Thanks to the feedback you have provided to us I have had a number of in depth conversations with the HQ staff regarding social media, web access, CGDN security, costs associated with bandwidth, policy issues related to content within the .mil domain, and access to internet sites. Following the recent Coast Guard Foundation Dinner in New York, Rear Admiral Dave Glenn (CG-6) and I had breakfast and discussed the current challenges we collectively face.

Today I intend to begin a discussion which will include you as to how we should move forward. We are going to start with security and the posting below is from CG-6. One of our challenges is that no single program or office in CGHQ owns all of the pieces to problem or solution. CG-6 is responsible for the infrastructure within the .mil domain and the gateways to the internet through our points of presence. However, they are not free actors. There are federal, Department of Defense, Homeland Security, and Coast Guard laws, rules, and regulations that apply. That is not to say some shouldn’t or couldn’t be changed, but we need to know what it is we intend to do with the convergence of improved information technology and social networks. We need to start with the end in mind.

Beyond the CG-6 world of bits and bytes, lies the policy world of content. This is a combination of public affairs, strategic communications, external outreach, stakeholder relations, and, in many cases, mission execution itself.

Extending the discussion further, as some of you have already done in your comments and other blogs, we need to understand the potential for these technology and social networks to enhance our operations. We already coordinate tactical operations through chat rooms. We are offered the opportunity to rethink our command and control relationship and how information (in any format or medium) is transmitted from the location of operations to a command center.

The Coast Guard also enhances mission execution when we leverage our capabilities with other federal, state, local and private sector entities. Social networking offers this same opportunity to leverage communications and external relations across a much broader spectrum.

As you can see we have technical infrastructure and architecture issues, security and access issues, content issues, and internal governance issues related to how we should organize and execute our strategic intent across these programs area. This discussion is well underway at HQ.

So with those comments in mind let’s hear what CG-6 has to say ...

ADM A

-----------------------------------------------------------------------------------
It is a fact of Coast Guard life that our IT system is central to every function required by the Coast Guard to execute and support every mission. Accordingly, the security, capacity and availability of this system set the terms and conditions of use in terms of what capabilities we provide to users, particularly how much external interface we allow. One of our greatest management challenges is the balance between access and security. As an organization, we need to make deliberate business decisions, based on risk, benefit and mitigation factors, as to exactly when, how and from what sites and applications we expose the network. The threats are real with a current average of over 300,000 malware attacks against the Coast Guard’s network every month.

This is not just a Coast Guard issue. In fact, this is a national and homeland security issue. Recently, Secretary Chertoff himself has been actively discussing this topic, both on the DHS Leadership Journal and at a recent bloggers roundtable discussion.

Some specific feedback you provided commented on the blocking of certain sites. It is currently against CG policy to use public social networking sites from the CGDN. It is the extreme popularity of social networking sites that make them a target rich environment for people intent to cause harm via web technology. The openness of the social networking sites allow scam artists and virus writers new ways to package and deliver their malicious payloads. Social networking sites are fast becoming the most fertile grounds for spreading malicious software and Internet scams, as reported by major internet security companies.

Currently, we use a commercial-off-the-shelf product to filter our internet traffic. The CG Internet Web Filtering Appliance blocks categories of sites that might compromise the CGDN or are inappropriate for official use. We choose the categories to block; the commercial provider is responsible for categorizing individual sites. This may result in some popular social media sites being blocked while others are not. For example Google is in the search engine category and is not blocked. Twitter and Facebook are in a social networking category that is blocked. In light of the dynamic information environment we will review this policy and how it is currently implemented.

For now, the authoritative sources for CG info for CG personnel will be on our network, not in the public domain. We will continue to cross post as much as we can to the official public domain sites to encourage other sources of feedback and provide access to the workforce when not at work. If you feel we should change our approach, let’s hear your business argument.

Rear Admiral Dave Glenn, CG-6, CIO

(Note from Adm A--FYI, my Facebook page is managed through a stand alone computer that does not connect to the CGDN)