Social Networking Policy and Appropriate Use

Presented by: CDR Rich Makarski

Director, BUMED-M62

Learning Objectives

• Understanding Social Networking• Impact• Policies• Managing Perception• Test of Knowledge• Summary

Understanding Social Networking

• Internet-based capabilities. All publicly accessible information capabilities and applications available across the Internet in locations not owned, operated, or controlled by the DoD or the Federal Government. IbCs include collaborative tools such as SNS, social media, user-generated content, social software, e-mail, instant messaging, and discussion forums (e.g., YouTube, Facebook, MySpace, Twitter, Google Apps).-- DTM 09-026, Feb 10

Understanding Social Networking

Understanding Social Networking

Understanding Social Networking

• Terminology: Internet-based Capabilities, Social Networking Sites, Commercial web-based e-mail, Web 2.0, Mashups, Wiki, Blog

• Scope– All Navy Medicine military, civilian, and contractors– All Navy Medicine IT assets used to access SNS

• Social Media Revolution 2: http://www.youtube.com/watch?v=lFZ0z5Fm-Ng

Impact: Risks

Impact: Risks

• Air Force Warns Troops: Don't 'Check In' to WarsNovember 19, 2010 | Associated Press

8

Impact: Risks

Bandwidth

Impact: Benefits

• Marine Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff, was among the first military leaders to embrace social media. His goal was to cut through the traditional top-down military structure and information stovepipes to improve communications.

By Donna Miles, American Forces Press Service WASHINGTON, July 10, 2009http://www.defense.gov/news/newsarticle.aspx?id=55087

Impact: Benefits

• Major General Michael Oates, the commander of the Army’s Task Force Mountain – "It is not in fact going around the chain of

command; it allows us to connect to the chain of command in ways we have not been able to experience before."

– The general’s blog posts are simple, designed to be conversation starters. A quick query, on "what need to be changed," led to an improvement in mental health care at Ft. Drum, New York, where is unit is based.

http://www.wired.com/dangerroom/2009/01/tf-mountains-so/#previouspost

Impact: Benefits

• The Pentagon last week issued a new “open door” policy on social media last week. So how did an Air Force network administrator find out about the change? Not through their chain of command, but by reading about it on Danger Room.

• Part of it may be a top-down management style that creates information bottlenecks. The source said they found out about Pentagon’s recently lifted ban on USB drives through Danger Room, not through official channels: “This is very peculiar, given the position I have and the level of connectivity I have, that this is how I find out it’s official policy.”

12

Impact: Benefits

• Military planners even tapped social networking sites as way to help guide the Haiti relief effort.

13

http://www.wired.com/dangerroom/2010/03/will-the-pentagon-finally-get-web-20/

Policies

• NAVMED Policy 10-018, Dec 10• ALNAV 056/10, Aug 10• ALNAV 057/10, Aug 10• DoD 5205.02-M: DoD OPSEC Manual, Nov 08• OPNAV 5239/14, Jul 08• DoD 5500.7-R: Joint Ethics, March 2006• Joint Publication 3-61: Public Affairs, May 05• BUMED Communications Directorate

Visit the M62 Portal

for more information!

NAVMED Policy 10-018

USE OF COMMERCIAL WEB-BASED E-MAIL FROM NAVY MEDICINE NETWORKS

• Per reference (a), commercial web-based e-mail is authorized for personal use on Navy Medicine networks. This includes, but is not limited to, commercial web-based e-mail previously blocked by DON policy (e.g., Hotmail, Yahoo!, Gmail, etc.), and web-based e-mail embedded in social networking sites (e.g., LinkedIn, FaceBook).

15

NAVMED Policy 10-018

• Sites must ensure that all staff read reference (a) in its entirety. Compliance with reference (a) is mandatory for all Navy Medicine sites and personnel. As a reminder, use of personal e-mail remains prohibited for official business. Additionally, auto-forwarding official e-mail to a commercial e-mail account remains strictly prohibited.

16

NAVMED Policy 10-018

• Commercial web-based e-mail is an IbC. To comply with DON and DoD policies, Navy Medicine sites with the IronPort network security tools are directed to open the following IbC categories: Streaming, Social Networking, and Web-based E-mail. Firewalls should also be configured to allow for access, as appropriate. Sites are directed to work with NAVMISSA.

17

NAVMED Policy 10-018

• Commanders, commanding officers, and officers in charge will handle any personnel abuses of e-mail on a case-by-case basis. Local IA authorities and current users do not need to modify or re-sign the SAAR-N already on file. When issuing user agreements (i.e., SAAR-N) to new users, attach reference (a) as an addendum until DON policy and forms are updates and reissued.

18

NAVMED Policy 10-018

• Commands may temporarily limit access to any IbC for mission assurance reasons (i.e., to preserve network and operations security and/or mission essential bandwidth). Restricting access to any IbC will be justified by mission-related threats that cannot be overcome by reasonable IT configuration controls and must be approved by the respective Regional Commander.

