From: Sent: Tuesday, February 27, 2007 11:35 AM To: Subject: FW: Procedures tor setting U|3^ Content Scan (UNCLASSIFIED)

Attachments: SE RICO.xls; Watchfire WebXM SCAN Manual.doc

3E RICO.xls (58 KB Watchfire WebXM SCAN Manual.do... Classification: UNCLASSIFIED Caveats: NONE

-Original Message

Sent: Thursday, February

)]ect: Procedures tor setting up a Content Scan (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Attached is a spreadsheet and word document

The doc is a step-by-step procedure on setting up a Content Scan.

The spreadsheet is divided into 4 sections with YOUR appropriate name on the top of 20 URLS .

The step-by-step document is in draft form. Please make note of any thing that needs to be change of addressed.

Notice that the RCIO is SE, so create the job in the SE RCIO.

Once you have completed and the jobs have finished. Let me now have many potential violations were found for each job. If someone has a few violations and someone has a substantial amount, we can assign jobs accordingly

Thanks

SFC paschal

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

A-

mi\.\ , •

} •t .«*

;*

2 US AG School SE US AG School SE APBI2002 SE APBI 2002 SE CHL SE CHL SE CIRP SE CIRP SE CPOCSCR SE CPOCSCR SE EBS SE EBS SE cesas SE cesas SE 184th IMAD SE 184th IMAD SE JTS SE JTS SE NGATS SE NGATS SE PMTMDE SE PM TMDE SE RFI SE RFI SE SPORT Website SE SPORT Website SE LA-TLAC SE LA-TLAC SE USASAM SE USASAM SE USASSI SE USASSI SE USAWOCC SE USAWOCC SE VTC SE VTC SE AMRDEC AEROMECH SE AMRDEC AEROMECH SE

aeromech SE aeromech " S E AFMS SE AFMS SE AMCOM SE AMCOM SE AMSS SE AMSS SE ANAD SE ANAD SE ARMYOCS SE ARMYOCS SE USAR 108th Division SE USAR 108th Division SE WAATS SE WAATS SE Benning SE Benning SE BACH SE BACH SE Campbell SE Campbell SE DDEAMC SE DDEAMC SE FSCADENTAC SE FSCA DENTAC SE EDMS PMO Home Page SE EDMS PMO Home Page SE RFAAP IRP Web Site SE RFAAP IRP Web Site SE SE SE FNG SE FNG SE FORSCOM SE FORSCOM SE JE DOIM SE

Jackson SE Jackson SE KNOX SE KNOX SE MACH SE MACH SE McPherson SE McPherson MEARS SE MEARS MACH SE MACH MVD SE MVD MVK SE MVK USACE New Orleans SE USACE New Orleans OMEMS SE OMEMS AMCOM SE AMCOM RRS SE RRS USAAMC SE USAAMC USACE Charleston SE USACE Charleston CESAS SE CESAS CESAW SE CESAW RSC SE RSC SMDC SE SMDC SGT Beacham US Army SF CMD SE US Army SF CMD DIVARTY SE DIVARTY Little Rock District SE Little Rock District TUAV SE TUAV USAALS SE USAALS USACHCS SE USACHCS USAR SE USAR WAMC SE WAMC WACH SE WACH LAISO SE- LAISO Rucker SE Rucker Refill Web Server SE Refill Web Server Fort Benning SE Fort Benning IADS SE IADS JTIDS SE JTIDS PUBS SE PUBS VFSO SE VFSO Cargo SE Cargo PEOAVN SE PEOAVN Acquisition Center Website SE Acquisition Center Website AC Web SE AC Web Buchanan SE Buchanan 3dMEDCOM SE 3d MEDCOM http://agsssi-www.army.mil http://apbi.redstone.army.mil/ http://chl.wes.army.mil/ http://cirp.wes.army.mil/cirp/cirp.html http://cpolrhp.army.mil/scr http://ebs.lrl.usace.army.mil http://en.sas.usace.army.mil http://imad.redstone.army.mil http://jtshelp.redstone.army.mil http://ngats.redstone.army.mil http://pmtmde.redstone.army.mil http://sasnotesweb.sas.usace.army.mil http://sport.redstone.army.mil http://tricare15.amedd. army.mil http://usasam.amedd.army.mil http://usassi-www.army.mil http://usawocc.army.mil/ http://vtcenter.redstone.army.mil http://www.aeromech.redstone.army.mil http://www.aeromech.redstone.army.mil http://www.afms 1 .belvoir.army.mil http://www.amcom.redstone.army.mil http://www.amss.redstone.army.mil http://www.anad.army.mil/ http://www.armyocs.org http://www.armyreserve.army.mil http://www.az.ngb.army.mil/waats/default.asp http://www.benning.army.mil http://www.campbell.amedd.army.mil http://www.campbell.army.mil http://www.ddeamc.amedd.army.mil http://www.dencom.army.mil/serdc/ftstewart/ http://www.edms.redstone.army.mil http://www.envnet.org/rfaapirp/ http://www.finance.army.mil http://www.floridaguard.net http://www.forscom.army.mil http://www.gordon.army.mil http://www.jackson.army.mil http://www.knox.army.mil http://www.martin.amedd.army.mil http://www.mcpherson.army.mil/ http://www.mears.redstone.army.mil http://www.moncrief.amedd.army.mil http://www.mvd.usace.army.mil http://www.mvk.usace.army.mil http://www.mvn.usace.army.mil http://www.omems.redstone.army.mil http://www.redstone.army.mil http://www.rrs.army.mil http://www.rucker.amedd.army.mil http://www.sac.usace.army.mil http://www.sas.usace.army.mil http://www.saw.usace.army.mil http://www.se.usar.army.mil/ http://www.smdc.army.mil http://www.soc.mil http://www.stewart.army.mil http://www.swl.usace.army.mil http://www.tuav.redstone.army.mil/ http://www.usaals.army.mil HTTPV/WWW.USACHCS.ARMY.MIL http://www.USARC.army.mil/ http://www.wamc.amedd.army.mil http://www.winn.amedd.army.mil http://wwwlaiso.redstone.army.mil/ http://www-rucker.army.mil - https://arwshkuz50.stewart.amedd.army.mil https://benning-emh12.army.mil https://iads.redstone.army.mil https://jtids.sed.redstone.army.mil https://pubsweb.redstone.army.mil https://vfso.rucker.amedd.army.mil https://www.chinook.redstone.army.mil https://www.peoavn.redstone.army.mil https://wwwproc.redstone.army.mil https://wwwproc.redstone.army.mil/acquisition www.buchanan.army.mil www.usarc.army.mil/3medcom Soldier Support Institute Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U.S. Army Engineer Research and Development Center CPOCSCR, Information Services Division Find and put in the correct Full name of unit or website Savannah District Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Product Manager Test, Measurement, and Diagnostic Equipment Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U.S. Army Soldier Support Institute Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website

Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Anniston Army Depot 3-11th Infantry Bn (OCS), Ft Benning 108th Division (IT) Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Information Technology Business Center Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Radford Army Ammunition Plant US Army Finance School Florida Army National Guard Office Of The Chief Public Affairs Find and put in the correct Full name of unit or website

Find and put in the correct Full name of unit or website Fort Knox DOIM Find and put in the correct Full name of unit or website US Army Garrison Public Affairs Office . MEARS Automation Moncrief Army Community Hospital Mississippi Valley Division Vicksburg District US Army Corps of Engineers, New Orleans District OMEMS Army Aviation & Missile CommandCorporate Information Center Recruiting and Retention School Find and put in the correct Full name of unit or website US Army Corps of Engineers, Charleston District Savannah District Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website

U.S. Army Special Operations Command Fort Stewart Little Rock District AMCOM, Redstone Arsenal, AL Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U. S. Army Reserve Command (USARC) Womack Army Medical Center Winn Army Community Hospital Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website USA MEDDAC Fort Stewart GA Find and put in the correct Full name of unit or website U.S. Army Aviation and Missile Command Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website PEO Aviation Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website 56th Signal Battalion Find and put in the correct Full name of unit or website

Watchfire WebXM "Setting up Content Scans >5

1. Log into Watchfire WebXM web site: https://netcom02/webxm/ 2. Once log into Watchfire you will see the following screen. Next, go to "Navigate" in the upper right corner and select "Webspace Center"

SI WetlMrc WtbX* -ncTOdDft Interact Exiorer I'lftHRnnhri; 'UJst*i

•:•!- s « ••>> Ft-atrt [ ™ fj.,i ©•*.?•©•-@ftl ^ i p w , . ^ ^ * . e|'.>-v & > • * £i ¥ ^ ¥ ¥ ¥ ' - - ' -

Cui^le ||Q*." _ T 3 * 1 f'"SS fi * I ^ *X*W*i' f'^!^' L I'^'ChKll * -\£Lj(Mi* *•; ^ J J W J I , QtiSBidta*

atJCHnRCT AVURAC Dashboard 1 Wnbipat* Cflninr I A JrnmifT s'ififi i"."*ntar 1 J"aFtii •SiUHMltJi 1 Campklanea F4vantn •• ' l ^ . T • , • • • "^eSfllliaianPB,-*I"VAJUI^JWRSnpVPP M'- 'lit HNHS Export Si tTH^sro^T ftEJWPnSESBY ISSUE Clt«N PAGES Ot BEC10N • Clajfl P44ts tor All NigiOHi — Currnnt Brgmn y All Rcg-Di'i ICE CflnM-MlMCE TAP FDA [>fc TAILS 10D% —

Subregiom ioq NW RCIO 1 0 0 * - UE-B^Q CLEAN PAGE9 OVER TIME 100% - ^Lftiia Currant Trend: Cl«.*n p*ig#ij lor 7*11 Rug ion-,' 100% - Currant Ucuar AWKAC Dashboard 5L££I£ Show trend f»n IAWHAC D*fhk«Jid -3 «..„„b L0D% - January Rlnns 1 0% —

p « so g 1JU Pggr * M - . . : ] Good

J

Ffltaudm T i ] . •:^n^r r7^rw*^-*

3. At this point, you will go to the Webspace that you are assigned and click on that space (eg. NE RCIO, NW RCIO...) Mmas£$g!z^zz tfm 6 * 9 " P l - M K lools ijee ^ I * Q«* -'O- flli '& .p5"* ^•'M*". s:-r.J>* a

Kfllp | -*t>QUt l i O Q j r j t WatCHnRe' Webspace Center

Yau iri hatn W| Wjeihfli* * Whbap DAHQVASCHALLM CParsonjIizel

T a i k t V i m : Sfrqri J S l a n d a r d i L-na •sraxneEES C r e a t e . . . 3 Pacific C j Socci-il R«aucs; Scan V*rt«uf bUat ta b* ccinnad csP eriodic m a i i m a n t i of Army iltai. Parladlc aitaitmaiiM of Army *lcac Raquaftad Scant.

Global U p d a t e . . . %J&b FrooarTnj B«MUHLI D i H U n . 1 [ & Raoort Properties I I 0 Jabi, ORapai C M B M « J I 19tJobi, 197 R«»ort Pitlu C u t M t f l lOJobl, 10 RaportPacki [ M t t i b i I Jab, 0 RapaiT P*ckj P f M i m » | Dalata | Qfj Pm&trttai | Otl«t« | Q»«w Prc-mttt«i | Palati | O P — ProBtnlfi | D«ltta | Q u i

* Q j Euroop BJNWSCIO C& SW RCIO i Partodlc i manu of Army *kai. Parladlc u n i t m a i m af Army lltal 'S^...,.™..,, . , _ , „ , . Partodlc a n a l •manu of Army *lt* U| Mv Watchfira »> Mr Watehfirc Cl««g

L g Wabsflace Confer • » • U R L I I M * URL I B M U R L I C w t n t i i 3 Jobl. 3 Raport P*< C » t M b i 98 Jobf, 92 Raport Ptcki C i t t H b i 39 J obi, 38 Raport Pack. [ffi idgtlOteE*Jfea Canter EaatMbi 9 Job I, 9 Raport Packi Pra turrit l | Oakrt | Q»cn Propertlii | 0

tl-^J January Bloas * of Army Wab Lags,

C«*t»nt»i 3 Jebi, 1 Rapart Pad Prootrtm | Dalata | Q»—,

31! g ] N q M : j V n e t t t ^ / i » * l l t j i a e t M « t * . * l S p ? m i d - » "i. : H! p E ? ; ^ ^

Now let's start setting up some jobs! 4. Notice the left side of the screen; under Task, you will click on "Content Scan Jobs" ©-* - &'. ©ii ST ^fl'-& i*b# & & 3_a. '. 111*! Qsittfr^

i:I :. j ¥¥¥:.:¥-. | LQQ Out ; wateHuTte* NE ROO

* * — " * < • " > f f i t i H - i " ! r , | ^ | f > I * K I D DAHQVASCHALLH

Jabi ' . fig RnourtP*cki T n h i , . , , ~ . : i . . View £££rt I 3toi*rf*ird | LajU mi bf: Nime | „i?r pgn I' Nftt flujy

Create... ] Q 3 l P Q 4 t : h O M C O < G S ) N E Jan 07 W ATCS-S NE Jan 07 1004th Quartermesttr Company (GS) official wee TRADOC Chief of Staff- Safety Offlc 0 3 Content Scan Job | site & Infra structura Scan Job

life Report Pack B ui ltl URLL )i httrr..ppii////' www.uiare.army.mll/l0 • " • " * • *>«T*-ffMm>.7*J*r.»rmy.mll/i ... B * M U H L I httf

N«* K ttnn»iniii NNeatt schadulled ^ " ^ N u t ~ » Nat , ^ 4 f ^ Newt rani Not schaduled N r n t m i Not scheduled I.. HatfJfltaqji :=j.V . - . ¥¥-_" UNitaHtptfwi Collector.* U e a r t n M t M t M i Collect Links Uearha*ntp»*e*l Cq[l^c;l4p(ji U*«rk>(xitp*fMi CQllectLlnkti' | L » 4 P r — r B e i | Delete | Sim | '- P r — r * j w | Delete, j Rim I C&rrtir.u* | Lag BatitdiM I Dii±£i I Ean \ <:,Ç,.¥

B j M Y WatchfifB 0 3 10th LSO NE Jan 07 1 ATDC-M NE Jan 07 ] Garriton Intranat NE Jan 07 J H O T C W E B N F J a n G T r> M T Watchfira Classic 10th L«q*l Support Organic TRAOOC Deputy Commanding Gai Fort Datrick Oarrlion Intranet ROTC MIL WEB SITE

E g Webspace Center

[ S AdrriiniitDtiqn Center Beo*UM.:http://wvwui*rc »rmymil/IO .. • M A U K L I httpi//www tradoc army mll/u . I t M U R L i httpji//aanif»n.(tatrtcl( arm _. B I H UftLi http://www.rotc monr L * * t r w i Frl 1/2672007 9 i l 2 AM S u t H r k i L i t l i w i Frl 1/26/2007 9i28 AM Statistics L M t r w F r l 1/26/2007 LO1I6AM S^OiiJc^ L M t n m i F r l 1/19/2007 9t43 P!-, NeMtntmNot icheduled N n t n a i Not scheduled N w t r w i Not ichadultd Neutral; Not scheduled U*«r meat pa«e*i Collact Links Uterl»a«jt|)*t**i Collect Links I h t r b p a t i H * * ! CollactLlnki UecrMfHtfcpaejefi Calltct Links . PIT—tti— | Q*|tt« | Rjin | 'A'niir.im ) L*S ptTP^r^n I fijliii I &m I c-JHTii-i.j*. | i.e.) P f f f r t i W I Ealaci I Silfl I C'.

• Q l U H h M T N O C W - P l E S M E a b 3 ATOC-N NE Jan 07 1 CCSS^Armir ME Jafl *7 10th M T N O I V - NE TRADOC Oaputy Commanding General fer ARN0 OUbal Combat Support Systems - Army Resource Services - Washington:

• « • • URL I httpi/Zwww.drum.army mil/ I « M U M . I httpt//w*w,tred»c. irmy.mil/a .. B I M U»Ui httpi//vww.ac**-army.lee arm ... L M t r a a i Sit 1/20/2007 12i06 AM S n t n t K f L a a t r w i Sat 1/27/2007 I 2 i 0 2 AM Statistics L a e t n a t T u * 1/23/2007 12i04 PM S t n ( ^ i : < LMtnaitiThu 1/23/2007 *|2™J ' ' NaMtnMi Net scheduled N m t i w i Not tchadulad N w t r w i Not scheduled H e - t r - , Not scheduled U M r h i p . t >•«••• Collect Units Use* tafMt » a « « i Collect U n k i I h M r i M M t I H M I C,olU^Urtlt> Prwwrti** ] O t U w | Sim I «;.jiun.'n | L^g I Delete | £jifl | Conttnui | L'jj Ptattrttw I Deleta | Run | Cnra1nui> | Lot]

a i l 7 3 T T B H M E ] a n r } 7 1 ATEC NE Jan 0? 1 H Q D A 1 M E T . J J E J M D 7 1173rd Transportation Terminal Battalion Army Test and Eval lation Command Headquarter*, Department of the Army [NET STAMOARO ARMV TRAINING : V l ^j . i rri isr i»j taai «™i 5. Under the Job Name: You should put in a job using ACRONYMS (For example: USAGE ILL SE JAN 07 6. Under the description box you should put in the full text Web site Army command name. (For example: United States Army Corp of Engineers Illinois). 7. Next you will click on the "Create the Job and Continue". This may take a minute.

Q l « k - ; ) • [ x ] [ S i ;V; | P Search £ > Favor*.. . £ > | • .'•'; - ,'£^, JS) . '"'] *} ^

Addmi | £0 hctps://netcom02/web)aTi/cs)obopts-aeat9.asp?w^-,watfancd-webspace.a5p?mld- ~3 flg° 11 cocSic|:c^'" j j & j J . Q - I £ 3 ? ! ~ ? » j " ^ Check » • i Aumunl.-r 'S | Autof r ' [ • Send t o - G settings- ' & ' . - i— — - t _ _ watscHfrne liHBiie^^i'^'.igiai Create a New Content Scan Job

You are here: My W a t c h fire > Webspace Center > 5E RCIQ > C r e a t e a N e w C o n t e n t S c a n J o b General Properties General Properties

Identify this job When you click 'Create the Job and Continue', the job will be created and you will be able to edit its properties*

| Identification

Job name: JUSACE ILL NE JAN 07

Description (optional): United States Army Corp of Engineers Illonis "3

Contact name and information (optional): |DAHQ\PASCHALLM

^ C a n c e l SlCreate the Job and Continue 1 141 ;.'•. . ' [ § j V j local htrarat ¥Wstart] (Sf M [ j j VJl AWRAC SCANS . | a ] WatcUre WebXM SCAN .., [ & status; Connected I IMC,.. 11 g j W Verifier WebXM - M . | 0 J J ^ , ' 3 l 10:19 AM

8. Now you should be at this screen, type or cut and paste a URL into the "New starting URL: text box" and "click" on the ADD button. This may take a minute. <3walcM>K WebXM - Mltmwlt tntpmet ftwlorer ^g^pe^gBsgsp^?-' [Ic [rit 9M Fwrtn looti bsfc Q« - a & ts1p** &*-•» e ©- & $ - u * ft flcjdrmj ^^tp<:^r^onira/v^^tTTCtJC1rtl-Ky>i^,^?Iob^-2QZ7g*ancal^Mbg«B%^fltf%^ J j j£| Go [.Links

m You are here: Mv Watchfira > Webspace Center > SE RCIO > USACE ILL ME 3AN 07 Test - Properties General Properties • W h a t to Scan What to Scan Scan O p t i o n s General Options are Servers and Domains Indicate the URLs where the scan of the site should start, as well as any scan limits that needed, Exclusions S t a r t i n g U R L s Custom Error Pages N e w s t a r t i n g U R L ; Interactive | h t t p : / / w w w . USACE-III.army.mil/ Components

SessiQP IDs Existing S t a r t i n g URLs: Form Transients S t a r t i n g URL _ _ ^ _ _ Status Automatic Form Fill :(No URLs specified.) J Connection Settings I Network Connection Advanced Login _

L R e p o r t D a t a Collection _ • Sri — Report Types — • Metatao for Grouping Remove Selected Items I Forms to Exclude J Scan L i m i t s Application ^•m Technologies ^J__(L.Scan all c o n t e n t j n alLi.n.ternaLdomaJos.. aaCanceJ 3Back ] NejSijQ F i n j s h l l m 0 ~ | v J Local Intianet QAWRAC SCANS | JjjWatchfmWebXMSCA»l,.,| & status: Contacted IIMC,., || j j j WatcMVe WebXM - M_ (5) Mcrosoft Exctl-SERIC... [ © £ « . & 10:23 AM"

9. Now you should see something like this. Now "click" on the a Watchhrc WtbxM - niraiolt Internet Explorer • • - L . - U Sto Ec* Sew Fjvortes Ion* ^lc © s a c k . © r @ g • ; , | p * . * ^n™*« £>]v;*-J&.^i-- Q *fc Jet address |.jj htict:<)iwionJ^»^<^^pDttiti^jc»ifiM.aarpb«i-;D;7»ej^»t-»i»lMcT'>^ ' Tl!j ir^fe'-TTllffiTH! watCH^te" USACE ILL NE JAN 07 Test - Properties

±1 You are here: My Watchfire > Webspace Center > SE RCIO > USACE ILL ME JAN D7 Test - Properties Session IDs J N e w s t a r t i n g U R L : Form Transients Automatic Form Fill a r -rAcM Connection Settings Existing S t a r t i n g U R L s : Network Connection S t a r t i n g URL S t a t u s Advanced Login : ;http://www.usace-ill army mil/ •••?' g R e p o r t D a t a Collection (Re-test) Report Types i Metatao. for Groupinc Forms to Exclude Application d Technologies Remove Selected Ite'nvi I Critical Pages : Settings Data Maintenance * Scan all content in all internal domains Reports r Scan only up to the following limit Dashboard Settings Job Status Alerts A m o u n t L i m i t Schedule Agent Server I f^i 3 Log Settings P In starting domains, only scanjinks in and be[qw ^ e j f r e c t q r y o f each starting URL. ffflBack | N e x t j g Finish?

^|avasCT^:d^_cc«fflK»iiJ_SubniitFwrTN,,.| Q status: Connected I IMC... [| g | Watchlitc WobXM - M _ [5] Mcrosoft Excel-SER1C: •'.''. f Q ^ ' O ; ^ 10:33A 10. Next, notice on the left side under General Properties the Reports property; "click" on it. 11. Now you will see this page. 12. Now "click" on the "Create and Package All" button. This may take a while. 3 w « chfiie WchKM MlcromH internet E w l n n •JSJ. So £d» £lew Favorites look 8eb ©Sack . ij§.!. [V] j_g ^ ' p S - d . S^F««« *3kf.-jgV § t*T- Q *> 'ft Lwa Addreii |jg httpj r//neti^xTifl2/^wn/c fldx^*^«OT*.aSB7Klbid-ZDZ7Wflr*fii*^spaci. Mp^rtid-«UVnish-wefcifMC9. HP^*MWOatyTl«- ~33 S. * Gaciylc, (,V' _ J ' o » M 3 * i S ^ - I "& Check » >viutotlnll - "^j AutoFill L«»SendtO'r aggf^winiBiES wafcHfoer USACE ILL NE JAN 07 Test - Properties

c o m p o n e n t s ± i You are here: Mv Watchfire > websoace Center > SE RCIO > USACE ILL NE JAN 07 Test - Properties Session IDs Form Transients »"i R e p o r t s Automatic Form Fill Connection Settings ', The reports that have been created for this job are shown below.

mtWQrtConnwtMi I R e p o r t s f o r this Job Advanced Login R e p o r t D a t a Collection No reports have been created for this job. Report Tvnes Metataa for Grouping To create a new report, click 'Create New'. Forms to Exclude Create New ... Application Technologies Critical Pages To automatically create all o f the reports for this job and package t hem in a report pack named after this job, click 'Create and Package All'. Settings Data Maintenance Create and Package All ?| R e p o r t s Dashboard Settings Jab Status Alerts Schedule Agent Server Loo Settings SaQanss! Heads I tkiiiU fimsbj — m , f g | |»J Local Intranet 'J?l AWRACSCANS 4D WatcWra WebXM SCAN ... | Q status; Connected | IMC... [ g ] Watchfire WebXM - M-. [ j j Mcrosoft Excel - SE R1C... O S ' S - & 10:38AM J'startl [si as L3

13. Now you will be at this page; now look back over on the left side and "click" on the Dashboard settings. ilW'SUhfire WeWM - Mfcmoft Internet bairn Bta 6il Bw Famxtss load ado Q* ell.--: WJ : > * iHil **r«i].(jj httsi:tlrtth^arezittttanlcijoboou-'aimtj. •io/ioi3ncBl-»«>[Mt »%iEMIi1v3fwjuniXMDUJwh-tBtBpscslirEsBnUfwadlUDWKyijs. Cottle XT _*]&, J, £l * I: ^ ? = , | ^-"ch«k jAutc-r-ill [^5endto-» nQ aSett*ing s^ i * t ^ W ^ l USACE ILL NE JAN 07 Test - Properties

i-omnoniyirs ± 1 You are hers: Mv Watchfire > websoace Center > SE RCIO > USACE ILL NE 3AM 07 Test - Properties Session IDs Form Transients R e p o r t s Automatic Form Fill Connection Settings The reports that have been created for this job are shown below. Network Connection R e p o r t s for this J o b Advanced Login R e p o r t D a t a Collection M o d u l e : |AJI ( 3 7 ) 3 Report Types R e p o r t N a m e T y p e Metstaa for Grouping j @ Applications Applications Properties Forms to Exclude I H Authentication Points Authentication Points Properties Application > @ Control Inventory Control Inventory Properties Technologies q ;@ Cookie Contents Cookie Contents Properties Critical Paoes j@ Cookies Cookies Properties r Settings !@ Custom Compliance Standard: Adhoc Custom Compliance Standard Properties r Data Maintenance jlH Custom Compliance Standard: Classification Custom Compliance Standard Properties r- R e p o r t s :@ Custom Compliance Standard: Criticallnfrastructure Custom Compliance Standard Properties r; Dashboard Settings • B Custom Compliance Standard: ForceProtect Custom Compliance Standard Properties tob Status fllwrr^ \@ Custom Compliance Standard: Operations Custom Compliance Standard Properties G : I S Custom Compliance Standard: Personnel Custom Compliance Standard Properties r Agent ¤ssmt Create New., i: :Delete'3efect^d.Items Lo^Settjr>gs__

%i Cancel O a a c i | N at t l CjawmcsUfS | 'S) WalcWH wiiww K W „ | Q ttjtw^CaiWttodllW:... ||g]Wjt[hr»cWtbXM-M- [jJMm>Kin:£

14. Now you will see this screen; now check the box "Make this job available to dashboards" 15. Now "click" on the finish button located at the lower right hand corner of the page. ' 3 WaUMkc WebXM - Mlttosolt Inbtmtr Explorer Eh E * ttw Fjvorlw look tjdp ; : w ~ » f ^ euF^"ir DTaT Aod d " " j^tTttp^^wtcflirtiywobiiri/Joiiopc$-lT*5h-»abspa«.«p>w5hi-40&Eyoe- ~3 £|a> jirts J ^ t Q * I *'?*—' | ^ O w * »• ftiftMlS* - S'AOtirt [^SonJtD- iQsmkw»

±j You are here: Mv Watchfire > Websoace Center > SE RC1Q > USACE ILL NE JAN 07 Test - Properties General ProperHes What to Scan a Dashboard Settings Scan O p t i o n s General Options P miiuuiu*mimj]Ai.uiufciui Servers and Domains D a s h b o a r d P a r t i c i p a t i o n Exclusions Custom Error Pages This job does not participate in any dashboards. Interactive Components Session IDs Form Transients Automabc Form Fill Connection Settings Network Connection Advanced Login R e p o r t D a t a Collection Report Types Meraraq for Grouping Forms to Exclude Application Technologies it. f $ Cancel ESfiack I t J g x t H Finishg : [j5"|VjLfl£dttrina( m—~^~ — —————. , — - — ; ~ \<3$'Q% 10:41 * rf'««t| {j} M j J ._J*WBAC5CAN5 | ig]WattHr;WabltM5CaW.„| fl tutia: Cmwttud I IMC... j| g j W^ihBre WrtXM- W- tgfrfcraMFI E»rd-StRiC... I

16. Now you should be back at this screen. Now find the job your created and "Run" the job.

** The job may not start right away. Be patient... your job will run when the server has available resources. We have three servers with each sever having the ability to run 4 jobs at a time. Importance: High

Attachments: AWRAC Concern Discovery Incentive Program 1.0.doc

AWRAC Concern Discovery Incent... Classification: UNCLASSIFIED Caveats: NONE

Sent; Monday, October 30, 2006 9:18 AM

Classification: UNCLASSIFIED

Caveats: NONE

Please review attached.

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE From: Sent: Monday, February 26J_2QQ7.4:j1 PM To: Subject: ly Web Risk Assessment Cell (AWRAC) (UNCLASSIFIED)"FOIA" (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED Caveats: NONE

-Original Message

ruesaay, August (

Subject: FW: Army Web Risk Assessment AWRAC) (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

FY I

)eputy Director Army Office of Information Assurance and Compliance

Sent: Tuesday, August 01, 2006 8:40 AM

Subject: RE: Army Web Risk Assessment Cell (AWRAC) (UNCLAS ED)

Classification: UNCLASSIFIED

Caveats: NONE

Sir,

We had a discussion with the AWRAC team yesterday and are looking into how we will identify those Websites that are .mil's that are not resident behind our reverse proxy server. Additionally we are also going to screen for sites that are contractor operated on the .com domain that contain sensitive Army information that should be on the .mil domain.

We will work with the AGNOSC and appropriate commands to get them in compliance.

l V/R

CI0/G6 NETC ESTA, OIA&C

"Our^Armyai^war^ - - Relevant and Ready"

Sent: Sunday, July 23, 2Q06 12:30 PM

Subject: RE: Army Web Risk Assessment Cell (AWRAC) (UNC.

Classification: UNCLASSIFIED Caveats: FOUO

How can we use this team to also compile a list of severs that may be out there to locate on the APCs. Maybe and additional tasking. Please look into it.

