Friday, March 11, 2011

DoD Social Media Policy Remains Unaltered

The Defense Department has just reauthorized, for another year, the social media guidelines. [Directive-Type Memorandum (DTM) 09-026]. Accordingly, the NIPRNET will continue to be configured for easy access to insecure Internet-based offerings for several millions of computing devices.

This will include access to social media such as YouTube, Facebook, MySpace, Twitter and Google Apps. The DTM states that DoD commanders and Agency heads will continue defending their computers against all malicious activity.

Without prescribing how malware defenses will be applied there is a question how effective is a generic DTM, which allows the widespread use of social media, but without specific guidelines how to defend the networks.

The widespread use of social media cannot be stopped or curtailed any more. In remote locations and on long rotations, the network time spent on social media can exceed the traffic for conducting DoD business operations. For troop morale the free access to social media is a necessity.

Without a defined policy how to assure security, social media will continue to make the DoD networks insecure. To demonstrate this vulnerability we will use the most pervasive social media, Facebook, to illustrate what are the dangers to NIPRNET.

According to data from security company BitDefender, there's harmful content behind about 20 percent of posts on Facebook news feeds.  BitDefender said about 60 percent of attacks on Facebook stem from threatening third-party apps. *  Most of the infectious software originates from thousands of independent developers who often sell such software for a fee. By clicking on infected links users risk having all sorts of viruses downloaded to their computers. **

People who are tweeting can install from their friends' Facebook accounts a variety of bots. These bots have access to all of the data of anyone connected to a hacked account.  Facebook accounts can then be linked with more people in a social circle - opening up new opportunities for identity fraudsters to launch further attacks.  ***
  
In late October, a particularly malicious piece of malware called Koobface resurfaced on Facebook. Like the original strain of the Koobface virus is spread via Facebook messages. The messages usually have clickable topic lines like "Is this you in the video?" or something similar.  When a user clicks on such message, they are brought to a third party site where a link is waiting.  Open the link and their computer will turn into a zombie that can be commanded to execute more damaging procedures.

SUMMARY
With hundreds of data centers and thousands of servers the attacks transmitted through social media cannot be stopped any more. What is required now is a policy that dictates the technical means for isolating such attacks.

Social media transactions should be completely isolated and segregated.  User displays should be partitioned to communicate all public Internet traffic exclusively with dedicated severs. In this way infected communications will be shuttled into partitions from where a further propagation of malware will not affect the conduct of DoD operations. However, such solutions will require a major overhaul how networks are organized.

The use of social media by DoD personnel cannot be stopped. What is needed is an architecture that will allow the separation of the insecure from the secure environment for an assured safeguarding security.


* http://www.pcmag.com/article2/0,2817,2373281,00.asp
** http://www.bbc.co.uk/news/technology-11827856 
*** http://blogs.computerworld.com/17418/security_warnings_whether_or_not_you_plan_to_drink_and_drive_a_keyboard_this_weekend

 

5 comments:

  1. Of course, these issues are not isolated to social media/Facebook. The threats are pervasive across the web, not just on social whatever sites. Also, please do not help propogate the idea that social whatever sites are "free." They are not. People who use them are "selling" their time, attention, and personal information in exchange for the service. The are providing the product that Facebook and other social whatever services are selling to advertisers/marketers and other data aggregators.

    ReplyDelete
  2. Ya I don't see the big deal. I don't see how facebook makes somebody more likely to download a virus to their computer and install it than email or some other random 3rd party site that isn't blocked by the network. You could have made the same argument to ban email decades ago or even now and if we did so how much farther behind would we be because of it? It's about time we start to modernize our processes.

    I mean the user still needs to choose to install a virus for social media sites to be an issue. If the proper blacklists were in place for installing software this would not be a non-issue. We need to get with the times and encourage web based applications and get rid of installed applications which is where the majority of security risk is for client machines. Take away the clients ability to install unknown software without permission from an admin. Problem solved.

    The only real reason to ban sites like facebook, youtube etc is the bandwidth costs and perhaps employee productivity costs. However once again another area where the govt needs to modernize its processes. If all your employee does is surf facebook and facebook is turned off do you really think said employee starts actively doing work? No, they go to some other random 3rd party site to kill time. The only way to solve this issue is to give people in the govt the ability to manage their employees including discipline if needed. With the budget the govt had the fact that they have bandwidth issues is outrageous.

    ReplyDelete
  3. To Anonymous:
    Indeed, social media such as Facebook are selling the access to advertisers and marketers. However, The issue in this blog was not whether social media were free, but whether the current DoD media policies are sufficient to safeguard informaiton security.

    ReplyDelete
  4. Mr. Strassmann, great blog post. I agree with your observations. Social media in DoD is here to stay and will evolve. DoD needs to create a virtual environment that can allow a DoD user to citrix into and be destroyed after use.

    Brent Thompson
    Pickerington, Ohio

    ReplyDelete
  5. wow nice blog and i like this article YouTube is the video-sharing site that almost everyone has seen. The videos are shared online, the key words are added so that people can search for these terms or the Socialkik title.

    ReplyDelete

For comments please e-mail paul@strassmann.com