Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps     EBooks
   AFCEA logo
 

Twitter Is Mission Critical

September 15, 2009
by Maj. Daniel Ward, USAF, Maj. Gabe Mounce, USAF, and Carol Scheina

The explosion of online social media is profoundly changing how people produce, consume and share information. Social media rapidly turns monologues into dialogues and broadcasts into conversations. The result is a rich environment in which ideas are shared, questions are answered and collaborative relationships flourish.

But here is the problem: The U.S. Defense Department currently denies access to social media sites from many unclassified department networks. This misguided decision isolates the defense work force from one of the biggest engines of social, economic and technological change in the world today. This policy must change.

This is a critical issue, particularly for military technologists who envision, develop, produce and evaluate new technologies. Blocking access to social media restricts the warfighters’ ability to collaborate and innovate. It limits their ability to take their mission—defense of this nation—to new and better levels.

Social media allows people to share their insights, experiences and questions with a diverse community, regardless of distance in time or space, and regardless of organizational boundaries. Social media communities are self-selected and interest-driven. They are not limited to those who wear the same uniform, work on the same projects or have the same background and training. Social media extends beyond the military-industrial complex.

Three primary excuses are given for blocking social media: to maintain information assurance and security, to regulate bandwidth and to govern employee time. None are good reasons for blocking social media, particularly at stateside bases.

The network security argument is weak, largely because the blocked sites do not represent a unique threat. LinkedIn, which typically is not blocked, presents just as much of a threat as Facebook. The two networking Web sites have similar capabilities. More to the point, blocking social media in an attempt to prevent exploitation of network vulnerabilities is a self-induced denial-of-service attack. Network security, by definition, involves ensuring the network can operate without being penetrated by hostile parties. Preventing intrusion by blocking legitimate users misses the point, and a system that is more secure than it is useful is useless.

The bandwidth argument makes sense for some video-sharing sites such as YouTube, but Twitter is hardly a bandwidth hog. And really, is bandwidth such a rare and precious commodity? If so, the department should consider mandating smaller PowerPoint files.

The worst reason to block social media sites is the “We don’t want people to waste time” excuse. People wasting time during the day is a leadership issue, and it requires a leadership solution. Blocking “extracurricular” Web sites is not leadership. Good leaders are in touch with their people, and they should know if someone is not completing the mission.

There are information assurance risks associated with permitting defense networks to access social media, and many sites use large amounts of bandwidth; however, the department risks locking itself into legacy processes right at the start of the social media revolution. Indeed, the risks inherent in using social media sites are more tolerable than the mission impact of not using them.

The Defense Department can help ensure network security and prevent social engineering attacks by implementing wise policies, written by people who understand the value of social media. It can offer brief, clear usage principles, and then it can trust the work force to do the right thing. Make no mistake—a zero-usage policy is not wise and does not support the mission. The department must find ways to work with social media. It cannot afford to just block it.

Over the past 30 years, the Defense Department has embraced new technologies such as computers, the Internet, cell phones, BlackBerrys, videoconferencing and more. The department’s processes have changed with each new invention—despite the risks in embracing such technology. No one suggests the department should not have brought computers into the work force because computers increase the risk of massive data compromisealthough they do. That would have been a silly policy. The decision to disallow the use of social media because it is too risky is just as silly. Yes there are risks, but the risk of not using these tools is even greater.

It is time for the Defense Department to embrace the next evolution of technology: social media. The time has come for the department to acknowledge the change that is transforming the world. Social media is sparking a revolution among those industries and enterprises with the vision and courage to embrace it. That is not hyperbole—it is an understatement.

It is time for the department to recognize that social media enables workers to find, connect to and collaborate with relevantly skilled experts from around the world. It increases their situational awareness of a wildly dynamic technology environment, and exposes them to ideas, people and communities that can play a huge role in supporting their job and their mission.

It cannot be ignored and should not be blocked.

Maj. Daniel Ward, USAF, is the chief of process improvement and reengineering in the Acquisition Chief Process Office, Office of the Deputy Assistant Secretary of the Air Force for Acquisition Integration.

Maj. Gabe Mounce, USAF, holds an advanced degree in electrical engineering from the Air Force Institute of Technology.

Carol Scheina is the managing editor for Defense AT&L Magazine at the Defense Acquisition University.

Read the expanded version of this article in the October 2009 issue of SIGNAL Magazine, in the mail to AFCEA members and subscribers October 1, 2009. For information about purchasing this issue, joining AFCEA or subscribing to SIGNAL, contact AFCEA Member Services.

Comments

Great article. The one thing I would point out, which some may see as semantics, but is a very important point.

