Return-Path: <sentto-279987-5111-1028299808-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 02 Aug 2002 07:54:07 -0700 (PDT) Received: (qmail 22680 invoked by uid 510); 2 Aug 2002 14:49:01 -0000 Received: from n23.grp.scd.yahoo.com (66.218.66.79) by all.net with SMTP; 2 Aug 2002 14:49:01 -0000 X-eGroups-Return: sentto-279987-5111-1028299808-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.201] by n23.grp.scd.yahoo.com with NNFMP; 02 Aug 2002 14:50:09 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 2 Aug 2002 14:50:08 -0000 Received: (qmail 21647 invoked from network); 2 Aug 2002 14:50:07 -0000 Received: from unknown (66.218.66.216) by m9.grp.scd.yahoo.com with QMQP; 2 Aug 2002 14:50:07 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 2 Aug 2002 14:50:08 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g72Eqn004871 for iwar@onelist.com; Fri, 2 Aug 2002 07:52:49 -0700 Message-Id: <200208021452.g72Eqn004871@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 2 Aug 2002 07:52:49 -0700 (PDT) Subject: [iwar] [fc:IG.Finds.'Sensitive'.Data.Still.On.DOD.Web.Sites] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: InsideDefense.com August 2, 2002 Sensitive information remains on several Defense Department web sites despite earlier warnings that the data was inappropriate and should be removed, according to the Pentagon inspector general's office. In a July 19 report, the IG found that as of May 2002, thirty of the 200 documents on publicly accessible DOD Web sites that the Joint Web Risk Assessment Cell previously identified as inappropriate were still available for public viewing. JWRAC identified the sensitive information eight months earlier in a September 2001 report. Established in 1999, JWRAC employs reservists to analyze data on DOD Web sites and identify information that poses potential or real threats to ongoing operations and DOD personnel. Inappropriate information includes data labeled "For Official Use Only," "sensitive" or "classified," as well as other information at one or more sites that, when combined, would be sensitive or classified, the IG report explains. The inappropriate information remained on DOD Web sites in spite of JWRAC's assessment because the assistant defense secretary for command, control, communications and intelligence did not establish "a mechanism to remove potentially inappropriate information from Web sites," the IG said. Further, the ASD (C3I) has not instituted "an adjudication process to resolve differences between the Joint Web Risk Assessment Call and Web-site owners on whether disclosures are inappropriate," the report adds. The ASD (C3I)'s office did not concur with the IG's recommendation to suspend Web pages that contain potentially inappropriate information. In a June 14 memo, Deputy Assistant Defense Secretary Carol Haave said DOD components should resolve differences of opinion on whether or not the disclosures are appropriate before deleting them from the site. She added that Web site postings are based on operational security evaluations at the local commander level and, unless overturned by a higher authority, their decision is final. "As the information in dispute is not classified, there is no generally compelling reason to preempt the decision of command authorities pending resolution of such disagreements, " Haave told the IG. The IG took the opposite approach in its response, claiming, "information that may place DOD at an increased risk must be suspended until resolved through an adjudication process." The Defense Information Systems Agency concurred with the report's recommendation to publish the JWRAC's Standard Operating Procedures for Discrepancy Reporting and Tracking and to establish a database system to track Web risk-assessment activities. -- Malina Brown ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT