Strangling OSINT, Weakening Defense, Censoring Criticism: The Pentagon
William Lind has a new post up at Defense and The National Interest that addresses the issue of the IT restrictions on the use of the internet by military personnel. This topic has been touched on previous by others such as at the SWC, SWJ Blog, Haft of the Spear, Hidden Unities and many milbloggers, intel and cyberwonks but previously, IT policy varied across services and from command to command. That appears to be changing – for the worse.
At the height of the Cold War, a U.S. army corps commander in Europe asked for information on his Soviet opposite, the commander of the corps facing him across the inter-German border. All the U.S. intelligence agencies, working with classified material, came up with very little. He then took his question to Chris Donnelly, who had a small Soviet military research institute at Sandhurst. That institute worked solely from open source, i.e. unclassified material. It sent the American general a stack of reports six inches high, with articles by his Soviet counterpart, articles about him, descriptions of exercises he had played in, etc.
What was true during the Cold War is even more true now, in the face of Fourth Generation war. As we have witnessed in the hunt for Osama, our satellite-photo-addicted intel shops can’t tell us much. But there is a vast amount of 4GW material available open-source: websites by and about our opponents, works by civilian academics, material from think-tanks, reports from businessmen who travel in areas we are interested in – the pile is almost bottomless. Every American soldier with access to a computer can find almost anything he needs. Much of it is both more accurate and more useful than what filters down through the military intelligence chain.
Or at least he could. In recent months, more and more American officers have told me that when they attempt to access the websites they need, they find access is blocked on DOD computers. Is al Qaeda doing this in a dastardly attempt to blind American combat units?
Sadly, no. DOD is doing it. Someone in DOD is putting blinders on American troops.I do not know who is behind this particular bit of idiocy. It may be the security trolls. They always like to restrict access to information, because doing so increases their bureaucratic power. One argument points to them, namely an assertion that the other side may obtain useful information by seeing what we are looking for. That is like arguing that our troops should be given no ammunition lest muzzle flashes give away their positions in a fire-fight.
But the fact that websites of American organizations whose views differ from DOD’s are also blocked points elsewhere. It suggests political involvement. Why, for example, is access to the website of the Center for Defense Information blocked? CDI is located in Washington, not the Hindu Kush. Its work includes the new book on military reform America’s Defense Meltdown, which has garnered quite a bit of attention at Quantico.
The goal of the website blockers, it seems, is to cut American military men off from any views except those of DOD itself. In other words, the blockaders want to create a closed system. John Boyd had quite a bit to say about closed systems, and it wasn’t favorable.
Read the rest here.
What is disturbing to me is that Lind indicates that the previous policy, which left IT restrictions up to commanders, seems to be coalescing behind one of systemic, tight, restrictions on access for all uniformed personnel to all kinds of blogs or websites that do not jeopardize information security. Or may even be useful to the conduct of their mission. The previous excuse by DoD bureaucrats was “conserving bandwidth” but it’s hard to see how esoteric sites like the Center for Defense Information or some university PDF on Islamist madrassas in Pakistan clog up a combatant command’s skinny pipes.
Intel and cyber experts in the readership are cordially invited to weigh in here.
ADDENDUM:
Professor Sam Liles offered up this manifesto on cyberthreats and cybersecurity.
ADDENDUM II:
Fabius Maximus, Ubi war and Wings Over Iraq took a similar view ( Wings though, added “Curse you Zenpundit!”).
ADDENDUM III THE COUNTERPOINT:
Galrahn says Bill Lind does not understand the legitimate cybersecurity aspect that causes blogs and websites to be blocked and then offers some practical advice to the blocked bloggers (such as myself):
….but I’d bet at least 5 shots of Canadian Whiskey (I’m a Crown Royal fan until summer gets here) that the problem that triggered his rant doesn’t originate in the DoD or any government entity, rather the private sector.
But I will say this. There are several legitimate reasons why websites, blogs, and other forms of social media sites on the web are blocked. If your website or blog is blocked, please understand you can do something about it besides whine.
Use Feedburner, or some other form of syndication software to distribute your content, including by email. Organizations including the military may block Blogger but typically they do not block syndication service sites because from an IT perspective, syndication services like Feedburner is a better way to manage bandwidth for larger enterprises. If an organization is blocking syndication sites too, then your organization has a very strict IT policy, BUT if your favorite websites are distributing content by email, problem solved
I used Feedburner previously with my old blogger site when Feedburner was in beta but when it was purchased or absorbed by Google, that account went dormant. I think I will ressurect it and then look into Galrahn’s other suggestions.
April 29th, 2009 at 4:16 pm
In the minds of some senior persons it is 1909, not 2009, it seems.
.
The bureaucracy "does its thing", as always.