Social Media is not changing anything - people are. Social Media is only enabling the change. One the biggest mistakes that many make is to think, "if you build it they will come" - but it takes more than that. It takes real leadership to implement an effective change life implementing an effective Social Media Strategy.

By JJ Reich

Excellent article and discussion of the issues by the author. I agree that the issue is a leadership issue, but it goes beyond that. As most instances like this in DoD, the majority of the time leadership views them as IT or security issues, this is not. More importantly, it is an issue of changing culture (which is also a leadership challenge). As long as tools such as social media are considered threats to both time and security, DoD will never get to their vision of information dominance (remember Network Centric Warfare?) and our young officers and enlisted will never achieve their full potential as contributors to the warfighting domain.

To quote IDC (Interactive Data Corp) in their 9/14/2009 article, they say that "Now that consumer social networks have hit the mainstream, people are demanding similar applications in the workplace that provide easy-to-use and many-to-many personalized online experiences for creating, publishing, locating, and sharing content internally and externally with colleagues, customers, and partners. If these applications are not provided by an organization, IDC observes that employees are bringing them in through their own initiatives. One of the best ways to secure social networking activities is for the organization to provide social software for employees to use. This emerging business need has created a suddenly crowded market of online community software providers aiming to make the business world a more social place." Business is getting the message. Now it is time for DoD to do the same and our warfighting force will demand it.

By Tom Zelibor, RA...

For the American readers--I am from the Indian Army (Retd)and was trained in ADP/EDP (as IT was called in 1971) with the US Mlitary at Fort Benjamin Harrison, Ind.
It is true that the military the world over are slow to adopt new technologies like Twitter and are very security conscience. But the American Scientists and Military are also fountain head for developing numerous new technologies, systems, tools etc.

Twitter was used very successfully during the last political upheaval in Iran in May-Jun 2009 for disseminating information speedily by the agitators/media when other means were blocked.

KINDLY ADVISE SOME USES OF TWITTER TYPE NETWORKING FOR THE BATTLE ZONE. Best wishes to all.

By HSingh, India

Many social technology innovations have appeared throughout history, that does not mean the military embraced, or used them. Isn't this an ultimate example of "mission creep"? Where is it in Title 10 charter or authority to embrace, envelop, and use such media? Remember as soon as the military formally embraces, uses, plans contingencies, etc., it then envelopes these new social technologies in the realm of the military "battlespace" which enemies will recognize and likewise reciprocate & engage.
This does not mean we must ignore these new social technologies. We must recognize their importance in society and perhaps the battlefield. But openly acknowledging that this become part of military SOP, or acknowledge dependency, sets us up for ensuing vulnerability and an expanded battlespace.

By WonderingWarrior

The three amigos who's feelings are probably hurt because they can't access these sites while at work do not understand the full impact of the DOD Unclassified network. When you weigh the Pro's and Con's; Sorry access to Social Websites on the Warrior Networks is bad juju.
Obviously they forget that although most of the Battle Command Systems reside on the high side. there are such systems as Eagle Cash (Finance), MC4 (Medical) and the plethora of STAMMIS (Logistics) that utilize the NIPR as the functional network for day to day operations.
Protecting these systems far out weigh the need for Joe Warrior to Tweet or catch someones mug on facebook.
What needs to happen is if DOD is hell bent on providing such access; they need to flip the bill for a commercial ISP and keep the rest of the systems as secure as possible because they are not forcing the PM's to manage and secure these specialty systems.
That is my assessment from my over 6 years of IA in the Iraq Theater of Operations.

By IA Warrior

As a Guardsman, this issue is more pronounced. I've had vendors respond to technical questions on Twitter within an hour before, and am sometimes frustrated by the limited and isolated resources available on drill weekends. Many of the active duty airmen don't know where to find information. Those that do typically resort to using personal Blackberries/iPhones or laptops on the "secret" open internet connection in many shops when they find a resource blocked. There are ways around the Great Firewall, and from an OPSEC standpoint I think it would be better to allow access and MONITOR activity than have all that activity in the wild with no visibility into it.

By WeekendWarrior

Secure social computing is feasible if one adopts thin clients and virtualized servers to manage networks. This approach is not only superior to the current client/server approach but also significantly cheaper. This is how it works:

A sailor walks up to a thin client screen and logs in using his access card. The screen presents a personalized menu of available virtual servers to connect to. This includes restricted or classified virtual servers (such as NIPRNET and SIPRNET)
as well as one unclassified virtual server for personal use. The menu also includes the option of just opening any of these screens using a web browser.
The sailor can choose more than one of the available options, keeping them open
in multiple windows, and switch among them. The servers prohibit cutting and
pasting from a more secure window to a less secure one. The sailor can also connect the memory card from his digital camera to the thin client USB port, but the port is only active when his personal unclassified virtual screen is in the foreground. He can use this to upload personal photos to Facebook. All internet or GIG visits, whether secure or insecure, pass through a security gateway which inspects and logs them in permanent storage for forensic examination
by security (intelligence) personnel, as needed. Every transaction is
monitored from a Network Control Center (NOC). The sailor can switch to a secure desktop any time. The USB port is
then disabled, and all applications in the desktop behave appropriately for their security clearance, which
includes permissions on the CAC card, biometrics and incorporates PKI.