****«"Do what's right,....and risk the consequences!"******

************************************************************************** Digitally signed with a DoD certificate. To download the DoD Root and Medium assurance certificate authorities visit https://dod411.chamb.disa.mil

Sent: Friday, July 21, 2006 7:11 PM

Subject: Army Web Risk Assessment Cell (AWRAC) (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Classification: Caveats: *N0TICE: Classification: UNCLASSIFIED Caveats: NONE

Sir, Latest information of mobilization of Army Guard personnel to support our

2 Web and BLOG OPSEC operations. 10 personnel have been mobilized to support our expanded mission per the CSA.

UNCLASSIFIED//FOR OFFICIAL USE ONLY

EXECUTIVE SUMMARY 21 July 2006

(U) MOBILIZATION OF ARMY WEB RISK ASSESSMENT CELL TEAM (NETC-EST-I) (U//FOUO)The Army Web Risk Assessment Cell (AWRAC) successfully mobilized 10 members of the Virginia National Guard Data' Processing Unit on 10-21 July 2006 for one year. The team will support AWRAC's mission to monitor official and unofficial web sites for OPSEC violations IAW the CSA's 20 AUG 2005 message. The team processed through Fort Belvoir, and is assigned to NETCOM, with duty at the unit's headquarters at Manassas Armory. Team members have received 90 percent of their initial required training, and will receive additional outside training during the next month. The group has received NETCOM computers, badges and e-mail accounts, and has been task organized under NETCOM EST-A. The armory was provided with two phone lines with DSN capabilities in support of the mission, and the unit voluntarily added a T-1 line. The team has been assigned a range of tasks which will increase web monitoring, refine tracking procedures and streamline notification processes.

PREPARE MEMO

MAJ Pam Newbern/NETC-EST-I/703-602-7482

APPROVED BY

UNCLASSIFIED//FOR OFFICIAL USE ONLY

COL, GS Director, Office of Information Assurance & Compliance IA & C Directorate, Taylor Bldg

"Our Army at War -- Relevant and

Classification: UNCLASSIFIED Caveats: NONE

Classification: Caveats:

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: FOUO

Classification: UNCLASSIFIED

3 Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

4 From: Sent: Monday, November 13, 2006 11:17 AM To: Cc: Subject: : Army Web Risk Assessment Cell (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED

Caveats: NONE

kWe can be called at

Sent: Thursday, November 09, 2J306 3:36 PI*

Subject: Army Web Risk Assessment Cell Importance: High

Sir;

I am working on a Corps Blog engagement plan on behalf of the Corps PAO and I was provided the article that appeared in Military.com. Would it be possible to call you and ask you some questions on your unit? I understand that some of the information on your methods is sensitive but I would appreciate any help you can provide.

v. r.

XVIII Airborne Corps

Media Relations

Classification: UNCLASSIFIED

Caveats: NONE From: Sent: Wednesday, NovemberJ31, 2006 10:04 AM To: Cc: Subject: FW: blogging guidence (UNCLASSIFIED) Signed By:

C l a s s i f i c a t i o n : UNCLASSIFIED Caveats: NONE Please research and respond thru me.

Sent: Wednesday, November 01, 2006 7:05 AM

Subject: blogging gu

Sir-

iand I am currently deployed as a security manager atf :enc"iy found your name in the article that ran in the Stars" anc Stripes on 2 9 October about web blogging. I currently have an issue with a soldier who is posting a blog while stationed here. I feel there is too much information being posted (including pictures) but have had a hard time finding any concrete regulations as to what can and cannot be put in a blog. I will attach a link to the blog I'm referring to at the bottom of this message if you'd like to take a look at it. Any guidance you could give would be of great assistance. Thank you for your time.

v/r

2LT, MI

CFLCC STB S-2

Classification: UNCLASSIFIED

Caveats: NONE

1 From: Sent: Monday, August 07, 2006 5:2 To: Cc: Subject: RE: Bfog site question (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED

Caveats: NONE

At first blush the site seems a little racist and does not serve the Army well. I will get a more official answer to justify not opening up the site. The soon to be released FM 25-2 does not look like it covers blogs. The next release after this one is already being worked, we may have input to address blogs there.

Sent: Monday, August 07, 200£

Subject: FW-. Blog siteques^orT

Sent: Monday, August 07,

Subject: Blog si

I have a request to lift a block on a .com site which is a blog site.^B fas request I pass the site to you for review—is this type of site your team will be looking for? The site is not accessible from GuardNet and I do not plan on lifting the block. Please let us know your thoughts

http://j agman-tfphoenix.blogspot.com/

1 Thank you

NGB-AIS-CO Chief, Network Operations and Security Center

Classification: UNCLASSIFIED Caveats: NONE

2 From: Sent: To: .Subject: G SITES (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED Caveats: NONE

•Original Message

Sent: Tuesday, August 29, 2006 10:14 AM

Classification: UNCLASSIFIED Caveats: NONE

Good Morning, my name J - S ^ M ! worked for AWARC monitoring Army affiliated individual Blog sites. I'm finding a lot of IED damage photos online. I can tell the individual is in the Army by the photo of himself. However, he does not give enough information to locate him through the AKO directory. Can we officially notify him via his blog's contact link? Please give guidance on this issue.

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell (703) 602-6300 (DSN 332) [703) 602-3751 (FAX)

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

1 To: Subject: (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED Caveats: NONE

--Original Message

Sent: Tuesday^AugusT2S^^0Q6 10:54 AM

Subject: Re: INDIVIDUAL BLOG SITES (UNCLASSIFIED)

Yes. No problem.

Sent from my BlackBerry Wireless Handheld

Original Message

Sent: Tue Aug 29 07:13:49 2006 Subject: INDIVIDUAL BLOG SITES (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE

Good Morning, my name is J|B- I worked for AWARC monitoring Army affiliated individual Blog sites. I'm finding a lot of IED damage photos online. I can tell the individual is in the Army by the photo of himself. However, he does not give enough information to locate him through the AKO directory. Can we officially notify him via his blog's contact link? Please give guidance on this issue.

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

ill

i Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

2 Sent: Tuesday. February 27. 2007 7:37 AM To: Subject: f W : HICKS LETTER (UNCLASSIFIED) Signed By: Jus.army.mil

Classification: UNCLASSIFIED Caveats: NONE

•Original Message-

Sent: Wednesday, August 30, 2006^11:51 AM Sub^c^^RE™3 pETTEE^WNcBBflFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Good To Go!

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell

Sent: Wednesday, August 30, 2006 11:16 AM

Classification: UNCLASSIFIED Caveats: NONE

Here is a new copy of the letter, Please seek approval for it and I will send it later today.

Thanks,

l <<...>>

Sent: Wednesday, August 30, 2006 10:40 AM Jb')

Classification: UNCLASSIFIED

Caveats: NONE

<< File: Mr. Hicks.doc >>

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

2 Sent: Tuesday, October 17, 2006 3:46 PM To: Subject- Signed By:

Blogger

Might want to add

"In one case we found a blog where a soldier posted photos of an Army weapons system that was damaged by enemy attack."

Sent: Tuesday, October 17, 2006 3:32 PM

Subject: RE; Associated Press Query (UNCLASSIFIED)

In one incidence, we found a military web site that contained a document listing addresses, room numbers and points of contact of safes that contained classified information. In a second incidence, we found a Bolger who was discussing his duties as a guard, providing pictures of his guard post and discussing the vulnerabilities of his post to include how to exploit them. In a third case we had a soldier that gave so much personal data he endangered his family.

gent: Tuesday, October 17, 2006 2:44 PM

Subject: RE: A s s o c i a t e ^ r e ^ Q u e r y (UNCLASSIFIED)

l Subject: RE: Associated Press Query (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

The reporter would like to have the information by tomorrow or Thursday at the latest. Below are his specific questions. If it is best to answer in person, we will coordinate a phone interview, but the questions stay the same. Who is in the best position to answer these questions, and can it be done electronically?

QUESTIONS:

Sir-

I would like to find out the following information regarding the Army Web Risk Assessment Cell. I would like to speak to someone about these questions or receive e-mail answers:

How large is the operation in terms of personnel? Where do they come from? The Army Web Risk Assessment Cell consists of five distinct Army Teams and several contractors. The Army units include: Ten mobilized National Guard soldiers in Manassas, Virginia, and smaller traditional Guard elements from Texas, Washington, Maryland and a Reserve element from Virginia. The Mobilized soldiers are called up for 1 year and the Guard/Reserve soldiers participate for up to 2 days a month and an additional 15 days during the year.

How successful has the cell been in accomplishing its goal? Very successful, the Cell reviews hundreds of thousands of web pages and blogs every month. Based on the reviews the- Cell makes several dozen notifications to individuals and unit commanders around the world. These notifications identify the specific material that is deemed inappropriate and asked that the material be taken off the internet. Without giving specifics if that is not possible, what are some of the largest successes it has had in regard to finding sensitive information on public access sites?

For a servicemember that has or is considering blogging, should the be discouraged from it because of this cell? No, the members of the cell are all citizen soldiers who value the protections of the First and Fourth Amendments. We are not a law enforcement or intelligence agency. Nor are we political correctness enforcers. We are simply trying to identify harmful internet content and make the authors aware of the possible misuse of the information by groups who may want to damage Unites States interest. We also point out to people the possible negative effects of posting personal information about themselves and family members on the internet. Some of our cell members are now bloggers due to the great stories and interactions they have experienced during the mission.

What has the overall reaction been to those blogging unofficially that have been contacted because of information on their site? A wide variety of reactions. Some bloggers are 2 grateful because they did not truly understand the potential damage their site could cause. Some bloggers are indignant. They make unfair accusations implying that we are trying to stifle free speech. The majority of people try to be more careful. No one we have contacted has been deliberately trying to harm our soldiers or United States interest. Bloggers and web masters are simply expressing themselves in a wide open forum and want to share their life changing experiences with the rest of the world. The Army encourages soldiers to exercise their rights, under the Constitution. Giving soldiers an outlet for free expression makes happier and more professional soldiers. American soldiers are not shy about giving their opinions and nothing the Web Risk Cell does can dampen that trait.

Thank you,

The AP, founded in 1846, has more than 8,500 subscribers globally. Via satellite and the Internet, AP distributes multimedia services to more than 12 0 countries. With a global network of 240 bureaus, AP provides news in text, audio, video, graphics and photos to more than 15,000 news outlets with a daily reach of 1 billion people worldwide.

V/R

NETCOM/9th ASC Public Affairs Officer

Sent: Tuesday, October 17, 2 006 7; 3.3 AM

Subject: RE: Associated Press Query (UNCLASSIFIED

Classification: UNCLASSIFIED

Caveat s: NONE

sure before we talk with the press that we clear it through the CIO/G6 PAO 'and the NETCOM PAO

3 It is now "come to bubba time" -- I am sure you are aware that the reporter may just be interested in the story or he may be an avid Privacy guru.

We need to make sure - once we get the PAO go ahead -- that we do not slip and give the impression that we are monitoring anything that is private or not in our lane.

Before we talk with anybody please set up a teleconference withrf and myself and}

Good news - we are getting visibility -- bad news we are getting visibility.

Deputy Director Army Office of Information Assurance and Compliance

Sent: Tuesday, October 17, 2006 10:26 AM

)]ect: RE: Associated Press Query (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

We are at

Sent: Tuesday, October 17, 2006 10:13 AM a Subject: Associated Press Query

Sir -

I have received query about your unit and its mission Press, Richmond. He is interested in following up on

Please send me your contact information.

V/R

Lieutenant Colonel, Virginia Army

National Guard

Public Affairs Officer

www.virginiaguard.com

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

5 Sent: Wednesday, November 01, 2006 12:28 PM To: Cc: Subject: RE: blogging guidence (UNCLASSIFIED) Signed By:

Classification: UNCLASSIFIED

Caveats: NONE

We had the team scan and review the blog. There doesn't appear to be any glaring OPSEC violations other than a few compound photos with detailed descriptions of what they were looking at including one of a photo of a barracks area that shows barriers surrounding the building, with a vehicle parked right next to the barriers.

Thanks

November Ql, 2006 9:04 AM

Subject UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Please research and respond thru me.

Subject: blogging guidence Sir-

My name and I am currently deployed as a security manager at I recently found your name in the article that ran in the Stars and Stripes on 29 October about web blogging. I currently have an issue with a soldier who is posting a blog while stationed here. I feel there is too much information being posted (including pictures) but have had a hard time finding any concrete regulations as to what can and cannot be put in a blog. I will attach a link to the blog I'm referring to at the bottom of this message if you'd like to take a look at it. Any guidance you could give would be of great assistance. Thank you for your time.

v/r

2LT, MI

CFLCC STB S-2

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

2 Classification: UNCLASSIFIED Caveats: NONE I spoke to the tech for the IA training site today; he is going to put all the training on to a CD and next day it t o ^ P ^ W e should have it by Thursday. It is too big to e-mail and our email cannot be zipped.

Classification: UNCLASSIFIED Caveats: NONE

l From: Sent: .Monday, February 26, 2007 1:31 PM To: Subject: FOIA 1 (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE To many to send in one e-mail when you are on the vpn can you see the J drive?

Classification: UNCLASSIFIED Caveats: NONE Subject: FW: Possible Impact of Web Monitoring Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

-Original Message

Sent: Tuesday, February 13, 2007 1(T:36 AM

Subject: FW: Possible Impact o Monitoring Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

FY I

-Original Message

Sent: Tue 2/ll/'JUii'/ 5sTi AM

Subject: •ossiMS impact ot Web Monitoring Mission (UNCLASSIFIED)

Thanks. We'll put in for an exception. LTC W.

Jl • We need to work up an exception request, for the sites, to have NETCOM push up.

Original Message-

t ;^Monaay^February 12, 2007 5:23 PM

Subject: Possible Impact of Web Monitoring Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Please be advised the suggested blocking action by JTFGNO could inhibit the Web Searching mission being performed at the Manassas Armory by the VaDPU, as many of the sites listed below are reviewed quite often during the Web Searching mission's operations. Please see the WARNORD from JTFGNO below or at https://www.jtfgno.mil/operations/warnord/2007/WARNORD%2007-003.doc

TO: COCOMs/Services/Agencies/Field Activity (CC/S/A/FA) NetOps Centers

I SUBJECT: JTF-GNO WARNORD 07-003, Blocking Recreational Traffic at the Internet Access Points (IAP) (U/FOUO)

REFERENCES: Ref A: JTF-GNO CTO 06-15, 9 August 2006, Directive to Initiate Use of New NetOps Tasking Order Compliance Tool Ref B: McAfee Avert Labs Unveils Predictions for Top Ten Security Threats in 2007 as Hacking Comes of Age (http://www.mcafee.com/us/about/press/corporate/2 006/2 006112 9_08 0000_f.html)

1. (U/FOUO) APPROVAL: JTF-GNO J3, Director of Operations approved this message release.

2. (U/FOUO) ACKNOWLEDGEMENT: All CC/S/A/FAs must acknowledge message receipt within 48 hours through the Communications Tasking Order Compliance Tool in the online Vulnerability Management System (VMS), https://vms.disa.[smil.]mil.

3. (U/FOUO) SUMMARY: JTF-GNO and open source analysis has revealed a significant number of DoD users accessing 12 specific internet sites that have been linked to po'ssible criminal/malicious intent. The sites are considered recreational and are used to post individual information, personal videos and photos, and other files. JTF-GNO will proactively counter this emerging threat by blocking recreational websites hosting malicious media (trojans, phishing and other exploits). This Component-coordinated action will further limit exfiltration of DoD user information caused by malicious code,- limit inadvertent disclosure of sensitive DoD information (OPSEC) ; and continue to shrink GIG exposure to the Internet. Commander, JTF-GNO will factor all Component feedback (due 28 February 2007) into the go/no-go decision prior to implementation. Once approved the JTF-GNO will implement the block at all IAPs on or about 5 March 07.

