15 February 1999. Thanks to D.
Source: http://www.washingtonpost.com/wp-srv/national/dotmil/arkin.htm

The Washington Post, February 15, 1999

The Pentagon and the Web: Round Two

By William M. Arkin
Special to washingtonpost.com

"I think that our government is hemorrhaging in a way that I have never seen in my lifetime," CIA director George Tenet told Congress February 2 in an unusually emotional appeal regarding the state of official secrecy.

Tenet mostly pointed fingers at people in the executive branch, who he said were probably responsible for 80 percent of what appears in the news media.

Lt. Gen. Patrick Hughes, director of the Defense Intelligence Agency, who was testifying alongside Tenet chose a different culprit. His focus was not the Washington sport of peddling secrets for influence (after all, DIA has always been notorious for successfully keeping its thousands of employees in a protected bubble).

Hughes instead point at the Web: "We seem now to have erred on the side of making so much information available that some of it has been damaging to our governmental collective effort."

I suspect the very dynamism and anarchy of the web is at the heart of the new found military discomfort. A network that was once the military's own not only has been fully appropriated. But it shifts and changes by the minute, moving at a speed that exceeds anything that the weapon's makers can produce.

For old timers like Hughes, it is easier to focus on what is truly new with the end of the Cold War rather than to address the breakdown of internal discipline that seems to have struck the military and spy agencies in the same time period.

The Hughes-Tenet war cry may suggest leak investigations and internal crackdown. We've all heard that before.

The more tangible and publicly damaging fallout comes in the ever expanding Internet opposition in the national security community. Official Internet haters latch on to such high level statements and find solace in the call for greater control over information, and in the general sense in Washington that the United States is threatened by cyber-terror.

One senior Pentagon official likens the current dispute between "public affairs" and security proponents over the benefits and dangers of the World Wide Web to be two opposing trains careening towards one another on the same track. So seemingly successful has been the anti-web assault of late that the Federation of American Scientists, a secrecy watchdog, opines that the "golden age of public access to government information" over the Internet is over."

Granted there is a profusion of closed websites and "access denied" messages that have sprung up in the .mil domain in recent months. But FAS hyperventilates as much as the chief intelligence officers do.

The Internet is its own bullet train. Despite the efforts of security goons and information warfare operators who would like to obliterate the web, the public .mil domain remains vibrant and is growing.

The chief of Internet security for the Pentagon is J. William Leonard. Bill Leonard chairs the Department "information vulnerability and the world wide web" task force. Its December 7 "guidance" regarding the content of 3,000 or so official military websites could if taken literally, shut down the .mil domain.

Some see Bill Leonard as the Internet anti-Christ, but in his corner of the security world (that is, where they've actually taken the time to understand the web and what it's all about), Leonard is far less alarmed than Hughes-Tenet.

"When we started the review, I took a look at some random [official] websites," he says. "What struck me first was what I didn't see, which was any sort of consistency. I liken the web to business correspondence. You don't put a business letter on a postcard." Official websites, Leonard says, should have the same formality.

The task force guidance charged military commanders and agency directors with responsibility for the content of their sites. Webmasters are being elbowed aside. It is a phenomenon that every sector of the web deals with at some point - the tyranny of the techies - when the question is raised: how do all the doo-dads and gimmicks enhance our mission?

Bill Leonard denies any overall anti-web campaign ("it's like repealing the law of gravity" he says) nor any attempt to create a new classification for electronic information (see earlier column hyperlink here?).

Data mining and electronic aggregation, he argues nevertheless, is a real threat, particularly when it comes to personal information. "When you put out a personnel roster electronically, you have incurred a new host of risks and vulnerabilities," he says.

Leonard readily admits that many proposed security controls are at conflict with some of the most promising applications of web technology. These include Defense Department favorites like electronic contracting and paperless operations. "When we embark on electronic commerce, there's tremendous advantages," Leonard says. But he points out: the Pentagon is contracting for military goods and services. "There is some information that shouldn't leave the country, even by statute."

In the short term, the Pentagon is making greater use of passworded and IP controlled sites. The long term dream is to establish a superpower intranet only accessible to the cleared.

Does Leonard think that any broad system of passwords or user certificates will be secure, given that the community that the .mil domain serves -- active duty soldiers and reservists, families, veterans, allies, contractors and subcontractors -- numbers in the millions? Probably not. His crash course on the web has taught him, moreover, that the technologies that we see today will certainly not be what we see tomorrow.

© Copyright 1999 The Washington Post Company