Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] ID 15.01.03: Citing Al Qaeda Manual, Rumsfeld Re-Emphasizes Web Security,
January 15, 2003

Citing Al Qaeda Manual, Rumsfeld Re-Emphasizes Web Security

Defense Secretary Donald Rumsfeld yesterday issued a message directing 
military component heads to redouble Internet security efforts to prevent 
enemies such as al Qaeda from gaining access to sensitive information.

Rumsfeld says for official use only and other sensitive, unclassified 
information -- including concepts of operations, operational plans and 
standard operating procedures -- continues to be found on public Web sites, 
indicating that too often data posted by DOD are insufficiently reviewed 
for sensitivity and/or inadequately protected.

Over 1,500 discrepancies were found during the past year, he writes.

Rumsfeld starts out his message by noting that an al Qaeda training manual 
recovered in Afghanistan states: 'Using public sources openly and without 
resorting to illegal means, it is possible to gather at least 80% of 
information about the enemy.'

Accordingly, Rumsfeld directs that DOD component heads must increase 
Internet operational security efforts to ensure enemies cannot benefit from 
publicly available information. He reiterates official DOD policy on 
Internet security and dictates that it be followed in conjunction with 
broader policies on information release and review.

Using the OPSEC process in a systematic way and thinking about what may be 
helpful to an adversary prior to posting any information to the Web could 
eliminate many vulnerabilities, he writes.

Limiting details, for one thing, is an easily applied countermeasure that 
can decrease vulnerabilities while still conveying the essential 
information, the message adds.

Component heads are directed to ensure Web site owners take responsibility 
for the information they post. Web site owners, for their part, must ensure 
a valid need exists to post their information.

The Rumsfeld message does not lay out any new policy; rather, it appears to 
indicate a heightened level of concern on the part of DOD leaders, 
according to Steve Aftergood, director of the Federation of American 
Scientists' Project on Government Secrecy.

Many DOD Web sites have already been stripped to the bone in the wake of 
the Sept. 11, 2001, terrorist attacks, which spawned a host of Internet and 
information security efforts.

What's alarming about the latest message is that it suggests that using the 
OPSEC process to examine what may be helpful to an adversary is the way to 
define what can be posted on the Web, Aftergood said. That is a grossly 
over-broad way of looking at the problem since literally everything could 
be of use in some way to an adversary, including addresses for military 
facilities, the names of commanding officers, and other information that is 
routinely available via the Web and through other channels.

-- Daniel G. Dupont

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.