4. (U/FOUO) BACKGROUND: Unhindered access to non-operational (recreational) sites exposes the NIPRNet to unnecessary avenues of attack. Symantec, McAfee and other open source information throughout 2006 reported exploits, viruses, malware and phishing attributed to common recreational sites. Further, these open sources fault CIOs and CISOs for their lack of security considerations and oversight governing restrictions to recreational sites, even sites known to host malicious code. McAfee listed video sharing (a very popular downloadable item from recreational sites) as the third most significant threat in their Top Ten Security Threats for 2007, see Ref B. Additionally, there have already been inadvertent and intentional critical Operational Security (OPSEC) information losses as well as exfiltration of DoD user information reported from recreational websites like myspace.com and hi5.com. In sum, blocking recreational IPs has several benefits: 1) reduces access to sites hosting malicious code such as trojans, phishing, and exploitation; 2) reduces exfiltration of DoD user information; 3) reduces inadvertent disclosure of sensitive DoD information (OPSEC); and 4) continues "shrinking the operational white space"; all the while ensuring data confidentiality, enhancing network availability, and reducing GIG risk. Based on this assessment, JTF-GNO is implementing a proactive measure to address emerging threats by blocking IPs and IP subnets associated with known problematic recreational websites at the IAPs on or about 5 March 2007.

5. (U/FOUO) CURRENT SITUATION: The JTF-GNO will block recreational traffic at the IAPs on or about 5 March 2007 once feedback from the Components is received. This action only pertains to traffic to and from the Internet and DoD networks, across the IAPs. It will not impact internal NIPRNet to NIPRNet, or SIPRNet traffic. This action does not prevent components from taking more restrictive actions to protect their individual enclaves. This WARNORD is the first initiative concerning blocking recreational IP traffic at the IAPs. JTF-GNO will continue to monitor and analyze the NIPRNet to identify more candidate sites for future potential blocks. In the event that a CC/S/A requires an exception at the IAP, the CC/S/A will complete an IAP Exception Request (located at

2 https://www.jtfgno.mil/operations/portsandprotocols/2 006/PPS_Exception_Req_in structions.doc) and submit the request through their appropriate Ports & Protocols Representative to JTF-GNO POC in paragraph 10, NLT 28 February 2007.

6. (U/FOUO) SPECIFIC ACTIONS: ACTION 1. Components must address any operational concerns to JTF-GNO by 28 February 2007 to be factored into a go/no-go decision by Commander, JTF-GNO. "No Concern" replies should be sent as well. Send all comments to the POC in paragraph 10.

ACTION 2. On or about 5 March 2007 JTF-GNO will direct the blocking of the following IPs and Subnets at the IAPs:

208.65.152.0/22 (youtube.com; User-Upload Streaming Video) b. 64.62.253.88 (l.fm; Streaming Audio) c. 66.151.149.64/27 (pandora.com; Streaming Music) d. 69.17.46.120/29 (photobucket.com; Personal Photo Sharing) e. 66.11.48.0/20 (photobucket.com; Personal Photo Sharing) f. 67.134.143.0/24 (myspace.com; Social Networking) g. 204.16.32.0/22 (myspace.com; Social Networking) h. 216.178.32 0/20 (myspace.com; Social Networking) 216.235.80.0/20 (live365.com; Streaming Radio) j. 204.13.51.241 (hi5.com; Social Networking) k. 66.28.245.26 hi5.com; Social Networking) 1. 66.28.245.111 (hi5. com,- Social Networking) m. 204.11.105.26 (hi5.com; Social Networking) n. 72.32.103.177 (metacafe.com; User-Upload Streaming Video) o. 212.150.86.226 (metacafe.com; User-Upload Streaming Video) User-Upload Streaming Video) P- 209.85.106.24 (metacafe.com; User-Upload Streaming Video) q- 69.20.95.4 (metacafe.com; 65.61.188.4 (metacafe.com; User-Upload Streaming Video) r. (mtv.com, ifilm.com; Streaming Video) s. 204.74.64.0/18 206.220.40.0/22 (mtv.com, ifilm.com; Streaming Video) t. 70.42.66.70 (blackplanet.com; User-Upload Streaming Video) u. 170.224.107.73 (blackplanet.com; User-Upload Streaming Video) V. 64.93.76.0/24 (stupidvideos.com; User-Upload Streaming Video) w. 64.202.189.170 (filecabi.com; User-Upload Streaming Video) X. y. 204.13.51.246 (hi5.com; Social Networking)

7. (U/FOUO) CLARIFYING GUIDANCE: All approved DoD to Internet connections registered with the DoD Systems/Networks Approval Process (SNAP) must also implement these blocks at their respective Internet gateway(s). No external Internet Connections are authorized without obtaining the proper waiver LAW DoD Directive 8100.1 "Global Information Grid (GIG) Overarching Policy" and CJCSI 6211.02B "Defense Information System Network (DISN): Policy, Responsibilities And Processes". For further information and to request a waiver, CC/S/A/FAs must use the Systems/Networks Approval Process at https://snap.dod.mil/cap_index.cfm.

8. (U/FOUO) COMPLIANCE: None

9. (U/FOUO) TECHNICAL SUPPORT: Send technical questions to the POC in paragraph 10.

10. (U/FOUO) POINTS OF CONTACT: The primary point of contact for this order is :

3 V.

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

•<••.

4 Tuesday, HeDruary 27, 2007 1 35.AM

FW^ManSalo^T^inpSLTSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

C l a s s i f i c a t i o n : UNCLASSIFIED Caveats: NONE

Original fen^TMonday, November 20, 2006~10:14 AM

rject: FW1~"Mandatory Training --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Please complete this training. Send me your certificates NLT 3 0 November 2006. The sooner the better.

Thanks

ient: Monday, Novemcer ^u,2006 5T2^ AM

Subjec^^^^^Mandlflr^^S^flTg --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Let get this done.

Sent: Sunday, November 19, 2006 10:29 AM

ubject: "Mandatory Training --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED) Classification: UNCLASSIFIED

Caveats: NONE

ALCON,

This is important -- the DAS -- Director of the Army Staff has directed this training -- it will take awhile for you all to finish it. The only one with a test is the module we developed.

Need you to complete the modules and send a copy of the certificate you receive from our module and the fact that you completed the other modules to Joe Metallo.

I can almost guarantee you that we will be forced to reply by name who has taken the training and use has not during the Christmas holidays.

DIVISION Chiefs - - I am holding you responsible for getting your people to take the modules - I do not expect Joe to run around trying to get everyone to do the training.

I have completed the training - it is not difficult and contains some good information. Yes - I passed the test without the answers --of course I helped develop the test.

IMPORTANT !!!!!!: You do not want to be the first person to be caught violating one of these rules contained in the training -- the DAC and VCSA have, had it with leaked information and incorrectly marked information -- please heed !!!

Classification: UNCLASSIFIED

2 Caveats: NONE

Please note the correct address is

https .- //www. g357extranet .army.pentagon.mil/onlinetrainingcourse/introduction.aspx

Office of Information Assurance and Compliance

Army CIO/G-6, NETCOM

From: • ^ C Mr NETCOM Sent ^J imber 16 2("infi 7 • To:

Cc: NETCOl Subject: "Mandate Training o (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

To all of the above addresses

Mandatory Training — Handling Sensitive Information: The DAS has directed that all civilian and military personnel complete a series of modules on Handling Sensitive. Information.

Please^print the completion certificate for each module and turn in to me, before 12 December.

You may access the modules at the following address: https://www.g3 57extranet.army.pentagon.mil/onlinetrainingpcourse/introduction.asp

Vr 3 Office of Information Assurance and Compliance Army CI0/G6, NETCOM

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE Sent: ^Tue•sd•ay,• Feb•rua•ry •27, •200•7 11:3 2 A M Subject: F W : Watchfire Starting Dashboard (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

Good Morning, Due to a glitch in authentication, the initial logon screen to Watchfire will be blank and say that the starting dashboard has been deleted. This is not the case. When the extra dashboards were deleted last Thursday, something happened where Watchfire is not recognizing the AWRAC Dashboard as a starting page. The Watchfire helpdesk is aware of this and are working on a fix. The glitch ties in with the Authentication for the external access link.

That being said, when you get to the starting page with the error message, scroll down to the bottom of the page and click on "Go". Even though the drop down menu already says "AWRAC Dashboard", you must click go to actually be brought to it.

I will keep everyone informed until resolution is reached.

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell

1 AKO IM User

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

1 From: Sent: ray, heDrn : 7~32 AM To: Subject: FW: NE SCANS (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

-Original Message

Sent: Wednesday, October 11, 2006"3:40 PM

Subject: NE SCANS (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Please go to this folder and assign yourself to the list of NE SCANS,

This is critical to monthly numbers to Land the

\\132.135.102.11\Shared_Admin\AWRAC\WEBXM SCANS\NE scans.xls

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE From: Sent: Tuesday, February 27, 2007 11 :T1 AM To: Subject: FW: Case# I f M C T p e r f l H u W t h Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh (UNCLASSIFIED)

Importance: High

Attachments: image001.jpg

image001.jpg (10 KB) Classification: UNCLASSIFIED Caveats: NONE

-Original Message

SentT.^?^a^^Septembef"29, 2006 2:34 PM

Subject: FW: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh (UNCLASSIFIED) Importance: High

Classification: UNCLASSIFIED

Caveats: NONE

Make sure we are staying on top of all the issues we are having with Watchfire. Keep me abreast of all issues, because as far as I know, the issue from last week is still open.

Sent: Friday, September 29, 2 006 10:56

Subject: R E ^ C a s e ^ l 6 0 9 8 ^ O p e r i Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

I was_told by the .IMP here that we are unable to use Live Meeting on these computers, had told ^ H A this in the past when the database needed to be sent to Cananda for analysis. What's the latest on the issues you're having with the system?

I have one test scan running to make sure that the 4 servers are talking to eachother. 1 After it's successfully done, I'll send an email out so we can all resume scanning.

Talk soon,

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell A&VTR Analyst

AKO IM User

Sent: Thursday; 12 PM To: 'Watchfire Support'

Subject: RE: Case# 16098 Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

We are having other issues that we believe are H/W platform related. I will have somebody from our team contact you tomorrow with the details. I will be attending a conference tomorrow, but Monday is wide open.

From: Watchfire Support [mailto:[email protected]] Sent: Thursday, September 28, 2006 5:10 PM

Subject: RE: Casef 'issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh

Just following up again. If this is still a problem can you first verify your build your running? Then can you give me some times you might be available for a live meeting so we

2 can try and resolve it.

Thanks

Original Message— From: Watchfire Support Sent: Monday, September 25, 2006 4:16 PM

Subject: RE: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

I would like to see if we could set up a live meeting to verify this. Can you verify you are running build 4.50.1.12?

Thanks

•MM • Sent: Monday, September 25, 2006 3:49 PM To: Watchfire Support Subject: RE: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Maybe I missed it, but I've not heard from your folks yet. I would like to have the Watchfire support work with a member of my team that was experiencing the problem. We quit around 4PM EST, so I hope we can line something up for tomorrow.

Thanks

From: Watchfire Support [mailto:[email protected]] aent^Friday, Spnt-^mh^r- -JO -;nng 11:13 AM

Subject: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh

Helloj Thank you for contacting Watchfire Technical Support. Your request has been logged in our support database as incident # [16098]. A technical representative is looking into your request and will contact you shortly.

Best regards,

Watchfire Technical Support 1 Hines Rd, Kanata, K2K 3C7 ON., Canada

www.watchfire.com

Vote for AppScan(r)!

AppScan is nominated for the SC Magazine awards. Show your support by voting for AppScan today!

Best Audit/Vulnerability Assessment Solution http://www.scmagazine.com/us/awards/categories/26182/best-audit-vulnerability-assessment- solution/

Best Managed Security Services http://www.scmagazine.com/us/awards/categories/26161/best-managed-security-services/

Sent: Friday,September o: Watchfire Support

Subject: Open Issu?

Classification: UNCLASSIFIED

Caveats: NONE

Watchfire Support,

I would like to open a ticket regarding an issue we are having. The problem is as follows, issues my group marks a potential concern as noise. When the same ssite is scanned again, the same noise is being picked up as a potential concern again. I don't know if some of the "database" shrinking were doing is effecting this or not however I would like to work towards a resolution for this problem.

If you would like to discuss the details I can have you work directly with a member of my team.

4 Thanks for your support.

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

5 From: Sent: Tuesday, February 27, 2007 11:31 AM . To: Subject: FW: Case 15854 /atchfireTJB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

-Original Message

Sent: Friday, September 15, 2006 2:14 PM

NETCOM Subject: FW: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

FYI....

Please continue to report Watchfire issues through me. According to Watchfire we should be good.

LT

From: Watchfire Support [mailto:[email protected]] Sent: Fridav^flentembei

Subject: RE: Case 15854 - RE: Watch e (UNCLASSIFIED) #ac (UNCLASSIFIED)

I have the info I need. There are 3 jobs that haven't deleted properly so dev is looking into it for me.

This shouldn't be affecting anything within your WebXM usage though.

Regards,

i Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | [email protected]

Sent: Friday, September 15, 2006 1:24 PM

Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

What is the status of this?

Thanks

Sent: Friday, September 15, 2006 8:19 AM To: 'Watchfire Support1; Mazur, Gerald A 1LT CI0/G6

Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Yes, I can do it this morning.

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell A&VTR Analyst

Ajp IM User

2 From: Watchfire Support [mailto:supportOwatchfire:com] Sent: Thursday, September 14, 2006 4:44 PM

Subject: RE: Case 15854 - RE:" Watchfire nly'has 15% Free (UNCLASSIFIED) ttac (UNCLASSIFIED)

Just to finalize this can someone run this for me?

select * from job where deletedflag = 1

Thanks,

Watchfire Support | Watchfire Corporation | [email protected]

From: Watchfire Support Sent: Wednesday, September 13, 2006 9:54 AM

Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Everything seemed to be in order when I was on the phone with David. There were only 2 jobs that hadn't been deleted yet and that's because they were deleted that day so the background process hadn't gotten rid of them yet. I'll send a query today or tomorrow to make sure that the jobs are gone.

There was 20 GB of free space within the database file itself that f H H R w a s going to reclaim by doing a shrink on the database. I'm not sure if he did that yesterday or not,

At this point, you should be all set so let me know if there are any issues.

Regards,

3 Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | [email protected]

Sent: Wednesday, September 13, 2006 9:11 AM

+>¥ Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

What is the status of this issue?

Thanks

Subject: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac

I actually have a case open about this issue with

We've determined that the jobs aren't being deleted properly so that's why the space hasn't been reclaimed after you deleted the jobs.

I'm waiting for the results from a query and then based on that we should have enough info to go on. £ B L S in training but I'll attempt to call him shortly.

Regards, 4 Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | [email protected]

Sent: Tuesday, September 12, 200 6 10:18 AM To: Watchfire Support

Subject: Watchfire" DB Only has 15% Free (UNCLASSIFIED) Importance: High

Classification: UNCLASSIFIED Caveats: NONE

For the past week, the database has grown enormously. At the end of last week, it was 100% full. We deleted 90% of the scans in the webspaces along with old profiles and managed to get 15% of the space free. It's been hovering around 15% since then. Almost daily, ^ B ^ a n d I have been going in and shrinking the DB and running the disk defragmenter to gain whatever we can scrounge up for space.

This morning, I went into NETCOM 01 and did my usual shrink and defrag. I noticed that after I did the defrag, that the fragmented files were still there. When I asked 4 ^ H B H H H H V ^ m Y co-worker, to take a closer look at this, he saw that the DB wasn't being defragged after all.

