August 19, 2007:
Although military personnel get
lots of publicity for real, or imagined, security violations on their blogs or
web sites, most of the damage is done on official sites. The most recent
assessment found an average of 2.06 violations for each of the official 878
sites checked last year. There were only .05 violations for 594 unofficial
(individual troop) blogs during the same time. Unfortunately, this is nothing
new.
Seven years ago, a U.S. military reserve unit
assigned to check the 1,300 official military web sites for sensitive or
classified information. The Web Risk Assessment Team (or WRAT, as the unit was
then called) spent one weekend a month checking out Department of Defense
sites. WRAT did find over a dozen sites where details of U.S. war plans
(normally top secret stuff) posted. There were lots of lesser violations as
well. WRAT also worked to improve the security of Department of Defense web
sites.
Over the years, WRAT evolved into WRAC (Web Risk
Assessment Cell). Many officers, unfortunately, either disregarded WRAC
findings, or simply didn't know, and continued to concentrate on the potential
for individual troops to let out military secrets in their message boards, chat
rooms and blogs. What these misguided officers were missing was the fact that
the troops, often men in combat units in Iraq, had a big self-preservation
thing going when they posted to an unofficial site. The troops, as some
officers must constantly be reminded, are not stupid. Particularly the current
crop. They know how to look out for themselves.
Meanwhile, the fact that there were so many
security violations on official sites is also understandable. These sites are
supposed to be making military information available, and it's always been more
art, than science, figuring out what is classified and what is not. The
official sites often serve both civilians and military personnel. Keeping these
sites completely "clean" will always be a work in progress.