April 29th, 2009 at 9:41 pm
[…] information access to one’s own militaries has a healthy and regrettable recent pedigree too. Zen and Fabius Maximus have already picked up on this but William Lind has a new piece on the […]
April 30th, 2009 at 3:26 am
I left a comment over at Galrahn’s. He needs to get on a ship out to sea and experience some of that underway internet:——I cry foul on this because when I was out to sea on the Kitty Hawk and the Abe Lincoln between 04-07, we could get all the ESPN, CNN, Flickr, etc. we wanted, but if I were to check out any number of blogs (Zenpundit, Coming Anarchy, Daily Dish, Milblogs, etc), I was more often than not denied. There was an absolute no blog and no Google apps (Reader, Docs, etc.) rule on the Hawk in my last year there which drove me batty and made zero IT sense when guys could still hit up Adultfriendfinder and nearly every sports site known to man. —— I never noticed bandwidth being the rationale. It was a very anti-blog, anti Web 2.0 attitude from them when I would go down to carp about it. —–
April 30th, 2009 at 3:31 am
Not to mention we all knew for a fact IT guys were DLing large files for various games b/c the more unscrupulous ones would be pirating files to sell on the mess decks and on the Lincoln’s Post-Its Sell Board. How else is an IT puke going to be hawking pirated files of the new Madden 07 on Sony’s PSP when we haven’t hit a port for weeks and mail call is 4-5 days late?
April 30th, 2009 at 3:45 am
Wow, this is something I was not aware of. I have been using feedburner for awhile, but I did not realize that this was it’s potential upside. So thanks for the info and I will pass this on to my military readers.
April 30th, 2009 at 6:16 am
<i>There was an absolute no blog and no Google apps (Reader, Docs, etc.) rule on the Hawk in my last year there which drove me batty and made zero IT sense</i>
Eddie I feel your pain man. That is a software limitation. Keep in mind the social software rule on most of these applications effects a lot more than just text blogs. For a long time versions of web filter software did not separate categories of social media, although more configuration options are now being sold as new features in new releases.
However, from experience I can tell you at least two of the software venders still requires IT staff to manually change the rules after an upgrade to take advantage of these new features and enable different types of social software.
Every complaint I have see on this issue, including Lind’s, is often rooted in the limited capabilities of the software used for filtering websites (a technology problem, not a human problem). Remember, the web filtering software on most bases is the same variations of COTS software used in public and private industries nationwide, and the contracting decision that determined what base/ship/etc. uses what software is based on a security, support contract, and other factors like lowest bid.
If Lind had asked a basic question, like what web filtering software do the specific places he is blocked from use, he would learn something. He would probably also find a consistent pattern, specifically, why he is being blocked and if it is a specific software vender. When results are random, as they are for CDI.ORG, it is usually because one vender has a site flagged in the wrong category. For the record, it should also be stated that venders no longer have humans flagging sites, sites are flagged by smart software crawling the web, and those crawlers are not perfect.
There is no single standard for web filtering software across the DoD. Often, one command is using a different filtering software than another command in the same city, or even the same facility, if each command has two different pipes out. For example, I have seen scenarios where on the same base depending upon where you were (which pipe you were using to the internet), half the base could get to sites the other half could not, and it was different because both pipes used different software to filter web traffic, each with different inherent configurations (vender determined) based on a standard set of rules applied. Said another way: the category that blocked "Social Software" meant something different to each application.
April 30th, 2009 at 1:12 pm
[…] “Strangling OSINT, Weakening Defense, Censoring Criticism: The Pentagon“, Zenpundit, 29 April 2009 […]
May 1st, 2009 at 1:34 am
Galrahn, I appreciate your overview of the convoluted software situation. However I was expressly told that blogs were a no-no. I ran into this situation when my Senior Chief from a prior division I worked in who was on an e-mail distribution list I used to send to people in my Sunday night boredom asked me to compile resources and info for two of his people who were going IA to Iraq. Upon trying to access Small Wars Journal, Global Guerillas, Aqoul and a few other blogs and sites, I ran afoul of the new ITC @ ADP. He wrote in an e-mail I forwarded to this senior chief and others that blogs were a no-no. Three weeks later, I noticed I could access CDR Salamander b/c it was a popular blog for a few squadron khakis. I pestered the ITC about that and was told to focus on my job, not network policy. ***2****Yet again, I can access ESPN and other bandwidth hogging sites that had no business being authorized for viewing out to sea, which anybody with an eye towards conserving bandwidth would have had added to the application to block (which I do at work in my civilian job now on a weekly basis using Barracuda software based on the input of our CFO).
August 2nd, 2009 at 10:16 pm
It’s gotten worse. Now the private company TrendMicro is censoring CDI through its TrendMicro Client/Server Security Agent software. (This is required to be on my computer by my company, though I have discovered a workaround.) They have rated the http://www.cdi.org site and its subpages as "Dangerous"… dangerous indeed!
August 3rd, 2009 at 5:27 pm
"It’s gotten worse. Now the private company TrendMicro is censoring CDI through its TrendMicro Client/Server Security Agent software."
The enemy is not in front of the leader, but behind; love your enemy. This is probably why empowering employees is given mostly lip-service by those in leadership roles. It works, but they don’t like it and don’t even implicitly believe in it.