New, more open net policy puts burden on MacDill computer users Published June 25, 2010 By Nick Stubbs 6th Air Mobility Wing Public Affairs MACDILL AIR FORCE BASE, Fla. -- For those too young to remember a world without the Internet, before there was a global communications web that reaches virtually everywhere, it may be difficult to appreciate just how much information is out there, at our fingertips, 24-hours a day. But communication and the exchange of information is a double-edged sword. Fearing the backward cut that could compromise operations, the Air Force until recently leaned toward limiting Internet usage by Airmen and civilians on the job - not only to cut down on the distraction, but also to control the malicious or accidental release of sensitive information. The directive was to tweet on your own time, don't My Space in Air Force cyberspace. That's all changed as of recently, when a shift in policy opened access to more of the Web from Air Force computers, including access to social networking Web sites like Twitter and My Space. In fact, for those who don't already know it, the 6th Air Mobility Wing and some of it's squadrons and units, have Facebook and Twitter pages, where you can keep up with the latest news. The change has been a welcome one for those on duty who were essentially cut off once they passed through the gates of MacDill, but only time will tell how well the new policy will work out for all. If everyone follows the guidance calling for reasonable use and watching their "P's" and "Q's" when posting information, it could work out well, striking a "balance between safeguarding the mission and maintaining a safe and controlled network to defend against malicious activity while allowing Airmen to have appropriate access," according to official guidance issued by Air Mobility Command in April. The new, more open policy does not mean that the entire Web is open to access. What you can access on government computers will remain limited compared to computers off the official network. Controversial and sexually explicit sites remain blocked, and accessing such a site through back doors, proxy sites, etc, remains a violation of Air Force Policy, just as before. Additionally, personal use of government computers will remain limited. As the guidance provides: "Limited authorized personal use must be of reasonable duration and frequency that has been approved by supervisors and does not adversely affect performance of official duties, overburden systems, or reflect adversely on the Air Force." The rule suggests that supervisors will have the latitude to make judgment calls about computer use, but the hope is Airmen and government employees will be reasonable and police themselves. The bottom line is don't abuse the new privilege. This applies to not only what is viewed on Air Force computers, but information that is posted that could reflect negatively on the Air Force and the core values it projects. This and other concerns outlined here, apply not only to internet use on the job, but also at home or from any location. "Airmen must use due diligence when posting information online and must always follow Joint Ethics and Information Protection regulations and guidelines," as the current guidance provides." "Internet social networks are great places to meet and network with people sharing similar interests, but Facebook, and other similar Web sites can also pose serious national security threats if users are not careful," said Pamela Hartnagel, wing information assurance manager. "Since most people access social network sites from the comfort and privacy of their home or office, they can be lulled into a false sense of anonymity. Additionally, the lack of physical contact on social network site can lower users' natural defenses, leading individuals into disclosing information they would never think of revealing to a person they just met on a street or at a party." So, while wasting away the day tweeting and uploading tasteless pictures is a concern, the greatest danger remains compromising operations through the release of sensitive information. An Airman tweeting something as simple as where and when he or she is being deployed, especially if put together with other information that may have been posted in the past or permanently affixed to a profile page available to the public, could be used to mine important intelligence about military operations. It's a mistake no one wants to make, as the lives of servicemembers and allies could be in the balance, said Steve Wilson, 6 AMW OPSEC manger. Not only can information posted be used by an overseas enemy, but also by criminals at home. A notorious case years ago involved a servicemember's absence emboldening a criminal, who preyed on his family, said Mr. Wilson. "You want to follow standard OPSEC procedures, but you also don't want to tip off criminals that you are not around to mind the farm," Mr. Wilson said. Ms. Hartnagel said one of the real dangers of social networking is releasing unclassified information that nevertheless could be of value to an adversary. "There's a tendency to think when information is not classified, it's OK to share, especially if the user has setup a privacy profile on their account," she said. "However, it's those small pieces of information shared in casual conversation that an adversary can use to uncover secrets and point them toward a specific target. For example, a foreign agent seeking military technology might use Facebook to try and identify individuals who work on a specific technology, continue on to figure out whom they associate with, and then follow their movements, looking for clues on new research and so on." AMC guidance cautions that, "When posting information to the web - especially information about Air Force operations, programs or activities - remember that there are always consequences to what is spoken or written. All Airmen are on duty 24 hours a day, 365 days a year, and their actions - on and off duty - are subject to the Uniform Code of Military Justice (UCMJ). Airmen, by the nature of the business, are always on the record and must always represent the core values: Integrity first, Service before self, and Excellence in all we do." Yet another threat posed by opening access is the possibility of viruses or other malicious programs or scripts infecting the network. The warning to heed is that, "Adversaries continuously attempt to infiltrate Air Force networks and systems trying to steal, compromise, degrade or destroy information, disrupt networks or communications, or deny service. All Airmen must take all precautions to ensure we protect our networks at all cost. In addition to protecting information, all Airmen must do their part to protect the Air Force Network (AFNET) from malicious attacks (i.e., viruses, Trojans, worms, spyware, etc.), which can significantly disrupt operations. In addition to watching their own Internet use and activities, all Airmen and DoD employees have the responsibility of watching out for sensitive information that may have been posted by someone they know, or fellow servicemembers. AMC guidance stipulates that supervisors or the Public Affairs office should be notified.