Title: DoD Public Web Operations Governance
1DoD Public Web Operations Governance
- Terry Davis
- twdavis_at_hq.afis.osd.mil
- 703-428-0471
Disclaimer While factual information about DoD
directives, instructions, and organization is
included in this presentation, the assessments,
opinions and recommendations are mine and do not
represent official Dept. of Defense positions or
intentions.
2Introduction
- A look at multiple concerns/policies and
organizations involved in DoD Web Operations
33 Topics of Discussion
- Content Publishing
- Security
- Content
- Unclassified but Sensitive Internet Protocol
Router Network (NIPRNet), formerly the Nonsecure
IPRNet, provides seamless interoperability for
unclassifed combat support applications, as well
as controlled access to the Internet
4Content Publishing
- Information Technology Management Reform Act of
1995 (Clinger/Cohen) - The Chief Information Officer shall have
information resources management duties as that
official's primary duty - In other words, the CIOs primary duty is to
exercise executive, administrative and
supervisory direction (management) of government
information and information technology (the 2
elements of IR)
5Content Publishing (cont)
- DoD Directive 5122.5, ASD PA
- The ASD for Public Affairs duty is to ensure a
free flow of information to the news media, the
general public and internal audiences and to
ensure that DefenseLINK is operated and
maintained as the official primary point of
access to DoD information on the Internet.
6Content Publishing (cont)
- DoD CIO and ASD PA are not in the same
chain-of-command - Liaison is required.
- ASD PA acts as the sole seat of government
spokesperson for DoD, but many PAOs release
information to the press and public. - How many public websites does DoD operate?
7Content Publishing (cont)
- DoD Directive 5230.9, Clearance of DoD
Information for Public Release - Any official DoD information intended for public
release that pertains to military matters,
national security issues, or subjects of
significant concern to the DoD shall be reviewed
for clearance by appropriate security review and
public affairs offices prior to release.
8Content Publishing (cont)
- DoD Directive 5230.9, Clearance of DoD
Information for Public Release - The Director, Washington Headquarters Services,
shall - Monitor compliance.
- Develop procedures and review guidelines for the
security and policy review of information
intended for public release.
9Content Security (OPSEC perspective)
- Undersecretary of Defense for Intelligence
(Directive still in draft) - Policy and guidance relative to security of DoD
information. Should have the authority to resolve
security violations (e.g., to direct cleanup
and/or shutdown of sites as needed when security
problems/discrepancies are identified) - Chairman, Joint Chiefs of Staff
- Joint Web Risk Assessment Cell
10Content Security (OPSEC perspective)
- Chairman, Joint Chiefs of Staff
- Joint Web Risk Assessment Cell
11Network Security
- DOD operates 3.5 million PCs and 100,000
local-area networks at 1,500 sites in 65
countries, and it runs thousands of applications
on 35, major voice, video and data networks,
including the Non-Classified IP Router Network,
which is connected to the Internet and the Secret
IP Router Network, which is not. The New Trojan
War, Frank Tiboni, Aug 22, 2005,
http//www.fcw.com/article90262-08-22-05-Print
12Network Security (cont)
- Unclassified but Sensitive Internet Protocol
Router Network (formerly the Nonsecure IPRNet
(NIPRNet)) provides seamless interoperability for
unclassified combat support applications, as well
as controlled access to the Internet - Controlled Unclassified Information (CUI)
- Sensitive but Unclassified (SBU)
- For Official Use Only (FOUO)
13Network Security (cont)
- Directive 8500.1 Information Assurance
- DoD CIO
- Director Defense Information System Agency
- Director, Defense Intelligence Agency
- Director, Defense Research and Engineering
- Director, Defense Advanced Research Projects
Agency - Chairman of the Joint Chiefs of Staff
- Director, National Security Agency
- Director, Operational Testing and Evaluation
- Commander, United States Strategic Command
14Network Security (cont)
- Chairman, JCS Instruction 6510.01D Information
Assurance and Computer Network Defense - Joint Task Force Global Network Operations
(JTF-GNO) - leads and directs continuous services and network
management, information assurance/network
defense, and content staging/information
dissemination management.
15Network Security(cont)
- All DoD information systems shall maintain an
appropriate level of confidentiality, integrity,
authentication, non-repudiation, and
availability - Automated information system applications
- Enclaves
- Outsourced IT-based processes
- Platform IT interconnections
16Network Security (cont)
Internet
Global gates
Regional
Base
Building
17Governance Summary
- The NIPRNet is no longer an appropriate
environment from which to serve non sensitive,
unclassified information intended for public
distribution. - Oil and water mix requires too much shaking
- Expensive
- Service interruptions
Regional
Base
Building
18Governance Summary
- The ASD for Public Affairs, with DoD CIO
support/collaboration, should lead the DoD PA
community at large to a commercial or government
(off the NIPRNet) enclave. - Special arrangements to use .mil domain.
- USD I support for OPSEC and other content
security reviews. - Appropriate risk management
Regional
Base
Building
19Governance Summary
- DoD policies relevant to web operations should be
updated to clearly state the specific scope of
operations, functions, responsibilities and
meanings of terms.
Regional
Base
Building
20DoD Public Web Operations Governance
- Terry Davis
- twdavis_at_hq.afis.osd.mil
- 703-428-0471
Disclaimer While factual information about DoD
directives, instructions, and organization is
included in this presentation, the assessments,
opinions and recommendations are mine and do not
represent official Dept. of Defense positions or
intentions.