Twitter Is Mission Critical

September 15, 2009
by Maj. Daniel Ward, USAF, Maj. Gabe Mounce, USAF, and Carol Scheina

The explosion of online social media is profoundly changing how people produce, consume and share information. Social media rapidly turns monologues into dialogues and broadcasts into conversations. The result is a rich environment in which ideas are shared, questions are answered and collaborative relationships flourish.

But here is the problem: The U.S. Defense Department currently denies access to social media sites from many unclassified department networks. This misguided decision isolates the defense work force from one of the biggest engines of social, economic and technological change in the world today. This policy must change.

This is a critical issue, particularly for military technologists who envision, develop, produce and evaluate new technologies. Blocking access to social media restricts the warfighters’ ability to collaborate and innovate. It limits their ability to take their mission—defense of this nation—to new and better levels.

Social media allows people to share their insights, experiences and questions with a diverse community, regardless of distance in time or space, and regardless of organizational boundaries. Social media communities are self-selected and interest-driven. They are not limited to those who wear the same uniform, work on the same projects or have the same background and training. Social media extends beyond the military-industrial complex.

Three primary excuses are given for blocking social media: to maintain information assurance and security, to regulate bandwidth and to govern employee time. None are good reasons for blocking social media, particularly at stateside bases.

The network security argument is weak, largely because the blocked sites do not represent a unique threat. LinkedIn, which typically is not blocked, presents just as much of a threat as Facebook. The two networking Web sites have similar capabilities. More to the point, blocking social media in an attempt to prevent exploitation of network vulnerabilities is a self-induced denial-of-service attack. Network security, by definition, involves ensuring the network can operate without being penetrated by hostile parties. Preventing intrusion by blocking legitimate users misses the point, and a system that is more secure than it is useful is useless.

The bandwidth argument makes sense for some video-sharing sites such as YouTube, but Twitter is hardly a bandwidth hog. And really, is bandwidth such a rare and precious commodity? If so, the department should consider mandating smaller PowerPoint files.

The worst reason to block social media sites is the “We don’t want people to waste time” excuse. People wasting time during the day is a leadership issue, and it requires a leadership solution. Blocking “extracurricular” Web sites is not leadership. Good leaders are in touch with their people, and they should know if someone is not completing the mission.

There are information assurance risks associated with permitting defense networks to access social media, and many sites use large amounts of bandwidth; however, the department risks locking itself into legacy processes right at the start of the social media revolution. Indeed, the risks inherent in using social media sites are more tolerable than the mission impact of not using them.

The Defense Department can help ensure network security and prevent social engineering attacks by implementing wise policies, written by people who understand the value of social media. It can offer brief, clear usage principles, and then it can trust the work force to do the right thing. Make no mistake—a zero-usage policy is not wise and does not support the mission. The department must find ways to work with social media. It cannot afford to just block it.

Over the past 30 years, the Defense Department has embraced new technologies such as computers, the Internet, cell phones, BlackBerrys, videoconferencing and more. The department’s processes have changed with each new invention—despite the risks in embracing such technology. No one suggests the department should not have brought computers into the work force because computers increase the risk of massive data compromisealthough they do. That would have been a silly policy. The decision to disallow the use of social media because it is too risky is just as silly. Yes there are risks, but the risk of not using these tools is even greater.

It is time for the Defense Department to embrace the next evolution of technology: social media. The time has come for the department to acknowledge the change that is transforming the world. Social media is sparking a revolution among those industries and enterprises with the vision and courage to embrace it. That is not hyperbole—it is an understatement.

It is time for the department to recognize that social media enables workers to find, connect to and collaborate with relevantly skilled experts from around the world. It increases their situational awareness of a wildly dynamic technology environment, and exposes them to ideas, people and communities that can play a huge role in supporting their job and their mission.

It cannot be ignored and should not be blocked.

Maj. Daniel Ward, USAF, is the chief of process improvement and reengineering in the Acquisition Chief Process Office, Office of the Deputy Assistant Secretary of the Air Force for Acquisition Integration.

Maj. Gabe Mounce, USAF, holds an advanced degree in electrical engineering from the Air Force Institute of Technology.

Carol Scheina is the managing editor for Defense AT&L Magazine at the Defense Acquisition University.

Read the expanded version of this article in the October 2009 issue of SIGNAL Magazine, in the mail to AFCEA members and subscribers October 1, 2009. For information about purchasing this issue, joining AFCEA or subscribing to SIGNAL, contact AFCEA Member Services.

Share Your Thoughts:

Great article. The one thing I would point out, which some may see as semantics, but is a very important point.

Social Media is not changing anything - people are. Social Media is only enabling the change. One the biggest mistakes that many make is to think, "if you build it they will come" - but it takes more than that. It takes real leadership to implement an effective change life implementing an effective Social Media Strategy.

Excellent article and discussion of the issues by the author. I agree that the issue is a leadership issue, but it goes beyond that. As most instances like this in DoD, the majority of the time leadership views them as IT or security issues, this is not. More importantly, it is an issue of changing culture (which is also a leadership challenge). As long as tools such as social media are considered threats to both time and security, DoD will never get to their vision of information dominance (remember Network Centric Warfare?) and our young officers and enlisted will never achieve their full potential as contributors to the warfighting domain.

To quote IDC (Interactive Data Corp) in their 9/14/2009 article, they say that "Now that consumer social networks have hit the mainstream, people are demanding similar applications in the workplace that provide easy-to-use and many-to-many personalized online experiences for creating, publishing, locating, and sharing content internally and externally with colleagues, customers, and partners. If these applications are not provided by an organization, IDC observes that employees are bringing them in through their own initiatives. One of the best ways to secure social networking activities is for the organization to provide social software for employees to use. This emerging business need has created a suddenly crowded market of online community software providers aiming to make the business world a more social place." Business is getting the message. Now it is time for DoD to do the same and our warfighting force will demand it.