Dr. Paul A. Strassmann is Distinguished Professor of Computer Science at the George Mason University and former Director of Defense Information, OSD as well as former CIO, NASA. Further technical details are available.

By Strassmann

Adm Zelibor - Great comment! I think you nailed it when you wrote "As long as tools such as social media are considered threats to both time and security, DoD will never get to their vision of information dominance... and our young officers and enlisted will never achieve their full potential as contributors to the warfighting domain."

That's it exactly. Social media should not be viewed as a security risk to be avoided, but as a mission enabler and force multiplier. There's so much potential goodness that could come of using these tools in our research, acquisitions and operations. The idea that SM is too dangerous to use is simply not true.

JJ - You are absolutely correct. The changes are a result of people, not any particular tool. SM is the enabler, not the driver. We appreciate the semantic correction, and I agree completely that word choice matters.

Thanks to all for joining in the conversation!

By Maj Ward

Dr. S - Wow, thanks for laying out a map to doing this SM thing securely & safely. Always glad to hear from people who really GET this stuff!

By Maj Ward

The information assurance aspect of social media isn't something to treat lightly, and I hope the IA Warrior who commented isn't thinking that we're not aware of the seriousness of the issue. I know how often DoD systems are bombarded by attacks every day, and I greatly respect the people who defend our systems. Their jobs are absolutely essential to the defense of our nation. However, despite the risk it poses to hackers, DoD hasn't stopped networking its systems. It would be a lot safer if computers were standalone functions, and if secure data was never allowed to move off a computer. And just think if e-mail was eliminatedthat would be the death of viruses and Trojan horses. But technology and capabilities changed with networks. The culture of work changed. Social media is the next cultural change, and security practices in defending DoD's systems will need to change just as they changed to respond to network threats. To not adapt to change puts DoD at risk of being stuck in a culture of the past while our enemies become the dominant force of the cyberworld.

By Carol

Thanks much for the great article. I think the early blocking of key sites was all about bandwidth, there are parts of the infrastructure that just can't keep up.

But I have seen evidence that many seniors influential in decisions do not have a full spectrum view of this important topic, and I think your article can help seniors think through this.

A key point I saw as a them in your entire piece is that the Internet itself is social media. If someone asserts that DoD should not use social media they should understand that the argument is as flawed as saying we should not be connected to the Internet. And could you imagine that! How would we connect with DoD suppliers? How would logistics flow? How would we coordinate on the many other business aspects required by big DoD? What informed responsible individual would suggest that DoD not use the Internet? Well, the same people that suggest we do other foolish things, I guess.

Anyway, I really appreciated your article and look forward to reading more from you.

I'll see you in the nets.

Bob Gourley

By BobGourley

Bob, thank you for your point about the internet, but I think one must distinguish between medium & capabilities critical to US commerce and security, and those that are primarily social tools (Internet fits the former, Tweeter - not sure). Before discussing how Tweeter could be used in military SOP, I believe we should first discuss: should it be used? What are the legal, international law, constitutional constraints? What are the pro and con arguments for enhancing National security, affect on other current military capabilities, how does it support military mission essential tasks, does it increase vulnerability, or cost/benefit analysis? Once we're convinced, then we can get into the practical or technical challenges.

By WanderingWarrior

To the WanderingWarrior. If you want to get into a legitimate discussion about Social Media and it's use in the military, you need to learn a little bit more than one side of the argument.

Using phrases such as "enhancing National security", "supporting military mission essential tasks" and "cost/benefit analysis" show that you understand one side of the argument, or at least the issues, but referring to Twitter as Tweeter shows you ignorance of the other side.

The only way to find real solutions is to understand both sides of an issue - see the benefits and costs (as you put it), before you provide your opinion.

Yes, there are costs / risks to implementing Social Media within DoD. But OPSEC and Wasted Time are concerns that are questionable at best. Mostly, because both both of those issues have been argued before with other forms of communication - and the real issues that underpins both of those arguments is failed leadership.

