Once again, the U.S. government addresses matters of web security too little, too late. The chances of Rumsfeld effectively removing "useful" information from the 'Net are slim and none. Google caches thousands of web pages, does Rumsfeld plan on purging Google's cache. Does he plan on trying to extend his reach to countries' web sites carrying copies of information he deems "inappropriate"? I don't think so.

Does this mean I believe that DoD should not enforce its OPSEC and classification policy? Not at all, however I have a healthy dose of cynicism after working as a DoD security contractor for the last 3 years. It has never been my experience to see DoD willing punish one of their own for an online security violation. I personally have seen DoD personnel willingful send FOUO information across the NIPRNet, despite warnings. I have seen DoD personnel unclassify documents containing SIPRNet IP address and password lists to live systems. This behavior will continue to occur despite anyone's efforts.

More importantly, all this and more information is lying out there to be used. Rumsfeld plans on closing the door after the cows have fled the barn.

R

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/2062/17849#17849