Time Flies When You're Messaging

September 15, 2009

There is a quote used by countless writing teachers worldwide, and credited to almost as many writers, which reads, “I would have written a shorter letter, but didn't have time.” It’s time to bring that quote up to date given the way we fire off messages in a split second via email, instant messages (IMs) and “Tweets” (Twitter message). Today’s version should read, “I’m sorry that message was so dumb; I didn’t have time to make it smarter.”

As the military is moving towards the use of Web 2.0 communication tools, it is grappling with the many security issues that accompany instantaneous messages in open online forums.  The benefits of such messaging are significant. It allows commands and commanders to communicate with real-time immediacy to their key audiences. Technical security aside, within the heart of the benefits is one of its greatest weaknesses from an operational security standpoint. That weakness is the lack of time taken to consider what is being communicated.

The use of internet instant messaging tools such as Twitter has reached worldwide prominence.  What started as a fun way for kids to communicate expanded into celebrities sharing their lives with their fans around the world. We watched Congress Twitter away during the President’s State of the Union address.  Recently, it achieved legendary status as the way Iranian dissidents communicated what was happening in an environment where traditional journalistic reporting was not possible.  It also created that “you are there” feeling that coveys the drama of what was happening. 

But as we start to use this tool in a military setting, there is a significant risk of accidentally revealing something that is best left unsaid.  Web 2.0 messages are in an open forum, and you can bet the bad guys are tracking them. Yet, regardless of the rules, regulations and best business practices that govern the use of social media, how many people will use the one security resource that they are intended to save: time?

Deployments, operational details, personally identifying information can be gone in a digital instant, because the message is conceived and sent so quickly that there is little time to ensure that the information truly is safe for instant worldwide exposure. But, instant messaging is here to stay. The military is embracing these messaging tools to stay current and to maximize the benefits of reaching people with real time information. The benefits are significant as are the risks. However, the security issue can be handled by combining the procedures of firearm safety and the techniques of time management.

Sending an instant message of any kind is the same as being on a rifle range. One simply has to follow the same kind of orders. Ready on the left? Is this message violating any security? Ready on the right?  Is anything in this message putting me, my family, my fellow soldiers or co-workers at risk? Ready on the firing line? One last check – is there any reason that after I hit “send,” this message will come back to haunt me? No? Commence messaging.

Take the time, that instant of time, it takes to confirm information assurance in your emails, IMs and tweets.  The message is short already – so just make sure it’s smart.

The On Cyber Patrol© cartoon and supporting articles are created and made available by the U.S. Army’s Office of Information Assurance and Compliance, NETCOM, CIO/G6. For more information on the OCP program or to submit ideas for upcoming cartoons/articles, contact oncyberpatrol@hqda.army.mil.

Share Your Thoughts:

I couldnt agree more with this article. As an IA Security Officer, I have seen so many people putting violating DoD policy and, as a result, putting the troops at risk by violating OPSEC procedures.

We get floods of complaints from personnel claiming they need access to the Social Network sites, but we have our hands full as is.

Sharepoint allows documents collaboration and blogging. We have IM capability on the network as well and also voice conferencing.

Access to the Social Engineering sites puts us at a severe risk of "information bleed". Most of the rules we have in place are to protect people from themselves.