« Previous · Home · Next »

Army Brass, Not Bloggers, Violate OPSEC

By John

No surprises here. Awesome work from my buddy Noah Shachtman.

Army Reports Brass, Not Bloggers Breach Security:

For years, the military has been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post material far more potentially harmful than anything found on a individual's blog.

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.

The results were obtained by the Electronic Frontier Foundation, after the digital rights group filed a lawsuit under the Freedom of Information Act.

"It's clear that official Army websites are the real security problem, not blogs," said EFF staff attorney Marcia Hofmann. "Bloggers, on the whole, have been very careful and conscientious. It's a pretty major disparity."

The findings stand in stark contrast to Army statements about the risks that blogs pose.

Shachtman also posted the Army's rather weak attempt at damage control, from spokesman Gordon Van Vleet:

There are many more Army web sites and web pages available for review on traditional Army web sites than there are BLOGs and BLOG pages, therefore because of volume alone, it must be expected that there will be more violations found on the traditional web sites.

I'm calling shenanigans. So is Noah:

Um, no. For two reasons:

1) While the audits do show that more official pages were scanned than blog pages, it is nowhere near the 65-to-1 ratio of .mil-to-.com security violations.

2) The Army itself doesn't have a very strong handle on how many pages were scanned, really. In The Army Web Risk Assessment Cell's presentations, numbers contradict one another, or are transposed from one month to the next. For example, AWRAC came up at different points with five separate figures for the number of .mil pages scanned in September 2006. The documents show that the number of breaches may have been as high as 4,052 on official military sites, and as low as 14 on blogs.

It was said at both milblogging conferences and begs repetition, the Army needs to look inward before dedicating resources towards policing blogs.

August 17, 2007 09:06 AM    Leadership

TrackBack

TrackBack URL for this entry:
http://op-for.com/mt/mt-tb.cgi/1169

Listed below are links to weblogs that reference Army Brass, Not Bloggers, Violate OPSEC:

» Get propecia online pharmacy. from Propecia side effects bad.
Propecia. [Read More]

Tracked on October 14, 2007 11:36 AM

Comments

The Army, as in the Institutional, Pentagonian Army, is in the wrong. They know the rules, get the training and briefings that joes don't get, and still commit multiple OPSEC violations. So yeah, very weak... my two cents.

DaveO   ·  August 17, 2007 09:30 AM

It was a very nice idea! Just wanna say thank you for the information you have shared. Just continue writing this kind of post. I will be your loyal reader. Thanks again.

Christian louboutin shoes   ·  November 3, 2009 05:52 PM

Post a comment

Potential comment conditions listed here. Oh, and you may use basic HTML for formatting.





Remember Me?

(you may use HTML tags for style)


Please enter the security code you see here