Can you take a look at this with me and advise me how to get rid of anything that we may not necessarily need? We have a storage device that is awaiting install, but will take another month or two. I'll be at my desk all day, in case you want to call. Thank you.

LMIT Professional Services

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell A&VTR Analyst

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED

5 Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE To: Subject:

Classification: UNCLASSIFIED Caveats: NONE

(UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

And these as well:

US Army Corps of Engineers St. Louis District

USACE St. Louis NW SEPT 06 http://www.mvs.usace.army.mil/

US Army Corps of Engineers Rock Island District

USACE Rock Is NW SEPT 06 http://www.mvr.usace.army.mil/

Sent: Thursday, September 07, 2 0T? 3 :16 PM

Subject: (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

ALL, Please send me you sites that you have been working on, the links found (under statistics) and the number links that you have reviewed from each site and if all possible, the number of false positives and actual violations.

New Scans that will run tonight (September 7, 2006) I will assign them out Friday

757th Transportation Battalion

757th Trans BN NW SEPT 06 http://www.usarc.army.mil/88thrsc/3 36_tc/757_tc/

336th Transportation Group

NW-336th Trans Grp NW SEPT 06 http://www.usarc.army.mil/8 8thrsc/336_tc/

Nevada Army National Guard

NV ARNG NW SEPT 06 http://www.nv.ngb.army.mi1/Army

88th Regional Readiness Group Website

88th RRG NW SEPT 06 http://www.usarc.army.mil/88thrsc/88_rsg/

88th Regional Readiness Command

88thRRC NW SEPT 06 http://www.usarc.army.mil/88thrsc

353rd Transportation Company Unit Web Site

353rd TC NW SEPT 06 http://www.usarc.army.mil/88thrsc/644_asg/457_tc/353_tc/

Stiker BDE Combat Team

SBCT NW SEPT 06

2 http://www.sbct.army.mil

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

3 From: Sent: fTiesday, February: To: Subject: FW: (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Subject: (UNCLASSIFIED) •

Classification: UNCLASSIFIED

Caveats: NONE

ALL,

Please send me you sites that you have been working on, the links found (under statistics) and the number links that you have reviewed from each site and if all possible, the number of false positives and actual violations.

New Scans that will run tonight (September 7, 2006) I will assign them out Friday

757th Transportation Battalion

757th Trans BN NW SEPT 06 http://www.usarc.army.mil/88thrsc/33 6_tc/757_tc/

336th Transportation Group

NW-336th Trans Grp NW SEPT 06 http://www.usarc.army.mil/88thrsc/3 36_tc/ Nevada Army National Guard

NV ARNG NW SEPT 06 http://www.nv.ngb.army.mil/Army

88th Regional Readiness Group Website

88th RRG NW SEPT 06 http://www.usarc.army.mil/88thrsc/88_rsg/

88th Regional Readiness Command

88thRRC NW SEPT 06 http://www.usarc.army.mil/88thrsc

353rd Transportation Company Unit Web Site

353rd TC NW SEPT 06 http: //www.usarc.army.mil/88thrsc/644_asg/457_tc/3 53_tc/

Stiker BDE Combat Team

SBCT NW SEPT 06 http://www.sbct.army.mil

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE

2 From: Sent: Tuesday, February 27, 2 .9 AM To: Subject: FW-. Notes from Meeting withTOajor Newbern 7/28 (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

- O r i g i n a l Message

S e n t : Monday" ~™Juli>

Subject: Notes from Meeting with Major Newbern 7/28 (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Team,

Here are some notes I took from our meeting on 7/28...meant to send this out Friday.

* Civilians from team will be working with us more closely starting the week of 7/31. More specifically getting us up to speed on doing scans. * Jl B- will be moving on to a three letter agency. J| •••_>.ill be assuming her role. ^^^^^ * There are other Reserve/Guard units involved with this mission and I'm sure we'll be working with them more closely as the year passes. * USAR at DISA * USAR at Delphi * NG (Texas) * NG (Washington state) * There will be opportunities forthcoming to go downtown to look at the technologies . in use, i.e. SAN, Backups. NETCOM will be looking for us to make improvements. This will be a great opportunity for the DPU to shine in this mission. One of the first items in this area is the SAM. AWARC was approved to acquire a SAN. ^M MBfe will be going to Crystal City the week of 7/31 ^ ^ ^ ^ ^ • • H r is responsible for providing a report the third of each month. SFC will be coming to you all for input. => Watchfire Web training on 8/9 @ 1300 hours. We are trying to get the url ' -vj in. nit will be doing their AT here from 8/7 to 8/15. The concept is i,y will be falling in on our DAHQ laptops to continue the AWARC .ek they will be working from 1630 to 1230 (end time is still TBD). 11 be during the day. We will need to provide a body to work with -ting together a schedule. Please be flexible. Thanks for the continued hard work.

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE Subject: found this on the web (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE http://www.wired.com/news/politics/0,72026-0.html?tw=rss.index

Web Risk Assessment/Information Assurance Analyst

Classification: UNCLASSIFIED

Caveats: NONE

1 Importance: High

Attachments: hood.xls; AMC.doc; Findings list.doc

aft] hood.xls AMC.doc Findings listdoc . Classification: UNCLASSIFIED

Caveats: NONE

PAO-- The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. Ten OPSEC concerns were found on your organization's website and have been classified as major findings. The attached spreadsheet contains URLs that are publicly accessible, and are marked FOUO and contain personal information. Please review the attached documents for further guidance, and report resolution of these issue NLT 21 DEC 06.

Please contact me if you have questions. « . . . » « . . . » « . . . »

Information Assurance Directorate NETC-EST-A

AKO IM User

Classification: UNCLASSIFIED

Caveats: NONE From: Sent: Tuesday, January 23, 2007 1 ;02 To: Cc:

Subject: ARL Response to "48 OPSEC Concerns on Public Website" (UNCLASSIFIED)

Follow Up Flag: Follow up Flag Status: Completed

Attachments: ARL-MEMO-25-70.pdf

ARL-MEMO-25-70.p Classification: UNCLASSIFIED Caveats: NONE

As per our conversation of January 9th, below is the response to your December email, "48 OPSEC Concerns on Public Website."

ARL is fully cognizant of the need to follow proper OPSEC procedures, as well as the DA and DoD guidance. In September of 2005, ARL used the established guidances in crafting its own regulations on how material would be published on the external internet site. This policy also «ARL- MEMO-25-70.pdf» took into account the need for flexibility to pursue ARL's stated mission as the Army's corporate laboratory, and reflected our dedication as an organization to proper OPSEC procedures. ,

We recognize that names and contact information are posted on the external server. However, the posted information pertains to recognized POCs for internal lab programs. Quoting the ARL memo, these POCs help ARL "act as the bridge between the science and technology community and the warfighter." The relevant section of the policy is below for your convenience. Additionally, I have attached the full policy in PDF form to this file.

With this in mind, ARL believes the content on its internet server is in conformity with the existing guidance. Should you have any immediate questions, you may reach me at 301-394-1889. ARL's Associate for Corporate ProgramsflBHMHHBfc, oversees the website and may be reached at

ARL Public Affairs Office

ARL MEMO 25-70 5. POLICY AND PROCEDURES (2) Content. (b) Information NOT Appropriate or Releaseable (vi) Information of a personal nature which could be used to identify an individual or their location I is prohibited with the exception of 1) and 2) below. The consent of an individual does not negate this requirement. All Internet references shall be anonymous with reference to an organization, a generic office symbol, central organization phone number or function-based email address.

* 1) The posting of names and contact information for the ARL Director and the ARL Public Affairs Officer is permitted. ** 2) ARL is not an insular organization. Its success hinges on its ability to act as the bridge between the science and technology community and the warfighter. ARL has identified technical topics that are essential to its mission accomplishment and has assigned responsibility to select individuals for communicating with the public in these topical areas. It is in these areas that ARL must effectively collaborate with the public sector.

For those individuals designated as technical topic leaders, their duty descriptions and performance objectives designate them as organizational spokespersons and recognized leaders in their specialty fields and they require a high-level of unrestricted national visibility to carry-out their duties. Their duties include: being readily identified and contacted as the Army's lead for discussions of potential new extramural programs in their area of expertise; being sought out to serve on special task forces and committees; being sought as a consultant by other specialists; and receiving invitations and address national professional organizations.

Classification: UNCLASSIFIED Caveats: NONE

2 From: Sent: Wednesday, February 15, 2006 3:25 PM To: Cc: Subject: FOUO document (UNCLASSIFIED)

Attachments: AMC.doc; Findings list.doc

AMC.doc (27 KB) "indings list.doc (46 KB) Classification: UNCLASSIFIED Caveats: NONE https://iassure.usareur.army.mil/policy/iava/iavaitem.aspx?iavalD=118

IAPM -- The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. An OPSEC concern was found on your organization's website and has been classified as a minor finding. The attached URL is publically accessible, and is marked FOUO. Please review the attached document for further guidance, and report resolution of this issue NLT 22 FEB 06. Please contact me if you have questions.

Asset and Vulnerability Tracking Resource (A&VTR) PM Liaison AWRAC Analyst NETCOM (CIO/G6) 2530 Crystal Drive Arlington, VA 22202

"Press any key....hmmm, where's the any key?"

Classification: UNCLASSIFIED Caveats: NONE From: Sent: Wednesday, December 20,"2006 3:55 PM To: Cc: Subject: ebsite (UNCLASSIFIED)

Importance:

Follow Up Flag: Follow up Flag Status: Red

Attachments: AMC.xls; AMC.doc; Findings list.doc

AMC.xls AMC.doc Findings list.doc Classification: UNCLASSIFIED Caveats: NONE

We have completed the corrections to our public website outlined the AMC.xls file.

Thank you,

Webmaster, HQ AMC Ft. Belvoir, VA

Sent: Thursday, December 14, 2006 11:51 AM To: Public Communications Subject: 20 OPSEC Concerns from AMC Website (UNCLASSIFIED) Importance: High .

Classification: UNCLASSIFIED Caveats: NONE

Webmaster and PAO - The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. Twenty OPSEC concerns were found on your organization's website and have been classified as a major and minor findings. The attached spreadsheet contains URLs that are publicly accessible. Please review the attached document for further guidance, and report resolution of these issues NLT 21 DEC 06.

Please contact me if you have questions. « A M C . x l s » « A M C . d o c » «Findings list.doc» R/,

Information Assurance Directorate NETC-EST-A

Army Web Risk Assessment Cell AKO IM User

Classification: UNCLASSIFIED Caveats: NONE

2 From: Sent: Monday, February 05, 2007 2:43 PM To: Cc: Subject: FW: 2006 Info Paper (UNCLASSIFIED) Signed By:

Attachments: 2006 AWRAC Synopsis FINAL2.doc

2006 AWRAC ^nopsis FINAL2.doc Classification: UNCLASSIFIED Caveats: NONE

Please review and forward to Original Message- Sent: Thursday, February 01, 2Q07 3:40 PM Subjec^^W^OO^InfoPaperUJNCLAS SIFI ED) Classification: UNCLASSIFIED Caveats: NONE

-Original Message

Subj Paper Classification: UNCLASSIFIED Caveats: NONE

Here's the paper I was taking about. I'll add a couple more of my own points and give some more examples of violations when you email it back to me. Thanks!

Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

AKO IM User

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE INFORMATION PAPER

NETC-EST-I 12 JAN 2007

SUBJECT: Army Web Risk Assessment Cell (AWRAC)

1. Purpose. To provide an end of year synopsis to the Senior Leadership regarding the accomplishments of the Army Web Risk Assessment Cell (AWRAC) for 2006.

2. Facts: The AWRAC mission is to search Army Websites and unofficial sites posted by Army personnel for information that could pose a risk to national security on unsecured web sites. In addition, the AWRAC evaluates website content to ensure compliance with departmental policies, federal regulations and procedures, and industry best practices. The AWRAC's core mission consists of website patrolling, bulk analysis, and operational security analysis.

3. The Army Web Risk Assessment Cell (AWRAC) successfully mobilized 10 members of the Virginia National Guard Data Processing Unit on 10-21 July 2006 for one year. The team is leading AWRAC's mission to monitor official and unofficial web sites for OPSEC violations IAW the CSA's 20 AUG 2005 message. The team processed through Fort Belvior, and is assigned to NETCOM, with duty at the unit's headquarters at Manassas Armory. The Team also led the training of 20 additional traditional Guardsmen. During January 2007, the Cell conducted a eight day, 24X7 operation to review a multitude of web sites and blogs. The operation included mobilized soldiers, traditional Guardsmen, Reserve Soldiers, and contractors. The mobilized soldiers are also developing two applications. One will replace the Joint Web Discrepancy Tracking System (JWTDS). The other application will collect information from the disparate reporting tools and present a consolidated view of the web sphere for analyst and members of the Army leadership.

4. For the year ending DEC 2006 the AWRAC reviewed over 1200 official Army websites and over 500 blogs posted by Army personnel. These sites consisted of over four million pages and yielded over 1800 OPSEC concerns. Following identification of potential risks, the AWRAC team worked with the sites' operators to remove information that could pose a security threat. Based on this review the team eliminated or secured over 1274 documented security violations. For example, the discovery and removal of a SECRET document that was posted on the AKO UNCLASSIFIED network. The AWRAC was instrumental in the removal of information on biological, chemical and missile weapon systems throughout the World Wide Web to ensure the safety of the American public and curtail leakage to unauthorized persons. In addition the AWRAC team removed or secured access to For Official Use Only (FOUO) and Freedom of Information Act (FOIA) documents from publicly accessible web sites. This also included removing documents on Army web sites that protected personnel from identity theft of Social Security numbers, dates of birth, home addresses. This single

• action totally eliminated significant potential threats to national security and Army personnel. Ongoing reviews keep the AWRAC mission on track and up-to-date.

5. The team reviews over 1700 websites for security concerns two to three times a year. It conducts announced and unannounced assessments of Army websites to determine compliance with regulations. A parallel and continuing AWRAC task is providing education and training to enable relevant audiences and Army personnel to become aware of and preventing/removing potential risks from the extensive and growing number of Army maintained web pages and personal blogs. The team has engaged in a number of outreach programs to increase awareness of the potential damage stemming from information on publicly accessible sites by publishing articles in military and technical publications, training over 2000 personnel on their OPSEC web site https://iatrainins;.us.army.mil since JAN 06, and by developing an Information Assurance Awareness Training Course posted on the IA training site. This training has

INFORMATION PAPER

NETC-EST-I 12 JAN 2007

SUBJECT: Army Web Risk Assessment Cell (AWRAC) been accessed by over 741 HQDA staff members since JUL 06 IAW the Army IG directive. The AWRAC also supports a website on Army Knowledge Online at https://www.us.army.rnil/suite/portal.do?$p=254224 to provide information on AWRAC issues with over 540 members.

6. This mission is an ongoing endeavor that will require continuous fine-tuning and flexible, innovative tools and procedures to meet the existing and future needs of the Army's web community and public outreach programs.

7. The AWRAC currently employs three full-time analysts, a mobilized 10-member team from the VA National Guard's Data Processing Unit (DPU), and coordinates for support from 30 Army National Guard and Army Reserve soldiers to conduct analyses during their drill weekends and annual training. Currently a request is being processed to NETCOM for an additional year of mobilized manpower support from the VA DPU. From: Sent: To: Cc: Subject: FW: 07Q130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc (UNCLASSIFIED) Signed By:

Attachments: 070130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc

070130.EXSUM.AW

RAC- Analysis... c | a s s i f i c a t i o n ; UNCLASSIFIED Caveats: NONE

What is the A-Z list ? Where is the site and what is the authority that directs web site owners to register at this site ?

