All eyes are on DOD's social-media policies as review nears completion
As the Defense Department reviews the use of social media tools, experts warn against overly restrictive policies.
A review that considers the benefits and risks of using social networking technology at the Defense Department is expected to conclude this month and could lead to new policy decisions on the use of such tools in DOD agencies.
Meanwhile, a DOD spokesman said recently he expects the review to recommend a balanced approach to using social networking tools such as Facebook and Twitter. A policy that permits the use of the technology with some restrictions is the likely outcome, he said. DOD has not had a department-wide policy, leading to a range of rules among various organizations. Some have essentially banned social-media use on military computers, while others have adopted less restrictive measures.
A balanced policy is wise, because an outright ban wouldn’t work, according to several experts.
Attempting to completely block the technology in the DOD would be futile, said Amit Yoran, the chief executive officer of NetWitness and the former director of the US Computer Emergency Readiness Team and National Cyber Security Division of the Homeland Security Department.
“What experience has taught us in this industry is that users will bypass over-draconian and overly restrictive policies that you may impose on them,” Yoran said. “It may be the users actively doing it, it may be the social media sites getting creative and finding ways to encapsulate and tunnel and do all these things that allow folks to bypass the protective measures and policies that we put in place.”
If people try to get around restrictive policies, that could put agencies in a more vulnerable position than simply allowing some degree of access would have, Yoran said.
“When you force these sites to work against you, and your users to work against you, then your ability to monitor and protect and defend yourself is significantly reduced,” he said.
The balanced approach DOD is expected to take is the right move, Yoran said.
Because outright bans rarely work, DOD and other agencies should identify specifically what security problems they have with social networking, said Jeremy Mishkin, an attorney with Montgomery McCracken with expertise in e-commerce and Web-based businesses.
“Teach your people about what security is, why it’s essential and how the entire team has to be smart since the weakest link will fail,” he said. “In general, if you explain respectfully what you’re trying to accomplish and why, and treat them as responsible adults, your team’s much more likely to comply.”
Besides being ineffectual, under a ban DOD would miss the functionality social networking can provide. The ability to rapidly share information is a function DOD is constantly seeking, he said, Yoran said.
The next step for DOD, and other federal agencies, should be to identify exactly how the emerging technology should be used, said Grant McLaughlin, principal at Booz Allen Hamilton.
A review weighing the benefits and risks of using social networking technology at the Defense Department is expected to conclude this month and could lead to new policy decisions on the use of such tools withing DOD agencies. A DOD spokesman said he expects the review to recommend a balanced approach to using social networking tools such as Facebook and Twitter. A policy that permits the use of the technology with some restrictions is the likely outcome, he said.