There has been some interesting discussion on the possibility that DoD will institute a ban on social media such as Twitter and Facebook.
It was asserted by some that DoD didn’t really understand social media, which may be true in part, and there were some very good arguments for and against having such programs available to our service members. Others saw the announcement as a grave threat to the rights of every American to screw off at work. (Okay, that was me.)
The DoD, for their part, mentioned serious security concerns in their late-July message. This was interpreted in a variety of ways, including possible OPSEC considerations.
However, the concern about social media is shared by all of government and much of private industry. And here, in large part, is why.
From an online article at Financial Times (www.ft.com):
Law enforcement warnings, recent reports from private security experts and lawsuits are focusing attention on the issue. Some professionals, citing the ongoing boom in virus infections through such social networks as Facebook and Twitter, fear the trends could combine in 2010.
Targets have fallen victim to “spear phishing” and other tricks. In spear phishing, a misleading e-mail, instant message or social networking communication is aimed at one company or even a single person within that company, frequently a top executive. The message can be tailored convincingly with details of interest to that individual.
As with many generic phishing attacks that go to millions of users, the point is often to get the recipient to click on a link that installs software for surreptitiously logging keystrokes, so that passwords and account numbers can be recorded and transmitted over the internet to the hacker.
Aiming at small groups means that security programs that look for copies of previously reported attacks are less likely to recognize the software.
My experience with such issues is that these cyber security concerns have been expressed behind closed doors for some time, and an affordable and implementable technical solution is unfeasible for now. And the threat is serious enough that an out-and-out ban is being considered. For such analysis to be stated publicly means that several verified occurrences of successful cyberhacking via these means have taken place already, and cyber security experts are at a loss as to how to stop them.
So, regardless of where one’s opinion falls on the usefulness of social media in DoD, security concerns indeed appear to be at the center of considerations to ban Twitter and/or Facebook.