Deputy Director Army Office of Information Assurance and Compliance

-Original Message-

Sent; Tuesday, January 30, 138 PM

Subject: 070130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc

(UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

For your review from LTC Warnock

Classification: UNCLASSIFIED

Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE *NOTICE: Message body content downgraded from previous markings UNCLASSIFIED//FOUO by AnzulewiczPD

FYI

Sent: Friday, September 29, 2006 12:01 PM To: [email protected] Subject: Re: [WEBMASTERS] Army message (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: FOUO

Classification: UNCLASSIFIED Precedence: P

DTG:281830ZSEP06 From: SAIS-ZA CIO/G-6

Subject: ARMY GUIDANCE IN SUPPORT OF JTF-GNO CTO 06-02 UPDATE 3 (FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS)

TEXT:

UNCLASSIFIED//

PRECEDENCE TO: PRIORITY DTG: 281830Z SEP 06

PRECEDENCE CC: PRIORITY

SUBJECT: ALARACT 180/2006 FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS

TEXT: i UNCLASSIFIED//

THIS MESSAGE HAS BEEN SENT BY THE PENTAGON TELECOMMUNICATIONS CENTER ON BEHALF OF DA WASHINGTON DC CIO/G-6//SAIS-ZA //.

SUBJECT: ALARACT 180/2006 ARMY GUIDANCE IN SUPPORT OF JTF-GNO CTO 06-02 UPDATE 3 (FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS)

References:

(U//FOUO) REF/A/ JTF-GNO CTO 06-02/171100Z JAN 06.

(U//FOUO) REF/B/ HQDA ALARACT 028/2006 041939Z Feb 06

(U//FOUO) REF/C/ JTF-GNO CTO 06-02A/030013Z FEB 06.

(U//FOUO) REF/D/ UPDATE #2 TO JTF-GNO CTO 06-02/251220Z JUL 06.

(u//fouo) Ref/E/ JTF GNO CTO 06-13 281600Z JUN 06

(S//REL) REF/F/ JTF-GNO CTO 06-02 UPDATE #3, FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS / 211015Z SEP 06 (SECRET//REL USA GBR CAN AUS//)

(U//FOUO) REF/G/ JTF-GNO CTO 06-02 UPDATE #3, FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS -- ABBREVIATED VERSION (UNCLASSIFIED)

1. (U/FOUO) REF A IS JTF-GNO COMMUNICATIONS TASKING ORDER (CTO) 06-02, SUBJECT: TASKS FOR PHASE 1 OF THE ACCELERATED PUBLIC KEY INFRASTRUCTURE (PKl) IMPLEMENTATION. REB B IS HQDA ALARACT 028/2006 FROM CIO/G-6 (SAIS-ZA) DIRECTING ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD (cac) CRYPTOGRAPHIC NETWORK LOGON. REF C IS JTF-GNO cto 06-02a, WHICH IS AN UPDATE TO cto 06-02 DEFINING PHASE 1 IMPLEMENTATION TASKS OF ACCELERATED PUBLIC KEY INFRASTRUCTURE (pki) IMPLEMENTATION. REF D IS JTF-GNO UPDATE #2 TO JTF-GNO CTO 0602. REF E IS JTF-GNO CTO 06-13, DIRECTIVE FOR CAC/PKI IMPLEMENTATION - REVISED COMPLIANCE DATES FOR SPECIAL USER GROUPS. REF F IS AN UNCLASSIFIED - ABBREVIATED VERSION OF JTF-GNO CTO 06-02 UPDATE #3 FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS. REF g. IS THE CLASSIFIED UNABRIDGED VERSION OF JTF-GNO CTO 06-02 UPDATE #3 FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS.

2. (U//FOUO) BACKGROUND. DoD continues to FACE A GROWING THREAT FROM AN INCREASINGLY BROAD SET OF COMPLEX AND CHALLENGING COMPUTER ATTACKS, INCLUDING NOT ONLY VIRUSES, BUT ALSO THREATS FROM SPY WARE, SPAM, ROOTKITS, KEYLOGGERS AND MANY OTHER FORMS OF MALWARE. For more details REFER TO REF F THAT CAN BE FOUND ON THE JTF-GNO SIPRNET WEB SITE: HTTP://WWW.JTFGNO.SMIL.MIL/SlTE/INDEX.CFM?PAGE=CTO2006 .

3. (U//FOUO). MISSION. IN A CONTINUING EFFORT TO PROVIDE A MORE EFFECTIVE INTEGRATED THREAT MANAGEMENT SOLUTION, THIS DIRECTIVE BUILDS ON THE ACTION CONTAINED IN REF B, AND IS FOCUSED ON ACTIONS TO BETTER SECURE PRIVATE DOD WEB SERVERS and web sites. IN ACCORDANCE WITH REF F, JTF-GNO HAS DEFINED A

2 "PRIVATE DOD WEB SERVER" AS A SYSTEM HAVING A WEB-BASED INTERFACE AND ITS CONTENTS ARE INTENDED TO BE ACCESSED ONLY BY USERS ORIGINATING FROM A DOD IP ADDRESS SPACE. THIS DEFINITION INTENTIONALLY DOES NOT INCLUDE WEB SERVERS THAT ALLOW ACCESS FROM OUTSIDE THE .MIL ADDRESS SPACE (E.G. FROM A ".COM" OR ".GOV" ADDRESS). EXAMPLES OF COMMON WEB SERVERS THAT ARE NOT PRIVATE DOD WEB SERVERS INCLUDE AKO (WWW.US.ARMY.MIL), VFRG (WWW.ARMYFRG.ORG), MYPAY (MYPAY.DFAS.MIL), OUTLOOK WEB ACCESS (OWA) MAIL SERVERS, AND PUBLIC INTERNET SERVERS (WWW.ARMY.MIL). IT DOES, HOWEVER, INCLUDE DOMAINS SUCH AS .NDU OR USMA.EDU., WHICH ARE DOD IP ORIGINATING ADDRESSES IF THE INTENT OF THE DOD WEB SERVER IS TO BE ACCESSED EXCLUSIVELY BY USERS COMING FROM DOD IP SPACE AND NO OTHER, THEN IT MEETS THE DEFINITION OF A "PRIVATE DOD WEB SERVER", AND MUST COMPLY WITH THE NEW GUIDANCE. Web servers "dual configured" for both .mil and partitioned for "outside" access, must also be configured in accordance with the applicable guidance for a "private dod web server". THIS APPLIES TO THE WEB-SERVER/SITES WHICH ARE CONFIGURED FOR.MIL ONLY.

4. THE FOLLOWING ACTIONS ARE DIRECTED to be implemented at all army enclaves:

4A. (U//FOUO) TASK 1: CONFIGURATION VALIDATION.

4A.1. ACTION 1. NLT 5 OCT 06 VALIDATE CONFIGURATIONS OF ALL PRIVATE DOD NIPRNET WEB SERVERS TO TRUST ONLY DOD AUTHORIZED CERTIFICATE AUTHORITIES. ORGANIZATIONS MAY ADDITIONALLY CONFIGURE PKI-ENABLED web sites TO USE EXTERNAL CERTIFICATE AUTHORITIES (ECAS) BUT ONLY IN CASES APPROVED BY THEIR DESIGNATED APPROVAL AUTHORITY. AN AUTOMATED CONFIGURATION TOOL IS AVAILABLE ON THE CAC CRYPTOGRAPHIC LOGON (CCL) ARMY KNOWLEDGE ONLINE (AKO) CCL COMMUNITY OF INTEREST (COI) KNOWLEDGE COLLABORATION CENTER (KCC) LOCATED AT: https://www.us.army.mil/suite/page/237211 . DOD WIDE CONFIGURATION INSTRUCTIONS ARE ALSO LOCATED AT H T T P S : / / G E S P O R T A L . D O D . M I L / S I T E S / D O D P K E / and a link to this information is available off of the AKO community of interest KCC.

4A.2. ACTION 2. NLT 5 OCT 06 DISCONNECT ANY NIPRNET WEB SERVER NOT IN COMPLIANCE WITH THIS TASK AND DO NOT RECONNECT IT UNTIL IT IS COMPLIANT. Configuration instructions are located at https://www.us.army.mil/suite/page/237211 . rEPORT THE TOTAL NUMBER OF SERVERS DISCONNECTED, AND SUBSEQUENTLY PROVIDE FOLLOW ON REPORTING IF AND WHEN THEY ARE RECONNECTED.

4A.3. ACTION 3. NLT 4 OCT 06 REPORT THE TOTAL NUMBER OF PRIVATE DOD WEB SERVERS AND THE SERVER OPERATING SYSTEM AFFECTED BY THIS MESSAGE, IAW THE REPORTING GUIDELINES CONTAINED IN PARA 8.

4A.4. ACTION 4. NLT 5 OCT 06 REPORT THE NUMBER OF PRIVATE DOD WEB SERVERS THAT ARE COMPLIANT WITH THIS TASK, AND THE TOTAL NUMBER WITH APPROVED EXTENSIONS.

4B. (U//FOUO) TASK 2 IMPLEMENTATION OF PKI/CAC ACCESS CONTROL. ALL ARMY ENCLAVES WILL ALLOW ONLY CERTIFICATE-BASED CLIENT AUTHENTICATION TO PRIVATE

3 ARMY WEB Sites and servers, USING CERTIFICATES ISSUED BY AUTHORIZED DOD PKI CERTIFICATE AUTHORITIES (PKI/CAC, ECAS). ALL ARMY ENCLAVES WILL COMPLY WITH THE PKI/CAC INITIATIVES BY DATES SPECIFIED IN THIS ALARACT, WITH THE EXCEPTION OF THOSE IDENTIFIED IN THE CTO 06-13 (REF E) WHICH WERE GRANTED AN EXTENSION BY JTF-GNO UNTIL 29 DEC 06.

4B.1. A DOCUMENT ENTITLED "SETTING IIS6 TO REQUIRE CAC IOGON", WAS PREPARED TO ASSIST SYSTEM ADMINISTRATORS IN CONFIGURING MICROSOFT'S INTERNET INFORMATION SERVICES (IIS) WEB SERVER - V6.0 (IIS6) WHICH COMES WITH WINDOWS 2003 SERVER. THIS DOCUMENT IS AVAILABLE ON THE CAC CRYPTOGRAPHIC LOGON (CCL) ARMY KNOWLEDGE ONLINE (AKO) CCL COMMUNITY OF INTEREST (COI) KNOWLEDGE COLLABORATION CENTER (KCC) LOCATED AT: https://www.us.army.mil/suite/page/237211 . WEB APPLICATIONS THAT REQUIRE AUTHENTICATION VIA ACTIVE DIRECTORY USER ACCOUNTS CAN BENEFIT FROM THIS DOCUMENT. HOWEVER, OWA REMAINS A MAJOR EXCEPTION THAT REQUIRES FURTHER RESOLUTION.

4b.2. INTERNET information services web server-v6.0 configuration guidance referenced in paragraph 4B.1. above, is an interim solution. in accordance with ar 25-1 and cio/g-6 memo dated 02 Nov 05, subject: leveraging army knowledge online (AKO) services, the END STATE requirement is for all iis6 web servers to use AKO single sign-on (SSO) NLT 01 FEB 07. CONSISTENT WITH THIS REQUIREMENT, ALL NON-SSO websites are required to submit an AKO SSO application by 15 Oct 06.

4b.3. ALL inward facing servers not using ako cac sso must request a waiver through the a-gnosc, or take steps to change over immediately.

4B.4. ACTION 5. NLT 5 OCT 06 DISCONNECT ANY NON-PKI AUTHENTICATING PRIVATE DOD WEB sites and SERVERS FROM THE NIPRNET.

4B.5. ACTION 6. NLT 5 OCT 06 REPORT THE TOTAL NUMBER OF NONCOMPLIANT WEB sites/SERVERS IAW PARA 8.

4B.6. ACTION 7. NLT 5 OCT 06 REPORT THE NUMBER OF DISCONNECTED ARMY WEB sites/SERVERS IAW PARA 8.

5. (U//FOUO) IMPACT: THESE ACTIONS WILL IMPACT MISSION AND MISSION-SUPPORT Sites NOT PKI-COMPLIANT, AS WELL AS NON-COMMON ACCESS CARD (CAC) HOLDERS WHO MAY REQUIRE ACCESS TO PKI-AUTHENTICATING Sites. NOTE: THE ARMY is working on a SOLUTION FOR INDIVIDUALS WHO ARE NOT ELIGIBLE FOR A COMMON ACCESS CARD IS use of the External Certificate authority (ECA) CERTIFICATES OR DOD PKI SOFT CERTIFICATES. THE ALTERNATIVE SMART CARD (ASC)WILL NOT BE CONSIDERED FOR ISSUANCE TO NON-CAC HOLDERS UNTIL ISSUANCE TO SYSTEM ADMINISTRATORS IS COMPLETED (APPROXIMATELY 7-11 MONTHS).

6. (U//FOUO) COMPLIANCE INSTRUCTIONS:

6.A. (U/FOUO) VERIFICATION. TWO-PERSON INTEGRITY IS REQUIRED TO VERIFY COMPLETION OF THE ABOVE TASKS. ARMY COMPONENTS HAVE LATITUDE TO DETERMINE HOW THEY WILL SATISFY THIS TWO PERSON REQUIREMENT, BUT STRONGLY RECOMMEND THAT THE INFORMATION ASSURANCE MANAGER (IAM) OR DESIGNATED

4 APPROVAL AUTHORITY (DAA) IS INCLUDED IN THE PROCESS.

6.B. (U/FOUO) VALIDATION. ORGANIZATIONS WILL LEVERAGE ANY AND ALL CAPABILITIES TO IDENTIFY NON COMPLIANT SYSTEMS (RED TEAMS, BLUE TEAMS, ETC).

7. (U//FOUO) EXCEPTIONS:

7A. (U//FOUO) REQUESTS FOR EXCEPTIONS WILL BE assessed by the Army global network operations Center (ARMY GNOSC). THE COMMANDER, NETCOM/9TH ARMY SIGNAL COMMAND (ASC) IS BY DELEGATION OF AUTHORITY BY COMMANDER, SMDC/ARSTRAT, THE SMDC/ARSTRAT DEPUTY FOR NETOPS, TO REPRESENT SMDC/ARSTRAT IN COMMUNICATING AND COORDINATING DIRECTLY WITH DOD AND USSTRATCOM REGARDING NETOPS. UNDER THIS AUTHORITY, COMMANDER NETCOM/9TH ASC WILL BE THE FINAL APPROVAL AUTHORITY FOR ARMY EXCEPTIONS. EXCEPTIONS SHOULD BE LIMITED TO THOSE BASED ON VALID OPERATIONAL REQUIREMENTS. REQUESTS FOR EXCEPTIONS MUST BE SUBMITTED TO THE ARMY GNOSC AND MUST INCLUDE A PLAN OF ACTION & MILESTONES FOR MITIGATION/COMPLETION (POA&M) AND A STATEMENT OF OPERATIONAL RISK.

7B. (U//FOUO) IAW JTF-GNO CTO 06-13 (REF E) PRIVATE DOD WEB SERVERS PHYSICALLY LOCATED IN FORWARD DEPLOYED COMBAT ZONES ARE AUTOMATICALLY GRANTED AN EXCEPTION to task 2, AND SHOULD NOT MANDATE PKI/CAC ACCESS CONTROL UNTIL CENTCOM USERS CAN ACCESS THE site/SERVER USING PKI/CAC. HOWEVER, THE OWNERS/ADMINISTRATORS MUST STILL SUBMIT THE POA&M AND STATEMENT OF OPERATIONAL RISK AS REQUIRED IN PARA 7A.

