AK-47, SCUD, RADAR, QoS… Huh?
Sometimes the sheer... I'd rather not use stupidity here so... ignorance of some groups astounds me. I'm not an American citizen but I can only imagine the loss of morale among both men and women overseas and their families in the US. For those of you that aren't sure what I'm talking about, I came across a post today over on Bits from Bill, which referenced a memo to the troops. Moments after reading the post, and making a mental note to blog about it later, I came across mention of it on the Register.
At first when I read this I outraged for those service men and women who must deal with this... They are cut off from communicating with their loved ones... but then I rethought it... Although I still feel it wasn't the proper way for the US military to deal with the problem... I don't think it should be that disheartening to those people overseas and their families... Yes that contradicts what I initially said... because I'm sure they are experiencing a decrease in morale, but I don't think they should be.
Let's look at the sites affected:
- youtube.com
- 1.fm
- pandora.com
- photobucket.com
- myspace.com
- live365.com
- hi5.com
- metacafe.com
- mtv.com
- ifilm.com
- blackplanet.com
- stupidvideos.com
- filecabi.com
I'm actually ashamed to say that even though I spend a great deal of time around my computer, some of those sites are foreign to me. So why isn't the blocking of these sites a big deal? There are no communication forms blocked there... Sure people may use MySpace to communicate with friends and family and they may post pictures to photobucket or even home videos to YouTube (or so they may claim). Who cares (and maybe this is my ignorance because I don't know what's in place)? I don't see Hotmail, GMail, Yahoo Mail or any other email sites that have large mail boxes and allow for attachments. They can easily be used for communication still. I see media sites being blocked and social networking sites being blocked... I think this is legitimate.
So where does my problem lie? With the US Military saying they are filtering because of bandwidth problems... The US Military spends plenty of money... I'm sure they've got decent tech support and network admins. Any network admin that's any good would tell you the solution isn't filtering the sites but implementing proper QoS. As other blogs have pointed out, the soldiers will find ways around the filters (proxies or alternate sites). If it really is an issue of bandwidth interfering with legitimate operations... then QoS should have been implemented. Perhaps this acronym is not familiar with the network techs in the US Military... if so, I'd say the US has bigger problems than what's going on overseas right now... If their techs are unfamiliar with QoS then I'm wiling to bet they have gaping holes all over their network.
Now if the filtering of these sites is due to security risks... The set of sites filtered should be much larger, however it should still be done in tandem with QoS.
My last comments take me back to the SC Magazine blogs... they also posted an article on this issue. They pointed out that the memo also stated that these sites caused a "significant operational security challenge". The problem I have with that is that they filtered a small subset of these sites, not all of them. The author of the SC Magazine article also points out that if soldiers are clogging up the network that the Army didn't make a bad decision. I would think that SC Magazine would have technical people working for them... so once again I'll scream, "QoS".
The SC Magazine article finished with the following paragraph, which left me speechless:
But when you’re faced with the already daunting task of training tens of thousands of young men and women to guard against insurgent attacks and roadside bombs, somehow I don’t think also educating them on safe computing is an efficient undertaking.
Educating people in the US Army that are using US Army computers don't need to be educated in safe computing? This takes the cake. The author of this article has no clue when it comes to IT Security... I can't believe he'd suggest something like this... it's an insult to everyone who labels themselves IT Security Professionals... The first thing that should be happening in the US Army before an individual is allowed to access a computer is that they should under go safe computing training... I'm shocked and speechless than anyone would say this.
I think it was pretty lame to block those sites. Really, the only valid reason that sticks out would simply be bandwidth, but you’re right, QoS should be an option. (I paused here to make sure you can QoS not just on http but actual sites and you can!) I know when the NCAA Final Four tournament starts up every year, rather than traffic shape our network for 2 weeks, we just block the major streaming sites. Perhaps the military is just acting too fast.
But yes, security controls are really not a valid reason. For every myspace or 1.fm or photobucket site out there, there are 50 more alternatives. Security of endsystems from nastiness is also not a great reason as any corporation of any size can tell you.
And let’s face it. If any of us have talked to servicemen and women while deployed, especially in a desert area, they really do have a lot of time on their hands and boredom is a factor. They will find ways to get around the blocks or use alternative services.
An unspoken reason may be trying to save the military from embarassing gaffes such as posting inappropriate or embarassing content in the form of photos and videos.
Oh, and I also don’t know many of those sites listed, but I’m fairly confident in saying I bet there’s only junk on them that I’m not really missing out on!
I’m the author of the SC Magazine blog post on this matter, which can be found at scmagazineblogs.com.
I wanted to clarify what I meant.
I understand the extreme value of security awareness training – check our June issue for a very comprehensive story on that very topic – and I believe all Army personnel who work with computers as part of their duty requirement in Iraq should receive ample security training.
I’m talking about the thousands of other troops who aren’t reguarly working with computers and only use them for their personal use, like visiting a site such as MySpace.
Sure, they should receive the security basics when they enter the Army, but some things are just easier to cut off entirely – like blocking MySpace – than to try to teach.
The Army is, I’m sure, so overwhelmed with keeping soldiers alive that I don’t believe it should be a top priority to train soldiers not to click on potentially malicious links, etc. Again, I’m talking about those soldiers who use the web merely to email and surf sites.
And I claim to be no expert when it comes to ways to improve bandwidth. You mention implementing QoS. I know the Army is encouraging soldiers to use cybercafes and other PCs not connected to the DoD network. I’m sure there’s a lot of alternatives out there – I’m not claiming to be the one with the answers.
@LonerVamp
Security is a valid reason to block sites, however the list would have to be much more extensive in order to be viable to block security concerns..
@Dan
Thanks for taking the time to comment.
I have to disagree with what you’re saying though… Any troops that have access to Army computers… regardless if it’s recreation or work related… should have proper training in usage and security. The only exception would be if this was a bank of computers setup as a make-shift cyber cafe for soldiers overseas… those would be public and available with out training, however proper security should be in place…
From the sounds of the memo… the PCs in question are “work PCs” and if that’s the case then any soldier who is touching them should have training, whether or not they are working with them regularly… The same is true if PC s are made available for personal use and are not securely segmented from the rest of the network.
I’m sure the Army is overwhelmed keeping soldiers alive, however with modern war, cyber warfare is more and more common and because of this basic computer “common sense” should be included in every soldiers training.