WASHINGTON — Army personnel who monitor online security believe that official service Web sites are doing a good job protecting sensitive information despite a recent report showing nearly 2,000 violations last year.
Lt. Col. Stephen Warnock, head of the Army’s Web Risk Assessment Cell, or AWRAC, said many of the security lapses online were found when units asked for reviews of new Web sites to ensure they met regulations, or when Webmasters outside the cell contacted the researchers to flag potentially troublesome material.
“Webmasters, soldiers and everyone in the Army chain of command are Web smart and are adapting to the changing mindset and technology just as fast as possible,” he said. “As the number of Web pages increases, we do not necessarily expect a similar rise in violations.”
Documents released last month as part of a lawsuit by the Electronic Frontier Foundation, a nonprofit digital rights group, showed results of the AWRAC’s review of Army-run Web sites and soldiers’ blog sites between January 2006 and January 2007.
On average, researchers found more than two security violations for every Army site visited but only one such violation for every 23 blog sites researched.
Official Web pages had 1,965 security lapses to the blog sites’ 26, and Army portals were nearly 40 times more likely to have security issues than those personal sites.
Warnock said nearly all of the violations found on both official sites and soldiers’ blogs were minor infractions, issues where “there is room for discussion with the author in pointing out the exact violations.”
He said discussions about current operations, pictures of bases or personnel, and techniques or procedures all are potential violations.
“An example would be a soldier discussing an upcoming patrol: If he talked about departure times, equipment, patrol routes, that would be a violation,” he said. “If he discussed how he hates to do patrols and does not like his squad leader, that would not be a violation.”
Warnock said some major violations have occurred, usually as a result of “someone trying to share information to an official audience, quickly, without fully considering the OPSEC ramifications.” Those issues have been corrected, he said.
Army officials announced stricter blogging guidelines earlier this year in an effort to make sure sensitive material isn’t posted on easy-to-access Web sites. The guidelines require troops consult with commanders and operational security officers before posting any information online.
Critics of those rules pointed to the EFF data as proof that soldier blogs effectively police themselves. Warnock said the Army still is keeping close tabs on those sites but feels the publicity about the cell’s work and the official site violations could make those blogs more secure.
“The regulations places trust in the soldier, civilian employee, family member and contractor that they will use proper judgment to ensure OPSEC,” he said. “It is much better when well-informed soldiers use common sense and discretion when writing blogs.”