7C. ACTION 8. NLT 5 OCT 06 REPORT THE TOTAL NUMBER OF EXCEPTIONS REQUESTED TO TASKS 1 AND 2, IAW PARA 8.

8. (U//FOUO) REPORTING. REPORTING IS A COMMAND RESPONSIBILITY AND COMMANDERS MUST ENSURE COMPLIANCE. NETCOM IS RESPONSIBLE FOR THE OPERATIONS, DIRECTION AND DEFENSE OF THE LANDWARNET AND THE ARMY'S GLOBAL NETWORK OPERATIONS AND SECURITY CENTER (A-GNOSC) SERVES AS THE ARMY'S EXECUTION ARM FOR NETOPS ACROSS THE LANDWARNET. COMPLIANCE REPORTING WILL BE THROUGH RESPECTIVE NOSCS AND WILL RELY ON THE NETOPS COMMUNITY FOR EXECUTION. THE ARMY GNOSC WILL POST COMPLIANCE REPORTING SLIDES ON THE ARMY NETCROP PORTAL AT: H T T P : / / A R M Y N E T C R O P . A R M Y . S M I L . M I L UNDER THE SIPRNET CTO TAB. REPORTS ARE DUE TO THE A-GNOSC NLT THE DATE OF THE ACTION SUSPENSE.

8A. (U//FOUO) OCONUS: COMMANDS AND ORGANIZATIONS WILL REPORT ALL ISSUES AND COMPLIANCE ASSOCIATED WITH THE EXECUTION OF THESE TASKS TO THEIR RESPECTIVE THEATER NETWORK OPERATIONS AND SECURITY CENTER (TNOSC). OCONUS TNOSCS WILL CONSOLIDATE REPORTS FROM THEIR RESPECTIVE THEATER AND PROVIDE REPORTS TO THE ARMY GNOSC.

8B. (U//FOUO) CONUS: COMMANDS AND ORGANIZATIONS RESIDING ON/LOCATED ON, OR SUPPORTED BY A GARRISON OR INSTALLATION, WILL REPORT ALL ISSUES AND

5 COMPLIANCE ASSOCIATED WITH THE EXECUTION OF THESE TASKS TO THEIR RESPECTIVE DOIM. DOIMS WILL CONSOLIDATE AND REPORT COMPLIANCE TO THEIR RESPECTIVE REGIONAL RCIO. EACH CONUS REGIONAL RCIO (SE, NE, SE, SW) is responsible for all doims within their geographic region, and WILL PROVIDE THEIR RESPECTIVE COMPLIANCE REPORTS TO THE CONUS TNOSC. THE CONUS TNOSC WILL CONSOLIDATE AND PROVIDE COMPLIANCE REPORTS (BY REGION) TO THE ARMY GNOSC.

aC. (U//FOUO) FUNCTIONAL COMMANDS / RCIOS: FUNCTIONAL RCIOS ARE RESPONSIBLE FOR THE EXECUTION AND REPORTING FOR THEIR RESPECTIVE COMMANDS. EACH FUNCTIONAL COMMAND WILL ACCOUNT AND REPORT FOR ALL ORGANIZATIONS AND UNITS WITHIN THEIR COMMAND REGARDLESS OF GEOGRAPHIC LOCATION AND PROVIDE COMPLIANCE REPORTS TO THE ARMY GNOSC. THE FUNCTIONAL COMMANDS RESPONSIBLE FOR REPORTING ARE: 1NSCOM, MEDCOM, MEPCOM, NGB, USAR, USACE, HRC, ARMY PUBLISHING AGENCY, ACCESSIONS, AMC, U.S. MILITARY ACADEMY, AND ENTERPRISE APPLICATIONS.

8D. (U//FOUO) PROGRAM EXECUTIVE OFFICES (PEOS): PEOS ARE RESPONSIBLE FOR THE EXECUTION AND REPORTING FOR THEIR RESPECTIVE PROGRAMS OF RECORD (PORS). EACH PEO WILL ACCOUNT AND REPORT FOR ALL RESPECTIVE PORS REGARDLESS OF GEOGRAPHICAL LOCATION AND PROVIDE COMPLIANCE REPORTS TO THE ARMY GNOSC. THE PEOS RESPONSIBLE FOR REPORTING ARE: EIS, C3T, CS/CSS, GCS, IEW&S, MS, SOLDIER, STRI AND AVIATION.

8E. (U//FOUO) ANY UNIT OR ORGANIZATION NOT CLEARLY IDENTIFIED WITHIN THE REPORTING PARAGRAPH WILL SEEK TO RESOLVE THROUGH THEIR OPFRATIONAI CHANNFIS IF AN ISSUE CANNOT BERESOLVED^QNTACT L T C « BAT [email protected] O R ^ [email protected]" JLUTION.

8F. POC FOR COMPLIANCE REPORTING IS AS FOLLOWS: MS' 1stiocmd.army.smil.mil, DSN (312) 235-2604/COMMERCIAL 703 706-2604

AFTER HOURS: A2TOC BATTLE CAPTAIN DSN: 235-1113 /COMMERCIAL 703 706-1113

9. POCS FOR OVERALL COORDINATION CURRENT OPERATIONS OFFICER ARMY GNOSC [email protected] US.ARMY.MIL

DSN: (312) 235-1291/COMMERCIAL 703 706-1291 OR M A J ( P ) M U CIO/G6 OPERATIONS CELL, COMM: 703-692-9761. DSN: 2 2 2 - T O T 7 E M A T T ^ i@ HQDA.ARMY.MIL / ^ mHQDA-S.ARMY.SMIL.MIL .

Classification: UNCLASSIFIED

Caveats: FOUO

—Original Message-

Sent: Friday, September 29, 2006Tfl38 AM To: [email protected]

6 Subject: Re: [WEBMASTERS] Army message

I just received an AKO alert about this. In case anyone else is looking for the message mentioned below, here's the link: https://www.us.army.mil/suite/doc/6309174

-Original Message-

Sent: Thursday, September 28, 2006 1:05 PM To: [email protected] Subject: [WEBMASTERS] Army message

I've heard there's an Army message in response to update 3 of JTFGNO CTO 06-02, but both of the POCs in my chain of command are out of the office this week. Can someone forward the message to me?

Thanks

********* FAQ & Subscription info: http://www.dod.mil/webmasters/faq/ 4

********* FAQ & Subscription info: http://www.dod.mil/webmasters/faq/ Classification: UNCLASSIFIED Caveats: FOUO

********* FAQ & Subscription info: http://www.dod.mil/webmasters/faq/ Classification: UNCLASSIFIED Caveats: NONE •

7 Subject: FW: Article on Opsec (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Our first response for the news article.

Sent: Saturday, October 14, 2006 3:13 PM To: NETCOM Army Web Risk Assessment Cell Subject: Article on Opsec

I read your article a few days ago and after doing so felt some concerns about the unit that you have monitoring non department of defense personal communications of uniformed personnel. First, l think it would have been appropriate for you to mention in your article that you have procedures to safeguard the constitutional rights of uniformed personnel to freely express their views in a non military context.

The second problem is about the two soldiers you featured in your article who say they take their mission to ferret out violators of OPSEC seriously because its personal with them. If its personal than they should not be doing that job. It's positive to be motivated to do a good job and even a little zeal is a good thing. Being a fanatic is not a good thing.

You might want to share with those two soldiers in your anti OPSEC unit the news's story about the young Marine who is being nominated for the Congressional Medal of Honor. In that story he was killed a month later doing the same heroic acts that lead to his nomination. The news story related that when his parents were notified about his death, they and other family were shocked that he had done those things.

Here's a what if scenario. Lets say uniformed personnel feel don't free to communicate with family members about what they or their unit is doing because someone is monitoring their personal communications. So a soldier or marine who might communicate with a father or uncle that they are bravely leading their squad whenever they confront a terhorist threat might raise a level of concern with the family. The family could follow through by contacting the commander of their son's unit through the chain of command and request more information. That sort of thing might motivate the unit commander to consider this family's concerns resulting in their son not being awarded the Medal of Honor, but being alive and well for the rest of his life. So do you keep soldiers alive by shutting down the flow of communications to a family or in fact kill them faster?

One last thing. I think that the enemy can gather all the intelligence they need on the ground and don't have to worry about surfing the net to get that information. If you are really concerned about OPSEC than send your personnel to the Middle East and have them agressivly hunt down enemy personnel, interrogate suspicious civilians, etc instead of wasting their time in front of a computer surfing the net and harrassing brave young Americans with threatening e-mails.

2 Subject: FW: AWRAC discussion (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Web Risk Assessment/Information Assurance Analyst

some of the comments from the Military.com discussion board on the AWRAC story.

Check These Out: Buddy Finder | Videos | PhotoCenter | SpouseBUZZ j My Friend Network | News | Military Equipment

Military.com Military.com Forums Hop To Forum Categories Hot Topics & Current Events Hop To Forums In the News Army Monitors Soldiers' Blogs

Page 12 3

i Moderators: BloodThirstyWench , dmuhler , DrillVietnamVet , OldAFcop , snake021

Go

New

Find

Notify

Tools

Reply

Admin

New PM!

Personal Zone

D

Military.com Forums •

Profile

Buddies

Ignore List

Groups

Permissions

Private Messaging

Notifications

Karma

Preferences

Favorites

2 More...

Discussion

Poll

Private Message

Keyword Search

Search current forum only

Advanced Search

New Since your Last Visit

Today's Active Topics in this Category

Add to My Favorites

Printer Friendly Format

Email a Friend

Help

Manage Topic

Manage Content in This Topic Manage Members

Online Now

Control Panel

i Login/Join Welcome, [Logout ]

TeamAmerica

Member Picture of TeamAmerica

Posted Mon 30 October 2006 11:52 Mon 30 October 2006 11:52

RE: http://www.military.com/NewsContenV0.13319,117978.00.html

Posts: 1377 | Registered: Sat 17 December 2005

Reply With Quote Edit or Delete Message Report This Post

scooter_mech

Member Picture of scooter_mech

Posted Mon 30 October 2006 12:19 Mon 30 October 2006 12:19

Hide Post

"In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

i Posts: 1651 | Registered: Fri 09 September 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by scooterjnech posted Mon 30 October 2006 12:19 Mon 30 October 2006 12:19

Show Post

Dutch_Shaulis

Basic Training Picture of Dutch_Shaulis

Posted Mon 30 October 2006 12:26 Mon 30 October 2006 12:26

Hide Post

Got to agree with Scooter on this one. Let's not give our enemies anymore information especially unit routes. Where's the common sense here? Remember the "Loose Lips Sink Ships", think they need to start reinforcing that again!!

"Retired Navy and Damn Proud of it!!!"

Posts: 19 | Registered: Thu 12 October 2006

Reply With Quote Edit or Delete Message Report This Post

Ignored post by Dutch_Shaulis posted Mon 30 October 2006 12:26 Mon 30 October 2006 12:26

s Show Post

cinlurker

Member

Posted Mon 30 October 2006 12:36 Mon 30 October 2006 12:36

Hide Post

quote:

Originally posted by scooter_mech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES...

IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

Posts: 408 | Registered: Wed 12 October 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by cinlurker posted Mon 30 October 2006 12:36 Mon 30 October 2006 12:36

Show Post

G outlaws93

Experienced Member Picture of outlaws93

Posted Mon 30 October 2006 12:51 Mon 30 October 2006 12:51

Hide Post

quote:

Originally posted by cinlurker:

quote:

Originally posted by scooter_mech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES...

IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

sure and it was monatered... they didnt see everything and anything they didnt need to see\know about....

Posts: 9870 | Registered: Thu 18 August 2005

7 Reply With Quote Edit or Delete Message Report This Post

Ignored post by outlaws93 posted Mon 30 October 2006 12:51 Mon 30 October 2006 12:51

Show Post

TheGoodOne

Member

Posted Mon 30 October 2006 12:56 Mon 30 October 2006 12:56

Hide Post

Roll Eyes When they are done here, they need to focus on those responsible for letting our enemies inside our own country.

Posts: 371 | Registered: Thu 19 June 2003

Reply With Quote Edit or Delete Message Report This Post

Ignored post by TheGoodOne posted Mon 30 October 2006 12:56 Mon 30 October 2006 12:56

Show Post

cafedad

Basic Training Picture of cafedad

8 9960092590001>

Posted Mon 30 October 2006 13:18 Mon 30 October 2006 13:18

Hide Post quote:

Let's not give our enemies anymore information especially unit routes. Where's the common sense here? Remember the "Loose Lips Sink Ships", think they need to start reinforcing that again!!

"Retired Navy and Damn Proud of it!!!"

Your right Dutch, Loose lips... what happend to OPSEC?? Just because we have a younger Army doesn't mean the "old school" ways are not still in use. THINK SOLDIERS, THINK!!!!

Posts: 24 | Registered: Tue 28 January 2003

Reply With Quote Edit or Delete Message Report This Post

Ignored post by cafedad posted Mon 30 October 2006 13:18 Mon 30 October 2006 13:18

Show Post

GroovyLady

Member Picture of GroovyLady

Posted Mon 30 October 2006 13:48 Mon 30 October 2006 13:48

Hide Post yeah, and, we get tours of Russia's nuclear facilities and weapons manufacturers.

9 quote:

Originally posted by cinlurker: THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES...

IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

Posts: 2018 | Registered: Mon 05 December 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by GroovyLady posted Mon 30 October 2006 13:48 Mon 30 October 2006 13:48

Show Post

rd350

Member Picture of rd350

Posted Mon 30 October 2006 13:56 Mon 30 October 2006 13:56

Hide Post

quote:

yeah, and, we get tours of Russia's nuclear facilities and weapons manufacturers.

Not that far off the mark.

10 http://travel2.nytimes.eom/2006/10/15/travel/15transiran.html

"An Invitation From Iran: Inspect It for Yourself If you have ever wanted to see the inside of a pressurized nuclear reactor plant, Iran could be the next adventure vacation for you."

personally myself? BTDT

Posts: 241 | Registered: Thu 27 January 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by rd350 posted Mon 30 October 2006 13:56 Mon 30 October 2006 13:56

Show Post

8718368

Member Picture of 8718368

Posted Mon 30 October 2006 14:05 Mon 30 October 2006 14:05

Hide Post

Well, I see no problem in enforcing OPSEC. The only problem some soldiers seem to have is just ambigous rules. Clear those up and everyone will be happy, especially those serving in FOBs and active combat zones.

In God we Trust, Scott

Posts: 52 | Registered: Fri 06 January 2006

n Reply With Quote Edit or Delete Message Report This Post

Ignored post by 8718368 posted Mon 30 October 2006 14:05 Mon 30 October 2006 14:05

Show Post

GroovyLady

Member Picture of GroovyLady

Posted Mon 30 October 2006 14:09 Mon 30 October 2006 14:09

Hide Post the American public's plan might call for a quick withdrawal and a series of appeasement measures to get our troops out of Iraq.

However, that's not the Jihadist's plan. We leave Iraq; they will continue to hunt our troops here and abroad. 1989 and then from 1993 - 2000 they've demonstrated they're quite capable of attacking our troops while our troops are not under a wartime command.