19

NAVMED Policy 10-018

References

a) COMFLTCYBERCOM FT George G Meade MD: 201400Z Oct 10, Guidance for Access to Commercial Web-Based E-Mail from Navy Networks

b) Chief BUMED Memo 6000, Ser M6/10UM6112 of 5 Apr 2010, Current Department of Defense and Department of Navy Policy and Guidance on Internet-based Capabilities

c) Chief BUMED Memo 6000, Ser M6/10UM6161 of 26 Aug 2010, Clarifying Guidance for Department of Defense/Navy Medicine Policy on Internet-based Capabilities

20

DoD 5205.02-M: DoD OPSEC

• As a minimum, all personnel shall receive annual refresher OPSEC training that reinforces understanding of OPSEC policies and procedures, critical information, and procedures covered in initial and specialized training. Refresher training should also address the threat and techniques employed by adversaries attempting to obtain classified and sensitive information.

21

OPNAV 5239/14

• I understand that to ensure the integrity, safety and security of Navy IT resources, when using those resources, I shall not: – Participate in or contribute to any activity

resulting in a disruption or denial of service.

22

DoD 5500.7-R: Joint Ethics

• Use of Internet systems are authorized with provisions:– Do not adversely affect the performance of official

duties by the employee or the organization– Are of reasonable duration and frequency, and

whenever possible, made during personal time

23

Joint Publication 3-61

• Practice Security at the Source. All DOD personnel are responsible for safeguarding sensitive information. As sources of information, each DOD member should be aware of operations security (OPSEC) issues, whether being interviewed by the media or sharing information with family or friends.

24

Policies

• NAVMED Policy 10-018, Dec 10• ALNAV 056/10, Aug 10• ALNAV 057/10, Aug 10• DoD 5205.02-M: DoD OPSEC Manual, Nov 08• OPNAV 5239/14, Jul 08• DoD 5500.7-R: Joint Ethics, March 2006• Joint Publication 3-61: Public Affairs, May 05• BUMED Communications Directorate

Visit the M62 Portal

for more information!

Perception

• 5/12/2010 11:01:40 AM ETFacebook needs to be cut-off asap. -- A1C Garuccio, Whiteman AFB

• 5/10/2010 7:26:47 PM ETKeep in mind you can only expect from your Airmen the example you have set. If you sit on a computer all day they will too. -- SSgt A., Dyess AFB

http://www.af.mil/news/story.asp?id=123201643

Test of Knowledge

Test of Knowledge

• Is the recent Wikileaks spillage a violation of appropriate social networking use?

Test of Knowledge

• There have been approximately 145 PII related incidents reported within Navy Medicine in the past three years– 10% involving theft– 70% due to human error– 7% from mail handling– 13% cases of unauthorized access

• How many PII related incidents have been reported involving Social Media?

Test of Knowledge

• Which of the following internet-based capabilities can be used for official business?a. DKO

b. Personal email (e.g., Hotmail)

c. Jabber

d. Google Docs

e. FaceBook

f. None of the above

• Social networking sites are authorized for use across DoD

• With increased social networking comes increased responsibility

• Biggest threat is not the technology – it sits between the keyboard and the chair.

Summary

3117-19 February 2011 Leading NAVMED through PortfolioManagement.

Contact Information

• CDR Rich “Ski” Makarski• richard.makarski@med.navy.mil • Telephone

– Office: 202.762.0037– BB: 202.431.8734

3217-19 February 2011 Leading NAVMED through PortfolioManagement.

Questions

3317-19 February 2011 Leading NAVMED through PortfolioManagement.

BACKUP SLIDES

34

More Policies

• DoD 5400.11-R, DoD Privacy Program, 14 May 2007• DoD 5500.7-R, Joint Ethics, 30 Aug 1993• DoD 5205.02-M, DoD OPSEC Program Manual, 03 Nov

2008• SECNAVINST 5720.47B, DON Policy for Content of

Publicly Accessible World Wide Web Sites, 28 Dec 2005• DoDI 8500.2, IA Implementation, 06 Feb 2003• DoD 5200.1-R, Information Security Program, 14 Jan 1997• DoD Directive 5230.09, Clearance of DoD Information for

Public Release, 22 Aug 2008• Joint Publication 3-61, Public Affairs, 09 May 2005

35

Impact: Benefits

• These and other defense leaders recognize social media forums as the information tool of choice among the “millennial generation” -- 18-to-25-year-olds, many of whom don’t read newspapers, tune in to network news or visit official Web sites.

• In addition, they introduce a dynamic that leaders simply can’t get through traditional communication methods: unfettered two-way engagement.

By Donna Miles, American Forces Press Service WASHINGTON, July 10, 2009http://www.defense.gov/news/newsarticle.aspx?id=55087

Impact: Benefits

• The very day he assumed his post as NATO’s supreme allied commander for Europe last week, Navy Adm. James Stavridis reached out in a way none of the previous 15 NATO commanders had: he posted a blog.

By Donna Miles, American Forces Press Service WASHINGTON, July 10, 2009http://www.defense.gov/news/newsarticle.aspx?id=55087

Impact: Risks