Bumped and Updated: Looks like a simple case of switching vender's has created a massive increase in the black listings for the Air Force.From what we are hearing the contract with SmartFilter expired and the Air Force has gone with BlueCoat Web Filter instead.
____
We are getting word the US Air Force has begun blacklisting blogs in mass from USAF networks. At first we thought they were blacklisting what they saw as a few troublemakers (from the AF perspective), but it appears to be more widespread. We observed this FCW article yesterday which discussed the possibility under consideration by the DoD, but apparently the USAF had already made up their minds. This could be a trend for the whole DoD soon.
The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks, said Lt. Gen. Charles Croom, director of the Defense Information Systems Agency
...DOD’s consideration of the proposal, however, is in the preliminary stages, and it’s too early to predict if the department will proceed with the idea, Croom said.
...In practical terms, the rules are intended to eliminate traffic that’s entering DOD networks as employees surf Web sites that aren’t expressly banned or blocked but that would be difficult to justify as necessary purely for official business
From a security perspective I really can't disagree with this line of thought, but I do think there is potentially as much lost as gained. I see irony that the same DoD making decisions on the value of information through Net Centric Warfare also sees access to information on the internet as a potential threat.
I don't disregard that threat, I deal with it daily so understand where the mentality comes from, but I believe whenever access to information is restricted there can be tangible loss. When we approached this issue we started with social networking sites like MySpace and YouTube, but we were careful not to deny information to blogs and media. Our approach was not to interfere with the creative processes and ideas that can be generated through open source access to other creative processes and ideas. Our requirements for balancing security and access is on a much smaller scale than the DoD though, so we understand how the need for security can overpower the need for access at various levels of a high security enterprise like the DoD.
We are hearing the blacklist is basic and unsophisticated. If what we are hearing is true, the blacklist is specific to any URL with the word "blog" within. If that is in fact true, call us unimpressed with the 'skillz' of the blacklist admin in the USAF, who basically did nothing but declare war on blogspot and blog search engines.
We expect more from the agency with a major role in securing networks of the United States. What, did the Air Force's Websense maintenance contract expire or something?
No comments:
Post a Comment