Obviously, jihadists realize they can't take us down quickly. They will have to simulataneously attack our economy, attack our foreign policies/diplomatic efforts, attack the popular will of the people in our country (i.e. using enemy propaganda as valid news sources, etc.) and get busy weakening our defense systems, the largest component of our defense system are our troops.

At the time of Alexander the Great's crusade to conquor Persia; the Perisan military's strongest core of fighters were Greek mercenaries whom the Persians paid quite well. Regardless that Alexander unified Greece and became the leader of the Greek states; many Greeks still got bought and fought on the side of their countrymen's enemy, the Persians. it wouldn't surprise me in the least to see our enemy employ that tactic again, hence, the necessity of blog monitoring/security to minimize risk of exposing our troops and their families to the threat of our enemy, would kind of suck for a troop's spouse, child or parent (or even close friends) to get kidnapped with the ransom being the soldier's submission to fight the jihad against us Americans.

Posts: 2018 |

12 Registered: Mon 05 December 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by GroovyLady posted Mon 30 October 2006 14:09 Mon 30 October 2006 14:09

Show Post

rd350

Member Picture of rd350

Posted Mon 30 October 2006 14:16 Mon 30 October 2006 14:16

Hide Post

This is an interesting topic (the topic is bioggin soldiers, isn't it?) D being out for so long, I am amazed that blogging and email are so commonplace, bu considering the emotional cost of being separated from family, if this technology can help, it has to make the troops more effective.

On the other hand, I have seeen all too many disturbing videos that anyone could use to characterize our men as cowboys, and iDm sure there are less than positive rantings on the blogs. WeDve opened the www.pandorasbox now and pulling back the reigns would be hard.

We had deployments where we didnDt even see (snail) mail or phone calls or anything for more than • a month. I also remember the excitement of spending nearly $30 US in 1975 dollars to be able to call home as soon as we hit port.. In that relative light, being allowed ot email once a day seems (in retrospect) to be a luxury.

Posts: 241 | Registered: Thu 27 January 2005

Reply With Quote Edit or Delete Message Report This Post

13 Ignored post by rd350 posted Mon 30 October 2006 14:16 Mon 30 October 2006 14:16

Show Post

TrolH 16

Basic Training

Posted Mon 30 October 2006 14:46 Mon 30 October 2006 14:46

Hide Post

It sure seems to me that the potential here should not be over looked. What a fantastic opportunity to invite some of our friends to an ambush.

Posts: 17 | Registered: Mon 29 May 2006

Reply With Quote Edit or Delete Message Report This Post

Ignored post by TrolH 16 posted Mon 30 October 2006 14:46 Mon 30 October 2006 14:46

Show Post

juice68

Member

Posted Mon 30 October 2006 15:44 Mon 30 October 2006 15:44

Hide Post

14 quote:

In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

seems like its commonsence not to do that kind of thing, what was he thinking'!! duh!!

Posts: 2024 | Registered: Mon 24 April 2006

Reply With Quote Edit or Delete Message Report This Post

Ignored post by juice68 posted Mon 30 October 2006 15:44 Mon 30 October 2006 15:44

Show Post

rd350

Member Picture of rd350

Posted Mon 30 October 2006 16:41 Mon 30 October 2006 16:41

Hide Post both my grandfather (WWI horse cavalry) and my Dad (WWII, Seabee) had their mail censored and heavily edited. the technology is there to flag word strings and graphics. What I'm seeing as the most counterproductive are the digital videos being floated around.

Posts: 241 |

is Registered: Thu 27 January 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by rd350 posted Mon 30 October 2006 16:41 Mon 30 October 2006 16:41

Show Post

mcgreer

Member

Posted Mon 30 October 2006 16:44 Mon 30 October 2006 16:44

Hide Post

quote:

Originally posted by scooterjmech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

I don't think it's OPSEC the DoD is worried about. We've been blogging since the beginning of the invasion and occupation.

Posts: 845 | Registered: Sat 31 December 2005

Reply With Quote Edit or Delete Message Report This Post

16 Ignored post by mcgreer posted Mon 30 October 2006 16:44 Mon 30 October 2006 16:44

Show Post

Copper71

Member Picture of Copper71

Posted Mon 30 October 2006 19:31 Mon 30 October 2006 19:31

Hide Post

Remember that old WW2 saying, "Loose lips sink ships." Those words are as true today as they were then. If anyone thinks the enemy isn't logging in to the blogs, they had better shake their heads. Sometimes the bloggers go overboard with the information they post. The reason they get generous with info, can be anything from trying to impress a woman/man, dazzle mom & dad or just plain DUMB. There is something to be said for some censorship.

Posts: 102 | Registered: Sun 01 October 2006

Reply With Quote Edit or Delete Message Report This Post

Ignored post by Copper71 posted Mon 30 October 2006 19:31 Mon 30 October 2006 19:31

Show Post

Schistosome

Member Picture of Schistosome

17

Posted Mon 30 October 2006 20:05 Mon 30 October 2006 20:05

Hide Post

with all the training we receive... what made his dumb *** blog such critical stuff??? what next... yes monitor it and stop this nonsense, we can blog on the safe stuff.

Posts: 73 | Registered: Wed 11 October 2006

Reply With Quote Edit or Delete Message Report This Post

Ignored post by Schistosome cposted Mon 30 October 2006 20:05 Mon 30 October 2006 20:05

Show Post

megreer

Member

Posted Mon 30 October 2006 20:06 Mon 30 October 2006 20:06

Hide Post

Again, it probably isn't OPSEC the DoD's worried about.

A majority of these guys are smart enough to not post things that will get them and their buddies killed. And we know that. Consider that there's a lot of negative sentiment about the occupation right now. That we're in an election cycle. And that guys and gals who have been sent back into the breach for the fourth time, experiencing family problems as a result, questioning their own presence there, might have a little to say in these blogs.

Now, we understand perfectly that a majority of our troops serve faithfully and will not do anything that will bring discredit upon themselves, their units, their service, or their country. But this is turning

18 into a long, hard slog. People are going to start pouring out their feelings on these things. Putting your business in the street via blogs and other public web sites is normal with many of our young people these days.

Do you remember the amateur porn site that offered GIs free membership if they would post photos from the field? I went there once, out of curiosity. The pictures some of our troopers were posting were not pretty; in fact, many of them made the Abu Ghraib photos look like a Sunday school outing. They were incredibly graphic and horribly gruesome.

There is a sense that our experience in Iraq is not going well, and there will be efforts to try to stop the flow of negative information as much as possible.

OPSEC? Probably not. PR? Probably more accurate.

Posts: 845 | Registered: Sat 31 December 2005

Reply With Quote Edit or Delete Message Report This Post

Ignored post by mcgreer posted Mon 30 October 2006 20:06 Mon 30 October 2006 20:06

Show Post

reconhottie

Member Picture of reconhottie

Posted Mon 30 October 2006 22:10 Mon 30 October 2006 22:10

Hide Post

What is next? Listing names, location, units and the like on a blog? Maybe invite the bad guys to look at it and take notes? Why the hell not straight invite them on bases to save them the effort of looking up sensitive info online, info posted by soldiers who think it is interesting to do. OPSEC is not so hard to understand and remember. If they are doing this just to have a way to vent, they need to think twice about it. About what is ok to post and what not.

19 Classification: UNCLASSIFIED

Caveats: NONE

20 From: Sent: MQndgy^Oetofrgraa 2005 1Q:36 At To: Subject: FW: AWRAC in the news (UNCLASSIFIED)

Attachments: Untitled Attachment

Untitled Attachment Classification: UNCLASSIFIED Caveats: NONE

Web Risk Assessment/Information Assurance Analyst

-Original Message-

Sent: Monday, October 30, 2006 8:52_

Subject: FW: AWRAC in the news (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

jund this article on AWRAC.

Office of Information Assurance and Compliance NE"

-Original Message-

Sent: Monday, October 30, 2006 8:38 AM

Subject: AWRAC in the news

Don't know if you caught this one. Oct 29, 1:24 PM (ET)

(AP) Author Matthew Curier Burden stands at the Pritzker Military Library with a copy of his book... Full Image

RICHMOND, Va. (AP) - From the front lines of Iraq and Afghanistan to here at home, soldiers blogging about military life are under the watchful eye of some of their own.

A Virginia-based operation, the Army Web Risk Assessment Cell, monitors official and unofficial blogs and other Web sites for anything that may compromise security. The team scans for official documents, personal contact information and pictures of weapons or entrances to camps.

In some cases, that information can be detrimental, said Lt. Col. Stephen Warnock, team leader and battalion commander of a Manassas-based Virginia National Guard unit working on the operation.

In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family.

"We are a nation at war," Warnock said by e-mail. "The less the enemy knows, the better it is for our soldiers."

In the early years of operations in the Middle East, no official oversight governed Web sites that sprung up to keep the families of those deployed informed about their daily lives.

The oversight mission, made up of active-duty soldiers and contractors, as well as Guard and Reserve members from Maryland, Texas and Washington state, began in 2002 and was expanded in August 2005 to include sites in the public domain, including blogs.

The Army will not disclose the methods or tools being used to find and monitor the sites. Nor will it reveal the size of the operation or the contractors involved. The Defense Department has a similar program, the Joint Web Risk Assessment Cell, but the Army program is apparently the only operation that monitors nonmilitary sites.

Now soldiers wishing to blog while deployed are required to register their sites with their commanding officers, who monitor the sites quarterly, according to a four-page document of guidelines published . in April 2005 by Multi-National Corps-Iraq.

Spc. Jean-Paul Borda, who has indexed thousands of military blogs for a site called Milblogging.com, "said in an e-mail interview that the military still is adapting to changing technology.

2 "This is a new media - Blogging. Podcasting. Online videos," wrote Borda, 32, of Dallas, who kept a blog while he was deployed in Afghanistan with the Virginia National Guard. "The military is doing what it feels necessary to ensure the safety of the troops."

Warnock said the Web risk assessment team has reviewed hundreds of thousands of sites every month, sometimes e-mailing or calling soldiers asking them to take material down. If the blogger doesn't comply with the request, the team can work with the soldier's commanders to fix the problem - that is, if the blogger doesn't post anonymously.

"We are not a law enforcement or intelligence agency. Nor are we political correctness enforcers," Warnock said. "We are simpiy trying to identify harmful Internet content and make the authors aware of the possible misuse of the information by groups who may want to damage United States interests."

Some bloggers say the guidelines are too ambiguous - a sentiment that has led others to pre- emptively shut down or alter their blogs.

"It's impossible to determine when something crosses the line from not a violation to a violation. It's like trying to define what pornography is or bad taste in music," said Spc. Jason Hartley, 32, who says he was demoted from sergeant and fined for reposting a blog he created while deployed to Iraq with the New York Army National Guard.

According to Hartley, the Army had forced him to stop the blog even before the oversight operation existed, citing pictures he had posted of Iraqi detainees and discussions of how he loaded a weapon and the route his unit took to get to Iraq.

Warnock contended that soldiers should not be discouraged from blogging altogether.

Military bloggers "are simply expressing themselves in a wide open forum and want to share their life- changing experiences with the rest of the world," Warnock said. "Giving soldiers an outlet for free expression is good. American soldiers are not shy about giving their opinions and nothing the Web Risk Cell does dampens that trait."

Matthew Currier Burden, 39, a former intelligence officer who wrote "The Blog of War," a collection of entries from bloggers who served in the war, said soldiers' Web sites can go a long way toward portraying positive aspects of the war and other "stories that need to get told."

But he said it's legitimate to fear that some information could be used the wrong way.

"The enemy knows the value of the blogs," Burden said. "The biggest thing that we fear is battle damage assessment from the enemy. We want to deny them that."

On the Net:

Milblogging: http://www.milblogging.com

Classification: UNCLASSIFIED Caveats: NONE

3 Classification: UNCLASSIFIED Caveats: NONE From: Sent: Tuesday, September 26, 20067:57 A To:

Subject: FW: AWRAC Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

Below is the list of personnel we would be meeting with, if the funds are available to travel to WA.

The location is Camp Murray WA just outside Ft Lewis and Tacoma, WA

The topic is there new TDA, manning, training and the AWRAC mission.

feb Risk Assessment/Information Assurance Analyst m

Sent: Monday, September 25, 2006 7:01 PM

Subject: RE: AWRAC Mission (UNCLASSIFIED)

Our schedules are still wide open in October. Our preference is to meet prior to 14 October, so we can develop a plan and brief the team on 14/15 October. So, anytime between the 2nd and 13th of October should work for us.

Attenc Include

I OPSEC Deputy). wa

Operations Officer 56th 10 Group

Sent: Monday, September 25, 2006 5:52 AM

Subject:"RETSWlRAC"Mission(UMCLASSIFIED)

Classification: UNCLASSIFIED

Caveats: NONE

The weekend of 14/15 will not work for us. What other dates could we do the visit. I need the name and the position of the all the personnel who may be at the meeting, so I can justify the travel funds for the new FY.

Web Risk AssessrnerrtnnfoTmaTioTw^ssuran^ Analyst

Sent: Monday, September 18, 2006 7:14

Subject: FW: AWRAC Mission (UNCLASSIFIED)

2 Mr. Anzulewicz,

I am the S3 of the 156th 10 Bn (GS) at Camp Murray, WA. Please give me a call at your earliest convenience. I'd like to take you up on your offer to visit Camp Murray. We are currently planning training for calendar year 2007, and would like to discuss your organization, mission, training opportunities, etc.

V/R,

Operations Officer" 56th IO Grout

Sent: Monday, September 18, 2006 1:13 PM

Subject: FW: AWRAC Mission (UNCLASSIFIED)

FYI

Sent: Wednesday, August 23, 2006 7:06 AM

Subject: AWRAC Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Sir

3 las just been appointed as government lead for the AWRAC mission. We need an update of your unit's personnel status to include the name and email of new BN command. Both of us would like to visit you to work out any training or mission tasking issues you may have. Please give us possible visit dates between now and JAN 07.

Web Risk Assessment/Information Assurance Analyst

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

Classification: UNCLASSIFIED

Caveats: NONE

4 To: [email protected] Subject: FW: AWRAC Numbers JAN 2007 (UNCLASSIFIED)

Attachments: AWRAC Numbers JAN 2007.ppt

AWRAC Numbers JAN 2007.ppt ^

Not sure if you remember me, we spoke on the phone briefly about the last AWRAC numbers. I'm curious if your team's done any decomposition of why the numbers went up so much in Web site violations and blogs? Are you catching more due to better scanning / more staff, or are more occurring? What are your thoughts?

Classification: UNCLASSIFIED Caveats: FOUO

Sent: Wednesday, January 31, 2007 11:34 AM

i Classification: UNCLASSIFIED Caveats: NONE

Good Afternoon Sir, I have attached the AWRAC Numbers for January 2007 to this email. As always, please contact me if you have any questions.

« . . . »

Lockheed Martin Mission Services

Information Assurance Directorate NETC-EST-A

^ • • P t < eb Risk Assessment Cell 703-602-7481 (DSN 332) 703-602-3751 (Fax)

Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: FOUO Sent: To: Subject: FW: Draft Warnings (UNCLASSIFIED)

Attachments: Warning AKO.doc; Warning lnternet.doc; 2nd warning-internet.doc

Warning AKO.doc Warning 2nd lnternet.doc /varning-internet.dot Classification: UNCLASSIFIED

Caveats: NONE

EST-A Army Web Risk Assessment Cell

Sent: Tuesday, November 22, 2005 9:58 AM

Subject: Draft Warnings"

Here is a first draft. Comments?

Classification: UNCLASSIFIED

Caveats: NONE