name, the
nature of the risk that their detailed review of military Web sites
revealed.
TOP OFFICIALS BRIEFED
They start with the classified briefings of top military leaders - among
them the chairman of the Joint Chiefs of Staff, Army Gen. Henry Shelton -
that one national security official called "eye-openers" that startled
commanders.
Shelton looked on as Pentagon cyber-warriors clicked away at their laptops
and showed how would-be terrorists could find his son's home address. He
then got a demonstration of how a skilled adversary might combine publicly
available biographies and contractor information on military Web sites with
a few well-placed phone calls to pin down the dates of highly classified
nuclear exercises.  Similar briefings were given to other generals and
admirals as well as senior civilians, generating a momentum that has led the
military to order a massive scrub of its vast network of Web sites.
Deputy Defense Secretary John Hamre said in a
memo
last year that military Web sites offered
adversaries "a
potent instrument to obtain, correlate
and evaluate an
unprecedented volume of
aggregated information"
that could, when combined
with other sources of
information, "endanger
Department of Defense
personnel and their families."
One senior defense official claimed that "there was information that was
potentially tactically useful to an adversary, the kind of thing where if
someone really wanted to do harm to your personnel, it could facilitate them
in undertaking an attack." And the Pentagon says it has solid electronic
evidence that foreign countries, including some adversaries, are regular
visitors to U.S. military Web sites.
WAR GAMES VIA WEB
The briefings stemmed from work done in 1997 and
1998 by Pentagon "red teams," a term associated
with a fictional enemy force in war games. Team
members tried to learn how much mischief they
could
do by skillfully scanning military Web sites,
without
any sophisticated hacking.
They showed Shelton, himself a former special operations specialist, how his
own biography posted on a military Web site combined with non-military
databases could quickly lead a terrorist to the home address of one of his
sons living in Florida.  The red teams found detailed maps and aerial
photographs of military installations that would help anyone planning a
strike or a terrorist action. These were the kinds of pictures, one senior
official noted ruefully, that the United States spent billions to get during
the Cold War through its spy satellite network.
Now the United States was giving such imagery away for free on the Internet.
Senior officers were particularly concerned when one of the red teams was
able to combine a variety of data and make highly accurate estimates about
the timing of nuclear weapons drills, exercises and readiness checks,
according to two senior national security officials familiar with the
briefings.  Biographies of individual commanders of units likely to be
involved in such operations combined with phone calls to those commanders'
bases yielded information about temporary duty assignments in Nevada at
installations involved in nuclear weapons handling. Military Web sites
containing contractor information, particularly formal requests for bids to
supply particular security equipment, helped further hone this detective
work, according to the officials.  Cleaning the military Web sites of
potentially dangerous information has proved a monumental task. Bill
Leonard, a top Pentagon information security official, said the military was
unsure initially how many Web sites it had, and even today can only provide
an estimate. For a time, the Army completely closed off access to its 1,000
Web sites. Now back on line, the Army's Web sites have been substantially
trimmed, as have those of the other services. Entire Internet addresses have
been put off limits, with the terse message on the computer screen that
information previously available has been removed for security reasons.
ACTIVISTS ON OFFENSIVE
But "right-to-known" activists think the scrub of military Web sites has
gone too far.  "This is a wartime information policy," John Pike of the
Federation of American Scientists, a research group that follows military
and intelligence matters, said [Linked item(s) not available on mobile
device.] in the most recent FAS newsletter. "All kinds of program
information is being withdrawn. Almost anything that discloses what an
agency actually does, beyond a brief mission statement, is going away."
The FAS is pursuing release of some of the deleted information under the
Freedom of Information Act.  In its filing with the Pentagon's security
review office, the FAS said anything released as a result of the complaint
should come in electronic form so it can then post the information on its
Web site.  The FAS emphasized that it is not in favor of placing classified
military documents on the Web. But the pages taken off the Web were
unclassified or non-classified and thus should remain in the public domain,
it contends.
Activists also note that, to date at least, the Pentagon cannot point to a
specific incident where information posted on a military Web site resulted
in harm to U.S.  national security.
"The menacing scenarios have remained just that -only scenarios," according
to George Smith, editor of The Crypt Newsletter, an online publication
dealing with computer security.
And activists fear the Pentagon purge was just the start of a
government-wide move to restrict what's on the Web.
The House Commerce Committee last week held a hearing to see how data about
chemical facilities could be disbursed to residents around those sites
without also putting it on the Web, where the FBI and others fear it could
make it easier for terrorists to plan attacks.
The Pentagon's new Web policy is available at
[Linked item(s) not available on mobile device.]
www.defenselink.mil/admin/about.html#WebPolicies
<http://www.defenselink.mil/admin/about.html#WebPolicies>