Cybersecurity czars spend billions of dollars building virtual walls to protect the Pentagon’s vast computer networks from relentless attacks by hackers, worms and viruses.
But they are now confronting what could be their most difficult challenge yet — the Web 2.0 revolution.
All the wonderful new ways in which the Internet has taken over the world — social networking, wikis, collaboration, user communities, smartphones — are proving to be huge headaches for the Defense Department. All this emphasis on information sharing, participation and empowerment of users is anathema to the Pentagon’s restrictive “we only do business inside our walls” philosophy. Outside the walls, things are way too scary.
It turns out that the worst offenders of the Pentagon’s cybersecurity code are not the Chinese or the Iranians, but its own young employees — both civilians and military troops in their teens and 20s — commonly known as the “millennials.”
Their bosses can’t fathom why millennials have to stay plugged into their social networks 24/7 at work and why they are so compelled to “share” and “comment” about everything. Why is it so hard for them to stay inside the firewall?
Millennials, incidentally, are also the Pentagon’s target audience. They are being recruited to join the military and to replace an aging civilian workforce. To their surprise, millennials find that the world inside the firewalls is not Web 2.0-friendly. At the Pentagon, generals and colonels go to meetings with pens and notepads. The 20-something troops mostly live by Metcalfe’s Law, spreading information with viral infection.
The Millennial weltanschauung stirs apprehension in senior commanders because they feel they are being second-guessed. The military has been notorious for cracking down on blogging, and it once tried to shut down troops’ access to Facebook.
The fear of intruders overwhelmingly overrides the desire to enjoy the conveniences that Web 2.0 has to offer.
“I absolutely believe in lockdown,” says Roberta Stempfley, deputy CIO at the Defense Information Systems Agency.
The gatekeepers struggle with how to enable troops in the field to do their jobs without compromising security, she tells an industry conference. Although the Army calls itself a “net-centric” force, troops in war zones have limited access to the Internet or to mobile devices.
Defense officials say they want Web 2.0 technology, but how is that going to work out if employees are not allowed to email at Starbucks?
Mobile devices, especially smartphones, are cybercops’ worst nightmare. “What keeps security people up at night is not the Iranians or the Chinese, it’s these things,” says John Hale, information officer for the Director of National Intelligence, while pointing at his Blackberry. The government has learned how to protect data in the traditional desktop PC environment, but mobile computing is a whole different animal. Security worries or not, mobile devices are everywhere in the military and the intelligence agencies, he says. “If you don’t have info at your fingertips it’s useless.”
The Pentagon ideally would like to “bring inside” the virtual communities and other Web 2.0 applications that are now available outside the walls, but that may cost more money than the government is willing to pay, says John Garing, chief information officer at DISA. “We haven’t cracked the nut on how to get it in an affordable way and get the benefits the millennials get in everyday life.”
The good news for contractors is that there could be lucrative opportunities in “secure” Web 2.0 technologies. “We have fixes but they’re not easy fixes,” says Chris Daly, security specialist at IBM Federal Division. He says the company plans to offer “firewalls to enable secure technologies in federated social networks.” Lewis Shepherd, chief technology officer at the Microsoft Institute for Advanced Technology in Governments, says the company is investing billions of dollars in “trustworthy computing” that will be marketed to federal agencies.
For the foreseeable future, it is doubtful that anything will change, considering that the Defense Department is still adjusting to version 1.0 of the Web.
But here’s an even scarier thought. While the Pentagon figures out what to do about irresponsible millennials stepping outside the wall and blogging on non-secure networks, the al-Qaidas out there are jumping on the Web 2.0 bandwagon without trepidation. The Web is, after all, the terrorists’ premier command-and-control network.