For the American readers--I am from the Indian Army (Retd)and was trained in ADP/EDP (as IT was called in 1971) with the US Mlitary at Fort Benjamin Harrison, Ind.
It is true that the military the world over are slow to adopt new technologies like Twitter and are very security conscience. But the American Scientists and Military are also fountain head for developing numerous new technologies, systems, tools etc.

Twitter was used very successfully during the last political upheaval in Iran in May-Jun 2009 for disseminating information speedily by the agitators/media when other means were blocked.

KINDLY ADVISE SOME USES OF TWITTER TYPE NETWORKING FOR THE BATTLE ZONE. Best wishes to all.

Many social technology innovations have appeared throughout history, that does not mean the military embraced, or used them. Isn't this an ultimate example of "mission creep"? Where is it in Title 10 charter or authority to embrace, envelop, and use such media? Remember as soon as the military formally embraces, uses, plans contingencies, etc., it then envelopes these new social technologies in the realm of the military "battlespace" which enemies will recognize and likewise reciprocate & engage.
This does not mean we must ignore these new social technologies. We must recognize their importance in society and perhaps the battlefield. But openly acknowledging that this become part of military SOP, or acknowledge dependency, sets us up for ensuing vulnerability and an expanded battlespace.

The three amigos who's feelings are probably hurt because they can't access these sites while at work do not understand the full impact of the DOD Unclassified network. When you weigh the Pro's and Con's; Sorry access to Social Websites on the Warrior Networks is bad juju.
Obviously they forget that although most of the Battle Command Systems reside on the high side. there are such systems as Eagle Cash (Finance), MC4 (Medical) and the plethora of STAMMIS (Logistics) that utilize the NIPR as the functional network for day to day operations.
Protecting these systems far out weigh the need for Joe Warrior to Tweet or catch someones mug on facebook.
What needs to happen is if DOD is hell bent on providing such access; they need to flip the bill for a commercial ISP and keep the rest of the systems as secure as possible because they are not forcing the PM's to manage and secure these specialty systems.
That is my assessment from my over 6 years of IA in the Iraq Theater of Operations.

As a Guardsman, this issue is more pronounced. I've had vendors respond to technical questions on Twitter within an hour before, and am sometimes frustrated by the limited and isolated resources available on drill weekends. Many of the active duty airmen don't know where to find information. Those that do typically resort to using personal Blackberries/iPhones or laptops on the "secret" open internet connection in many shops when they find a resource blocked. There are ways around the Great Firewall, and from an OPSEC standpoint I think it would be better to allow access and MONITOR activity than have all that activity in the wild with no visibility into it.

Secure social computing is feasible if one adopts thin clients and virtualized servers to manage networks. This approach is not only superior to the current client/server approach but also significantly cheaper. This is how it works:

A sailor walks up to a thin client screen and logs in using his access card. The screen presents a personalized menu of available virtual servers to connect to. This includes restricted or classified virtual servers (such as NIPRNET and SIPRNET)
as well as one unclassified virtual server for personal use. The menu also includes the option of just opening any of these screens using a web browser.
The sailor can choose more than one of the available options, keeping them open
in multiple windows, and switch among them. The servers prohibit cutting and
pasting from a more secure window to a less secure one. The sailor can also connect the memory card from his digital camera to the thin client USB port, but the port is only active when his personal unclassified virtual screen is in the foreground. He can use this to upload personal photos to Facebook. All internet or GIG visits, whether secure or insecure, pass through a security gateway which inspects and logs them in permanent storage for forensic examination
by security (intelligence) personnel, as needed. Every transaction is
monitored from a Network Control Center (NOC). The sailor can switch to a secure desktop any time. The USB port is
then disabled, and all applications in the desktop behave appropriately for their security clearance, which
includes permissions on the CAC card, biometrics and incorporates PKI.

Dr. Paul A. Strassmann is Distinguished Professor of Computer Science at the George Mason University and former Director of Defense Information, OSD as well as former CIO, NASA. Further technical details are available.

Adm Zelibor - Great comment! I think you nailed it when you wrote "As long as tools such as social media are considered threats to both time and security, DoD will never get to their vision of information dominance... and our young officers and enlisted will never achieve their full potential as contributors to the warfighting domain."

That's it exactly. Social media should not be viewed as a security risk to be avoided, but as a mission enabler and force multiplier. There's so much potential goodness that could come of using these tools in our research, acquisitions and operations. The idea that SM is too dangerous to use is simply not true.

JJ - You are absolutely correct. The changes are a result of people, not any particular tool. SM is the enabler, not the driver. We appreciate the semantic correction, and I agree completely that word choice matters.

Thanks to all for joining in the conversation!

Dr. S - Wow, thanks for laying out a map to doing this SM thing securely & safely. Always glad to hear from people who really GET this stuff!

The information assurance aspect of social media isn't something to treat lightly, and I hope the IA Warrior who commented isn't thinking that we're not aware of the seriousness of the issue. I know how often DoD systems are bombarded by attacks every day, and I greatly respect the people who defend our systems. Their jobs are absolutely essential to the defense of our nation. However, despite the risk it poses to hackers, DoD hasn't stopped networking its systems. It would be a lot safer if computers were standalone functions, and if secure data was never allowed to move off a computer. And just think if e-mail was eliminatedthat would be the death of viruses and Trojan horses. But technology and capabilities changed with networks. The culture of work changed. Social media is the next cultural change, and security practices in defending DoD's systems will need to change just as they changed to respond to network threats. To not adapt to change puts DoD at risk of being stuck in a culture of the past while our enemies become the dominant force of the cyberworld.

Pages