The troops loved the web, as it made it possible for them to establish web sites for their units. Pride in one's unit has always been a principal means of building morale and keeping the troops (and their family's) spirits up. The concept of a unit web page spread like wildfire, as did use of the web and Internet by troops and their families. But then, as the officers in charge of OPSEC discovered, there a dark side to all this.
It wasn't long before counterintelligence agencies discovered that our real, or potential, enemies loved the unit web pages as well. Here was a bonanza of information on the American military, regularly updated by the proud troops of those units. The unit web pages were too popular to simply forbid them. Even if that was done, civilians (often at the urging of the troops) could establish them. Moreover, a lot of the information on the unit web pages was already available to anyone who wandered on to a military base and looked at bulletin boards and read the base newspaper. But putting that stuff on the web saved the bad guys a lot of time and travel expense. Yet to crack down on the unit web pages would also likely stir up free speech issues. And the unit web pages were good for morale. Banning them would bring a lot of protests from troops and officers, and some of these gripes would be made to congressional representatives. This was a massive headaches for the enforcers of OPSEC, and there was indeed a serious security issue at stake here.
The military responded as it usually does in such situations, it issued rules and guidelines for military web pages (official and unofficial, many of the units web pages were done by the troops on their own time and with their own resources.) First, there would be no posting of information that was normally considered confidential or classified. This involved planned troops movements or operations that had not been officially announced. Again, an alert reporter could hang out near a military base and get this kind of info, but the military was under no obligation to broadcast the data worldwide. It was also forbidden to post too much detailed personal information (address and phone numbers, for example.) Even before September 11, 2001, such data was seen as useful to terrorists.
These restrictions did not raise a big stink among troops or their families. It all made sense to people in the military. Most importantly, the military didn't try to mess with the troops email. In fact, email was being encouraged. Even sailors, and especially the guys in submarines, had access to it. Email was an enormous morale booster for the troops, especially the ones, like sailors, who were separated from the families for months at a time. With more U.S. troops being sent to rough neighborhoods for peacekeeping, places where their families could not accompany them, email was extremely popular. And the brass loved it as well, because that improved morale translated into happier, more productive troops. This helped keep people in uniform, for it was an unfortunate fact of military life that more people got out every time more of them were sent on long cruises or isolated peacekeeping missions.
But email was not without it's OPSEC problems either. While troops were warned not to discuss classified or sensitive information via email, there was no easy way to enforce this. Those on ships or in isolated places where the military provided the Internet connections could have their email scanned automatically for sensitive information. Any suspicious email would be held and looked at for OPSEC violations. If the email was clean, it was released. If not, the author was contacted and given some counseling on OPSEC. Any .MIL email account also got the scanning treatment. But a lot of troops had non military email accounts. Some did so because they preferred, like many people in the civilian sector, to keep business and personal email separate. But others did it because they noticed that their work email sometimes took longer to arrive. This was because the scanning process for .mil email sometimes got backed up. Another reason, of course, was because a lot of the troops didn't like all their email scanned. Even if it was software doing the scanning, well, this was America and Americans take their privacy more seriously than in most other parts of the world.
But things only got worse for the OPSEC people. They initially overlooked the chat rooms. There are a lot of military oriented chat rooms out there. Others are used by dependents of military people. Everyone was talking shop, and often saying things that would give the OPSEC folks coronaries. Again, law enforcement and counterintelligence agencies, that now monitor lots of chat rooms for information, stumbled on lots of OPSEC violations. Not a lot could be done about this, except for those accessing chat rooms via military Internet accounts. The military has software to identify who was saying what and deliver more OPSEC counseling as needed.
The navy is particularly worried about all this, as ships now have access to the Internet. For protection and surprise, the navy relies on it's ships remaining undetected while on the high seas. Some sailors have already been caught revealing location information in casual chat room conversations. Sailors acting as sysadmins have been caught discussing security matters for their shipboard servers. In this case, the sailor described the security setup for his ships server while trying to get tips on how to make them more secure.
One scenario the navy is worried about is terrorists getting the location of a sailor's family from a web page, kidnapping a family member and then pressuring a sailor to commit treason. While far fetched, everyone now realizes we are dealing with a ruthless and imaginative generation of terrorists. And the current crop of terrorists has already used the kidnapping angle.
There are no easy solutions to all this. For the moment, the military has to balance the benefits of the web with a host of new dangers.
The Dark Side of Military Web Use- The Department of Defense has always been concerned with OPSEC (Operations, or sometimes Operational, Security). This is, as military puts it, " The process of denying to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting generally unclassified evidence of the planning and execution of sensitive activities." When the World Wide Web showed up, the people in charge of OPSEC soon realized that they had a major problem on their hands.