Social Media is a communication system . . . nothing more, nothing less. Just like the telegraph in the latter part of the 19th Century, the telephone, radio and television in the early to mid parts of the 20th Century, and email in the latter part of the 20th Century changed how we communicated with each other, so will Social Media and the Web 2.0 in the 21st Century.

Burying our heads in the sand will not make this or any other form of communication go away. The Jeannie is out of the Bottle!

It's time to engage and lead the discussion, not try to silence it and stop the progress.

To quote ADM Mullen in an interview with CSPAN,

"It (Social Media and Social Networking) meets needs for an adaptability and flexibility which we have to have in our forces, first of all. Secondly, our force, whose average age is twenty-ish, . . . this is how they live, what they have grown up on. And so for leaders, I'll take myself in particular, I think it's really important to be connected to that, and understand it . . . I think communicating that way and moving information that way, whether its administrative information or information in warfare is absolutely critical."

By JJ Reich

I am curious to hear what scenarios the authors envision Social Media sites and Twitter being a "force mulitplier". All I have seen are buzz words and vague allusions to "collaboration"

I know there is official DoD policy stating commercial email is NOT to be used for official business, how is this any different?

Can someone state specifics as to how this access is impeding any mission whatsoever?

DoD has Sharepoint, IM capability, and blog capability already. How is MySpace and Facebook access going to contribute to the mission except being yet another avenue where OPSEC is irrevocably compromised?

Try doing a google search and you will see where troop movement and force capability is posted out at wikipedia, Facebook, and Myspace already. Then read the latest virus news that shows how viruses were disseminated thru MySpace banners and false Facebook postings.

I cant see the justification for this in any capacity.

By Policy_Watch

It has been suggested on these pages that DoD should prohibit the use of social media such as Digg, FriendFinder, Facebook, Flixster, Flickr, Friendster, Habbo, LinkedIn, MyLife, MySpace, Orkut, Plaxo, Twitter, YouTube, UStream and Wikis. Instead,all collaboration should take place via applications such as Microsoft's Sharepoint.

1. Forcing the adoption of a uniform collaboration system will not meet the rising diversity of official and social needs of the DoD young workforce.

2. Systems such as Sharepoint depend on the Microsoft operating system which continues to be vulnerable on account of its size and its inherent complexity. The Microsoft OS will continue to be the target of choice for every cyber intruder.

3. It is too late now to try to stuff six+ million DoD users (including reserve forces, families, contractors) into a few selected and insecure desktop or laptop application. Desktop and laptops should be "thin" (without disk, without an operating system). All computing services should originate from encapsulated virtual servers.

4. At this stage one or several DoD selected collaboration system are neither executable nor enforceable.

Instead, DoD should adopt innovative (e.g. virtual and cloud based) solutions that allow the wrapping of social computing transactions into secure and isolated partitions. Encapsulation of any contamination can be achieved.

Meanwhile, cyber attacks from the persistently toxic Internet will keep rising. Such solutions are now technically available and cost less than current spending for information assurance (estimated as more than $3.2 billion) to defend what cannot be defended.

Dr. Paul A. Strassmann
former Director of Defense Information, OSD
professor, George Mason University

By Paul A. Strassmann

It has been suggested that the military not use one social media collaboration tool (e.g. Sharepoint), rather use varied, more dispersed, and thus less vulnerable tools (e.g. Facebook, Friendster, MySpace, etc.) because they are already in use, cheaper, and posses more robust capabilities. This may be true, but I believe there are more important factors to consider. Of course the military could use them, and they may make better sense. The big issue is SHOULD the military officially adopt them considering their charter and limits of authority. For example, the military could infiltrate a village of non-combatants, start using their supply system, markets, banks, churches, local gather halls, government buildings, etc. But this would have strict Constitutional, Federals statute, and international treaty limits. Once the military officially infiltrates those originally civilian functions, they defacto become "militarized". Then, any adversary has justification to engage these previously "non-combatant" mediums. Is the convenience gained by 5% military users, worth the risk they have now placed on the original 95% non-combatants by created these expanded battlespaces? You ask: well, don't these new battlespaces need defending also, just like air, land, sea. The answer to that question is whether this activity is contained in the Constitution, the military's Title 10 charter, and other international, commerce, and Federal agreements and laws.

By WanderingWarrior

When soldiers uses Facebook, Friendster, MySpace, etc. they do not occupy it in a legal sense and therefore are not bound by
Title 10 or any other constraints. Utilization of of social media is strictly on the basis of "as-is" use, with the customer bearing all of the privileges and risks.

The argument that DoD should not use social media because it could have legal consequences that would categorize soldier an occupying force have no merit.

Dr. Paul A. Strassmann, George Mason University

By Anonymous