August 19, 2007: Although military personnel get lots of publicity for real, or imagined, security violations on their blogs or web sites, most of the damage is done on official sites. The most recent assessment found an average of 2.06 violations for each of the official 878 sites checked last year. There were only .05 violations for 594 unofficial (individual troop) blogs during the same time. Unfortunately, this is nothing new.

Seven years ago, a U.S. military reserve unit assigned to check the 1,300 official military web sites for sensitive or classified information. The Web Risk Assessment Team (or WRAT, as the unit was then called) spent one weekend a month checking out Department of Defense sites. WRAT did find over a dozen sites where details of U.S. war plans (normally top secret stuff) posted. There were lots of lesser violations as well. WRAT also worked to improve the security of Department of Defense web sites.

Over the years, WRAT evolved into WRAC (Web Risk Assessment Cell). Many officers, unfortunately, either disregarded WRAC findings, or simply didn't know, and continued to concentrate on the potential for individual troops to let out military secrets in their message boards, chat rooms and blogs. What these misguided officers were missing was the fact that the troops, often men in combat units in Iraq, had a big self-preservation thing going when they posted to an unofficial site. The troops, as some officers must constantly be reminded, are not stupid. Particularly the current crop. They know how to look out for themselves.

Meanwhile, the fact that there were so many security violations on official sites is also understandable. These sites are supposed to be making military information available, and it's always been more art, than science, figuring out what is classified and what is not. The official sites often serve both civilians and military personnel. Keeping these sites completely "clean" will always be a work in progress.