Risk
8/6/2009
05:04 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Marine Corps Bans Social Media On Military Network

Wrestling with the changing nature of online communication and the need for operational security, the Marine Corps wants to formalize procedures for access to social sites on its network.

The U.S. Marine Corps on Monday issued a directive banning access to Internet social networking sites on the Marine Corps Enterprise Network because such sites represent a security risk.

Marine administrative message 458/09 says that social networking sites like Facebook, MySpace, and Twitter "are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries."

Social networking sites create vulnerabilities that can be exploited and may expose unnecessary information to adversaries, putting military personnel at increased risk of compromise, the directive says.

The ban does not cover access to social networking sites though non-military networks. And to correct any misapprehension about that point, the Marine Corps Office of Public Affairs subsequently issued a clarification.

Marine administrative message 458/09, titled "Immediate Ban Of Internet Social Networking Sites (SNS) On Marine Corps Enterprise Network (MCEN) NIPRNET," "does not limit Marines' access to social networking sites," the Marine Corps statement insists. "Even before this message, sites such as YouTube, Facebook, MySpace and Twitter could not be accessed by Marines using the Marine Corps Enterprise Network in accordance with Marine Corps and Department of the Navy policies."

The Marine Corps says that many military organizations currently make use of social media through alternative Internet service providers. The point of the directive is to establish a formal waiver process for those who require access to social networking sites through the MCEN.

The Marine Corps statement goes on to encourage military personnel to tell their stories using social media, but to do so using personal accounts and their own ISPs while keeping operational security requirements and standards of behavior in mind at all times.

The Marine Corps has an official presence on a variety of social media sites, including Facebook, Flickr, Twitter, and YouTube.

There's a big buzz surrounding Government 2.0 -- the revolution that's bringing the principles and value of the Web as a platform to the business of governing. Attend Gov 2.0 Expo Showcase and hear innovators show how this is really happening. At the Washington Convention Center, Sept. 8. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.