Pentagon Orders Security Review of Its Web Sites By Bradley Graham
Washington Post Staff Writer
Saturday, September 26, 1998; Page A05
In a statement, Deputy Defense Secretary John Hamre, who issued the order, said he recently became aware that some Web sites were offering "too much detail on Defense Department capabilities, infrastructure, personnel and operation procedures," posing a potential threat to U.S. troops and military operations.
Hamre expressed particular concern about the possibility that information about service members and their families -- including Social Security numbers, telephone numbers, birth dates and home addresses -- could be gained through straightforward electronic searches. He directed the immediate removal of such personal data from the Pentagon's roughly 1,000 Web sites.
He also barred information revealing "sensitive" movements or locations of military assets. And he instructed commanders to remove "lessons learned" reports about past operations that might expose U.S. military vulnerabilities.
Another senior defense official said the move was not prompted by any particular event but by a growing concern about the risks inherent in the Pentagon's expanding use of electronic networks to carry out its business. Greater reliance on the Internet for outside contracting and other administrative activities has been touted as essential if the Pentagon is to achieve greater efficiencies and cost savings. It also has been viewed by department officials as an important public relations tool, promoting Pentagon activities at a time of shrinking defense budgets.
But Hamre said more attention would have to be given to the security implications of the new technology. "Security and efficiency can be achieved at the same time," he asserted, adding that the goal now will be "to strike the appropriate balance between openness and sound security."
The vulnerability of the Pentagon's computer networks moved to the top of the department's list of worries in February, when hackers penetrated a number of unclassified networks just as troops were massing in the Persian Gulf for a possible air strike against Iraq. The computer intrusion turned out to be little more than a prank by two California teenagers, but the episode called attention to how some of the department's open sites could provide entry to military files containing sensitive personnel and administrative data.
A subsequent study of military Web sites found additional examples of readily available information that, in the wrong hands, could prove damaging. In one case, the Web page of a U.S. satellite ground station in Germany displayed pictures of the base that identified each of the buildings and radar dishes.
Yesterday's directive also established a task force that would develop more guidelines for what to post on military Web sites and look at ways of regulating access even to the Pentagon's unclassified networks.
"One of the things we're finding over time is that, in this new environment, the distinction between classified and unclassified information in some respects is diminishing," said the senior official.
© Copyright 1998 The Washington Post Company