The Washington Post
Navigation Bar
Navigation Bar

Partners:
Related Items
On Our Site
  • Arkin's Fog of War Iraq analysis

    On the Web

  • Resources from Arkin's "The U.S. Military Online"

  •   Warring on the Web

        Bill Arkin

    By William M. Arkin
    Special to washingtonpost.com
    Monday, Nov. 23, 1998

    Deputy Secretary of Defense John J. Hamre has earned the reputation as someone not afraid to make decisions or ruffle feathers. Yet, as self-described chief operating officer of "the largest corporation in the world," Hamre often has to issue orders in the form of nimbly worded dispatches, a managerial necessity to mobilize an always diverse, stubborn and sometimes even insubordinate team.

    When Hamre issued a three-page memorandum Sept. 24 addressing U.S. military vulnerabilities on the Web, his words unleashed a frontal assault by Internet foes who seek to insulate and isolate the Pentagon from the new lifeline. For an institution which intuitively equates free-flowing information with a saboteur, the knee-jerk reaction is that the Internet must be a threat.


    "The Web is giving the Pentagon severe heartburn these days ... because of the very nature of the medium."

    The Web is giving the Pentagon severe heartburn these days, not just because of hackers and bogeyman cyber-terrorists, but because of the very nature of the medium: it is borderless and anarchic. As one military Webmaster puts it, some in uniform have been slow in realizing that World Wide Web actually means worldwide web.

    The net, of course, was spawned by the Pentagon, and it is also increasingly intrinsic to military operations and communication: With 2,500-plus publicly accessible sites and almost one million e-mail accounts, the Defense Department remains the single largest community of net users worldwide. As Hamre states in his memo, the Web is the heart of the Defense Reform Initiative and the key to more efficient operations.

    Nonetheless, responding to concerns raised earlier this year by the Joint Staff, Hamre ordered a comprehensive review of .mil domain Web sites to ensure that official information online does not "compromise national security" or place military personnel "at risk." Specific types of personal data — such as Social Security numbers and home addresses — were ordered expunged from public Internet sites. And a departmentwide Web security task force was created to develop new guidelines to protect a class of admittedly more ambiguous information, namely that which Hamre says "would reveal" sensitive military operations, exercises or vulnerabilities.


    "Despite the panic of the professional paranoids, only the Army's reaction was overkill."

    Webmasters scrambled to cleanse their sites in response to Hamre's memo. But despite the panic of the professional paranoids, only the Army's reaction was overkill. The memo had hardly landed in green in-boxes before all publicly accessible Army Web sites were ordered "immediately disconnected from the Internet." From the Pentagon to the third platoon of Company Z at Fort Podunk, 900 Web sites were unplugged. All that was left was a ubiquitous communique: "This Army Web site is not currently available."

    In the ensuing review, however, hardly any offending personal information has been found. In the overwhelming majority of cases, routine security reviews had already cleansed official sites. As the task force started its deliberations to develop interim guidance for the department, even a good number of the Army sites fell back into formation, none the worse for wear.

    End of story? Just another hysterical Web attack?

    Hardly.


    The directive also gave the enemies of information the pretense they needed for a full scale attack.

    The Deputy Secretary's seemingly prudent directive also gave the enemies of information the pretense they needed for a full scale attack. They advance scenarios where some as-yet-unidentified adversary stockpiles bookmarks like missiles, ready to mount a bolt-from-the-blue assault over the Web.

    "There's too much out there," says Michael White, DOD's assistant director for security countermeasures. White and others have created a security classification that they hope Hamre will adopt as the standard for data that is transmitted electronically. Their concept, called "format sensitive information," is defined as "unclassified information regarding DOD capabilities, infrastructure, personnel, and/or operational procedures, which, when electronically aggregated, in significant volume, could adversely affect the national interest, the conduct of federal programs, or the privacy of individuals if lost, misused, accessed, or modified in an unauthorized way. ..."

    Hamre had invited that mouthful, warning in his memo that "the Web can ... provide our adversaries with a potent instrument to ... correlate and evaluate an unprecedented volume of aggregated information."

    The proponents of creating yet another classification scheme say it is needed to thwart "point and click aggregation." They argue that you can find a bit of seemingly benign information here, a byte there, and pretty it soon it adds up to a security breach, or at the very least a public display of what should be a closely held profile of an individual, issue or organization.


    Reagan administration censors pushed an earlier version of point and click aggregation which they called the "mosaic theory."

    Back in the days when a mouse was just another rodent, Reagan administration censors pushed an earlier version of point and click aggregation which they called the "mosaic theory." Using it, they attempted to deny Freedom of Information Act requests by claiming that, although individual documents were unclassified, when combined with others, the composite would be a big secret.

    But even in the Reagan era, attempts to introduce various new "sensitive" caveats largely faltered. More times than not, attempted controls under mosaic and other theories collapsed because so much information was already in the public domain that diligent scholars and investigative reporters were able to complete their work despite official protections.

    None of which is to argue that the Pentagon shouldn't attempt to protect personal and other information that might really do damage to national security. But the concept of format-sensitive information being sent to Hamre as part of the task force's recommendations is so broad and vague that it should not be a standard for the government's presence on the Web.

    Accept the Pentagon's logic of aggregation, and the natural argument is that nothing should be on computers, which is both ridiculous and dangerous. What Pentagon security types miss in their war against the Web is that the Internet and unprecedented openness of information is also the primary reasons for America's unchallenged strength and vitality in the post-Cold War world.


    William M. Arkin, author of "The U.S. Military Online," is a leading expert on national security and the Internet. He lectures and writes on nuclear weapons, military matters and information warfare. An Army intelligence analyst from 1974-1978, Arkin currently consults for Washingtonpost.Newsweek Interactive, MSNBC and the Natural Resources Defense Council.

    Arkin can be reached for comment at william_arkin@washingtonpost.com.

    © Copyright 1998 The Washington Post Company

    Back to the top

    Navigation Bar
    Navigation Bar